Human vs AI: Debates Shape RSAC 2026 Cybersecurity Trends
Summary
RSAC 2026 opened under a heavy AI shadow: vendors pushing more ambitious, agentic AI use cases and senior security leaders debating how much human oversight is realistic or even possible. Alex Culafi from Dark Reading reported that AI dominated conversations on the show floor, even as government representation was notably thin this year. Major themes included the shift from human-in-the-loop to human-on-the-loop approaches, the maturation of AI-driven security tools, continued supply-chain threats against open-source ecosystems, and a shift in criminal tactics from encryption to data theft.
Key Points
- AI remains the dominant theme at RSAC 2026, with vendors increasingly promoting agentic systems that act with more autonomy.
- Debate is growing over human-in-the-loop versus human-on-the-loop: some CISOs argue full human oversight doesn’t scale against fast-moving threats.
- Government presence at RSAC was noticeably reduced, limiting public-sector input in conference debates.
- Supply-chain attacks targeting open-source packages (worms and info-stealers) are a rising and persistent risk.
- Ransomware trends look somewhat positive — fewer and smaller payments as organisations improve defences — but data theft remains a major concern.
- Threat actors are shifting to quieter, more evasive techniques (living-off-the-land, EDR disablement) rather than loud, noisy payloads.
- The industry faces a crossroads: adopt more autonomous AI to match adversary scale, or insist on human oversight despite rising operational strain.
Content Summary
The article recaps day-one coverage from RSAC 2026, led by observations from Dark Reading’s Alex Culafi. AI was everywhere: on billboards, in sessions and on vendor pitches — now leaning toward agentic capabilities that could augment or replace parts of security operations. Culafi flagged Vodafone’s global CISO advocating a move to “human on the loop” because human-in-the-loop isn’t seen as scalable. The piece also covers the quieter but dangerous rise of supply-chain malware in open-source ecosystems and notes that while ransomware payments are declining as defences improve, attackers increasingly focus on data theft. The absence of CISA, FBI and other government representatives was also highlighted as a notable gap in the conversation.
Context and Relevance
This coverage matters because it captures an industry inflection point: defenders must decide whether to cede more operational control to AI to keep pace with adversaries who themselves are scaling with AI. The debate influences procurement, SOC design, incident response strategy and regulatory expectations. For security leaders and practitioners, the trends flagged at RSAC foreshadow where budgets, hiring and risk assessments will shift over the next 12–24 months.
Author’s take
Punchy: This isn’t just vendor hype — the human-in/ on-the-loop argument could redraw how SOCs operate. If you care about staffing, risk appetite or tool selection, the details here are urgently worth a read.
Why should I read this?
Short version: because it tells you where the market and thinkers are pushing next. If you’re tired of vendor noise and want a snapshot of practical tensions — scaling defences, staffing limits, and supply-chain nastiness — this gives you the headlines without the slog.