RSAC 2026 Conference Recap: The Power of Community

RSAC™ 2026 Conference celebrated its 35th anniversary this year, returning to the Moscone Center in San Francisco from March 23–26 under the theme "The Power of Community." Assembling more than 700 speakers, 570 sessions, 600 exhibitors, and nearly 44,000 attendees, RSAC 2026 once again served as the industry's largest and most important annual gathering, and four days of events and conversations made it clear that community is the only credible answer to the threat landscape taking shape right now. In the words of the conference’s Senior Vice President, Linda Gray Martin, “RSAC Conference continues to empower the global cyber ecosystem and remains the place for where the world talks security.”

The Signal from the Floor: AI, Everywhere

One word defined RSAC 2026: AI, as a structural force reshaping nearly every dimension of cybersecurity. The conversation has matured well past anticipating or predicting the role of AI, so the questions dominating sessions were practical and urgent: How do you govern AI you've already deployed? How do you defend against attackers who are using it faster than most organizations can respond?

SANS Institute addressed these concerns in real-world terms with the release of the third annual Cybersecurity Workforce Research Report by SANS | GIAC, presented on Monday, March 23 by SANS Chief AI Officer and Chief of Research Rob T. Lee and SANS CEO James Lyne. Drawing on responses from nearly 950 practitioners, leaders, and HR professionals representing more than 20 industries across the globe, the report painted a candid picture of an industry in transition.

The numbers were striking. 74% of organizations reported that AI is actively reshaping how teams are composed and how roles are defined, yet only 21% have a comprehensive framework for governing it. AI security training in particular is a case of “policy without practice,” with 54% of organizations surveyed having policies on paper, but only 38% offering comprehensive training.

The report describes the current gap in training as a "perfect storm" driven by overwhelming demands on time and workload, caught in a feedback loop with unregulated Shadow AI and the threat of automation “eating” training pipelines. The impact is measurable, with one in four organizations reporting security breaches as a direct result of skills gaps.

Looking to the future, the report offers actionable recommendations for governance, talent pipelines, compliance, and leadership, backed by case studies from Microsoft, Bayer, and CSA Singapore. Discussing these findings together with the community at RSAC is part of building and ensuring a future where defenders are ready at machine speed, making sure organizations know to invest in the right skills and governance now.

The SANS Keynote: The Five Most Dangerous New Attack Techniques: Crucial Tips for Defenders

"We would be lying to you if we pointed out a trend in attacks that did not involve AI. That is just where we are in this industry," SANS Technology Institute President Ed Skoudis told the audience at this year's flagship RSAC 2026 keynote. For the first time in the history of SANS’ Most Dangerous New Attack Techniques briefing, every single one of the five involves AI.

Joshua Wright, Robert M. Lee, Heather Barnhart, and Rob T. Lee presented on attacks that span the “twin crises” of speed and comprehension created by AI:

1. AI-generated zero days have arrived at industrial scale. AI has collapsed the cost and complexity of developing zero-day exploits, making broad exploitation campaigns economically viable for far less sophisticated actors. Accelerating patch management and integrating detection tools powered by AI are now baseline requirements.
2. Supply chain risk is exploding in scope, amplified by the scale and speed of AI capability. 65% of organizations experienced a software supply chain attack in 2025. Wright's deconstruction of the 7-Zip archive utility revealed more than 300 unique dependencies, any of which could be compromised and made malicious. The attack surface extends across every vendor, update channel, and developer tool an organization depends on.“It’s the vendor’s software and their vendors’ software. It’s the entire ecosystem of software supporting that threat,” said Wright.
3. Root cause analysis is a crisis in OT environments, creating dangerous blind spots in critical infrastructure, where recovering correctly can be more urgent than recovering quickly. As industrial environments have shifted to homogeneous, software-defined architectures, attacks have scaled up, and the human expertise required to analyze the infrastructure has eroded. The rapid adoption and integration of agentic AI may muddy the waters further and leave industries dangerously dependent on short-lived vendors.
4. Irresponsible use of AI in digital forensics is creating a new failure mode within security teams. Barnhart drew on her own high-stakes casework to demonstrate how different the outcome might have been if left to AI, which “cannot find what it doesn't know to look for,” and introduces hidden uncertainties where investigators can’t afford them. Barnhart announced two new frameworks for integrating AI into investigations responsibly, one mapped to SWGDE guidelines for digital forensics and one mapped to NIST CSF 2.0 for incident response.Barnhart said, “AI is not going to take your job. However, if you learn to use AI to make yourself more powerful, you will steal that person’s job.”
5. Autonomous defense is an arms race, becoming a strategic imperative as AI expands the attack surface and accelerates attack workflows. Rob T. Lee used SIFT Workstation — an AI-augmented open-source forensics platform built on the SANS Institute’s Protocol SIFT initiative — to demonstrate analysis in 14 minutes and 27 seconds that a human analyst would require three days to accomplish. Lee announced an upcoming Hackathon aimed at strengthening Protocol SIFT, emphasizing that a self-reinforcing community is irreplaceable: “The adversaries, because there’s three or four of them, can’t hold hackathons … We have this structural advantage.”

Looking Ahead

RSAC 2026 Conference marked 35 years of community by looking both back and forward for inspiration. The inaugural Test of Time Awards honored cryptographic research from the conference's earliest years, recognizing work whose influence has only grown with time. The inaugural Frontier Award, presented to quantum networking researcher Dr. Maria Spiropulu, pointed toward the breakthroughs still ahead.

RSAC Conference made clear that the industry is shifting, but that moving together allows us to move with purpose. The defender community has a structural advantage that attackers simply can't replicate: the ability to pool knowledge and respond collectively at scale. Organizations that invest in building the right capabilities now will be better positioned to respond at the speed the threat landscape demands.

If you're ready to translate the themes of RSAC 2026 into real-world capability, you can start by joining the SANS community to access expert resources and insights, or connect with us to develop a personalized skill development plan aligned to your role or your team’s priorities.