RSA Conference 2026 opened this week in San Francisco with 40,000 attendees, 500+ exhibitors, and one topic consuming nearly every keynote, booth, and hallway conversation: AI agents.
Not AI as a feature. Not AI as a copilot. AI as an autonomous entity that acts on behalf of your organization — and that attackers can now wield at the same speed.
The consensus on the floor: cybersecurity has bifurcated into two simultaneous wars. One against human attackers armed with AI tools. One against — and for — the AI agents operating inside your own network.
The Offensive Side: 80% Automated Attack Chains
Cowbell SVP Matthieu Chan Tsin set the tone with research showing near-fully automated attack chains running at roughly 80% AI-driven autonomy. The stages — reconnaissance, discovery, exploitation — haven’t changed. The speed has.
“I think it’s time to let go of the old SLAs where companies give themselves 30, 60, or 90 days to patch or update systems,” Chan Tsin said at an ICR event at Nasdaq MarketSite. “We have to act with urgency.”
The implication for defenders: the window between vulnerability disclosure and exploitation is collapsing. Traditional patch cycles measured in weeks are now measured in hours.
The Defensive Side: Who’s Watching the Agents?
If the offensive story is speed, the defensive story is visibility. Multiple companies are converging on the same realization: organizations have deployed AI agents faster than they’ve built controls around them.
Token Security — an Innovation Sandbox finalist — is pitching intent-based security for AI agents. The core argument: permissions-based access control doesn’t work for non-deterministic systems. An agent with identical permissions can behave differently depending on its goal, its prompt, and its context. Token Security’s platform evaluates what an agent is trying to do, not just what it’s allowed to do.
AvePoint CSO Mario Carvajal is pushing the governance layer: “If we can’t operationalize governance and we can’t trust the foundation of our data, then how can we really receive the value of what AI is doing for your business?”
Noma Security CEO Niv Braun called it plainly: “We’re going to see multi-agent architecture more and more in the enterprise. It boosts amazing productivity. We just need to make sure we have the right controls in place.”
The Agent Security Landscape at RSAC 2026
Over the past three weeks leading up to the conference, we’ve tracked more than 25 agent-security product launches and announcements. Here’s the taxonomy emerging on the floor:
Discovery & Visibility
Companies tackling “how many agents do we even have?”
- AvePoint AgentPulse — Shadow agent discovery + governance
- Portal26 AMP — Agent management platform with ROI measurement
- Singulr Agent Pulse — Runtime governance for MCP servers
Identity & Access
Companies tackling “who is this agent and what should it be allowed to do?”
- Token Security — Intent-based security (RSAC Sandbox finalist)
- Okta for AI Agents — Agent identity management (launching April 30)
- HashiCorp — Agentic runtime security blueprint using Vault/Consul
- SailPoint + AWS — Agent identity governance
- ConductorOne — AI access management with MCP governance
Runtime Security
Companies tackling “what is this agent doing right now?”
- Zenity — Inline runtime security for Microsoft Foundry agents
- Proofpoint + Acuvity — Intent-based detection across endpoints/browsers/MCP
- Geordie AI — Agent-native security (RSAC Sandbox finalist)
- Manifold — Endpoint-level agent security
- Mimecast — Adaptive security for agent-era threats
Frameworks & Standards
Industry bodies providing the shared language:
- OWASP — Expanded agentic AI frameworks + hackathon at RSAC
- NIST — AI agent standards initiative
- Databricks DASF v3.0 — 97 risks, 73 controls, “Lethal Trifecta” framework
Data & Infrastructure
The foundation layer:
- Red Hat — BYOA blueprint with SPIFFE identity, Envoy-based MCP Gateway
- Cohesity — Enterprise AI resilience for rogue agent scenarios
- CrowdStrike + NVIDIA — Secure-by-design AI agent blueprint
Five Themes to Watch This Week
1. Intent beats permissions. Multiple vendors independently arrived at “intent-based security” — analyzing what agents are trying to accomplish rather than just checking access lists. This is the clearest signal of where agent security is heading.
2. Discovery is the first problem. Before you can secure agents, you need to know they exist. Shadow AI (agents deployed without IT knowledge) is the enterprise equivalent of shadow IT — but moving faster and with more autonomy.
3. Multi-agent ≠ multi-problem. Multi-agent architectures introduce cascading risk: if Agent A trusts Agent B, and Agent B gets compromised, the entire chain is tainted. Databricks’ DASF v3.0 explicitly addresses “communication poisoning” and “rogue agents outside monitoring.”
4. MCP is both the solution and the attack surface. The Model Context Protocol gives agents structured tool access — but also creates a new layer of vulnerability. Multiple RSAC talks address MCP server exploitation, SSRF through MCP, and tool-poisoning attacks.
5. The 45:1 ratio. Gartner’s stat that machine identities outnumber human identities 45-to-1 is becoming the defining metric of the RSAC conversation. Every agent creates identities, and every identity is a potential attack vector.
What This Means for OpenClaw Users
If you’re running a personal OpenClaw agent, you’re operating in the same trust model that enterprises are struggling with at scale — you’re just doing it with fewer moving parts.
The RSAC themes translate directly:
- Know your agent’s tools. Every MCP server you connect is an attack surface. Audit them. Keep the list minimal.
- Least privilege, always. Your agent doesn’t need access to everything. Scope its permissions to what it actually uses.
- Watch the sessions. Agent activity logging isn’t paranoia — it’s hygiene. Know what your agent did and when.
- Update aggressively. If the patch window for enterprises is collapsing from 90 days to hours, your personal agent’s dependencies deserve the same urgency.
RSAC 2026 runs through March 27. We’ll continue tracking major announcements relevant to the OpenClaw community.
Sources: ICR RSAC Preview at Nasdaq MarketSite, BizTech Magazine, Token Security announcement, March 2026