The RSA Conference, the world’s largest cybersecurity gathering, held its 35th annual edition at the Moscone Center in San Francisco on March 23–26 under the theme “The Power of Community.” The event brought together more than 43,500 attendees from over 100 countries, with 700+ speakers across 570+ sessions, 600+ exhibitors, and 32 keynotes on two stages. AINsf shares the main takeaways from the conference.

This year’s edition was the first under new CEO Jen Easterly, the former director of the US Cybersecurity and Infrastructure Security Agency (CISA), who took over the organization in January. It was also notable for who wasn’t there: US federal agencies, including CISA, the NSA, and the FBI, skipped the conference this year.

One topic ruled the agenda

If RSAC 2025 was about AI in general, RSAC 2026 was about AI agents — both securing them and putting them to work in security operations. The keynote lineup made that plain:

  • Jeetu Patel (Cisco) laid out a security model for the “agentic workforce”: protect the world from agents, protect agents from the world, and respond at machine speed.
  • Vasu Jakkal (Microsoft) pointed to IDC projections of up to 1.3 billion AI agents by 2028 and argued for “always-on, self-defending” architectures.
  • Sandra Joyce (Google Threat Intelligence) shared a striking stat: the time attackers need from initial access to hand-off has collapsed from 8 hours in 2022 to 22 seconds in 2025.
  • George Kurtz (CrowdStrike) reported the fastest recorded adversary breakout time is now 27 seconds, and described “ClawHavoc” — the first major supply-chain attack on an AI-agent ecosystem, in which hundreds of malicious agent skills were found in a public registry.

Guest keynotes featured former New Zealand Prime Minister Dame Jacinda Ardern in conversation with Easterly on crisis leadership, plus Ben Horowitz, author Michael Lewis, and Adam Savage. Hugh Jackman closed the anniversary edition in a conversation with RSAC executive chairman Dr. Hugh Thompson.

Who won the Innovation Sandbox?

The Innovation Sandbox startup contest, held on the conference’s first day, was won by Geordie AI, a security and governance platform purpose-built for AI agents that gives enterprises a real-time view of their “agentic footprint.” Notably, all ten finalists — including Charm Security, Clearly AI, Crash Override, Token Security, and ZeroPath — build AI-focused products, making it the most AI-heavy cohort in the contest’s 21-year history. Each finalist received a $5 million uncapped SAFE investment from Crosspoint Capital.

Vendor announcements

The expo floor followed the keynotes’ lead. CrowdStrike launched Charlotte AI AgentWorks for building custom security agents, with Anthropic, OpenAI, NVIDIA, and AWS among launch partners. Palo Alto Networks extended its Prisma AIRS platform to AI agents, adding agent red teaming and runtime detection of memory poisoning. Microsoft announced its Agent 365 control plane for governing AI agents (generally available May 1) and Entra Agent ID, a dedicated identity system for agents. Cisco released DefenseClaw, an open-source framework for scanning and sandboxing agent skills and MCP servers, and introduced six AI agents for Splunk Enterprise Security.

The next RSA Conference will take place on April 5–8, 2027, again at the Moscone Center in San Francisco.