● SecurityWeek 📅 24/03/2026 à 16:57

RSAC 2026 Conference Announcements Summary (Day 1)

Cybersécurité 👤 SecurityWeek News
Illustration
As hundreds of vendors descend on San Francisco for the RSAC 2026 Conference, the sheer volume of news can be overwhelming. To help you navigate the noise, SecurityWeek is providing a daily digest of the most significant announcements. Below is our curated roundup of essential product and service updates, along with reports from the first day of the event. A roundup of announcements from the days leading up to the conference is also available. Acalvio releases cyber deception framework Acalvio has released 360 Deception, a cyber deception framework designed to break AI-driven attack automation. By incorporating 360 Deception into their existing tech stack, organizations will be able to disrupt AI-driven threat campaigns and expose malicious intent before compromise occurs. 360 Deception makes cyber defense dynamic and extends it to real assets. The platform creates a high-uncertainty environment that exposes attackers early by disrupting the stable ground truth that automated attack tools depend on. Apiiro expanding capabilities of its AI coding security agent Application security startup Apiiro announced that it is expanding the power of its AI coding security agent, Guardian Agent, with a new capability to identify security and compliance risks before code is ever written, called AI Threat Modeling. Apiiro AI Threat Modeling generates architecture-aware threat models from specs and tickets, enabling teams to identify and fix risks before code is written. By identifying risks earlier, teams can reduce rework, avoid late-stage delays, and keep development moving without adding new security bottlenecks.Advertisement. Scroll to continue reading. Arctic Wolf announces new Aurora platform and agentic SOC Arctic Wolf announced the availability of the new Aurora Superintelligence Platform, designed to accelerate the adoption of AI across cybersecurity. Built on a transformative agentic framework called the Swarm of Experts, the platform helps IT and security teams rapidly and confidently adopt Agentic AI to solve the trust and reliability challenges that have slowed adoption in cybersecurity. Arctic Wolf also announced the availability of the new Aurora Agentic SOC. Built on the Aurora Superintelligence Platform, the Aurora Agentic SOC combines Arctic Wolf’s Concierge Experience with turnkey agentic AI. Arctic Wolf also announced a partnership with cloud security firm Wiz to deliver a new integration between Wiz solutions and the Aurora Superintelligence Platform. ArmorCode and Purple Book Community release new research ArmorCode, in partnership with the Purple Book Community, released The State of AI Risk Management 2026, highlighting a growing “confidence gap” between perceived AI security readiness and actual operational risk. Based on a survey of more than 650 cybersecurity leaders, the report reveals that while 90% of organizations claim visibility into their AI footprint, 59% admit or suspect shadow AI is operating outside of governance processes. At the same time, 70% report vulnerabilities introduced by AI-generated code already making their way into production environments. Astrix adds AI agent discovery and policy enforcement to platform Astrix has expanded its platform with a four-method AI agent discovery architecture and a real-time policy engine designed to give security teams full visibility and control over AI agents running across the enterprise. Discovery is handled through four complementary approaches: direct integrations with AI platforms, non-human identity fingerprinting to surface shadow agents authenticating via credentials, telemetry ingested from existing endpoint and network sensors, and a bring-your-own-service option for homegrown or non-standard deployments. A new Agent Policies feature lets security teams define allow, flag, and block rules scoped by user, department, platform, and resource type, evaluated before an agent action executes. BeyondTrust expands capabilities across its Pathfinder Platform BeyondTrust has expanded capabilities across its Pathfinder Platform to deliver a unified approach to securing AI agent coworkers that operate alongside users, as well as autonomous AI workloads executing at scale across cloud and SaaS environments. New capabilities include endpoint privilege enforcement for AI coworkers, AI agent discovery and risk analysis, and secrets management for autonomous agents. The company also announced new threat research from BeyondTrust Phantom Labs, which found that the majority of enterprises are running shadow AI agents with privileged access that security teams cannot see or govern. Black Duck announces general availability of Signal Black Duck has announced the general availability of Black Duck Signal, an application security solution designed to secure AI-generated code and agentic development workflows. Signal delivers AI-native security designed to reason, validate, and remediate risk at the speed and scale of modern development. Built on an agentic architecture powered by multiple best-in-class LLMs and enhanced by Black Duck’s Context AI, Signal brings contextual security reasoning directly into development workflows. Broadcom launches Symantec CBX Broadcom has announced Symantec CBX (Carbon Black XDR), a cloud-based platform that merges capabilities from its Symantec and Carbon Black product lines into a single XDR solution. The platform combines Symantec’s prevention, Adaptive Protection, data security, Cloud SWG, and Incident Prediction features with Carbon Black’s EDR technology, providing coverage across endpoints, networks, and data. CBX uses AI to correlate signals across those attack surfaces into high-confidence incidents, and includes an Incident Prediction capability that attempts to forecast an attacker’s next four to five moves. Symantec CBX is expected to be available later this year. Cloud Security Alliance launches CSAI FoundationThe Cloud Security Alliance (CSA) has established CSAI, a dedicated 501(c)3 non-profit foundation focused exclusively on AI security and safety, with a stated mission of securing the agentic control plane (covering identity, authorization, orchestration, runtime behavior, and trust assurance for autonomous AI agent ecosystems). CSAI builds on CSA’s existing AI Safety Initiative and will operate six programs: an AI Risk Observatory for threat intelligence and CVE tracking specific to agentic AI; best practices guidance covering identity-first controls, runtime authorization, and privilege governance for non-human actors; education and credentialing including three new TAISE certification tracks; a CxO collaboration program for enterprise security executives; and a global assurance program. Cisco extends Zero Trust Access to AI agents Cisco has introduced agent discovery in Identity Intelligence, agentic IAM capabilities in Duo, and Model Context Protocol policy enforcement with adaptive risk protection in Secure Access. These features enable registration of agents mapped to human owners, fine-grained task-based permissions, and routing of tool traffic through an MCP gateway for full visibility and governance. Cisco also released ‘AI Defense: Explorer Edition’ for self-serve red teaming of models and applications, including dynamic adversarial testing against prompt injection and jailbreaks. In addition, the company launched the open-source DefenseClaw framework for automated scanning, inventory, and sandboxing of agent skills and assets, as well as an Agent Runtime SDK for embedding policy enforcement at build time across major frameworks. Commvault announces expanded Microsoft Security integration Commvault announced an expanded integration with Microsoft Security to better connect threat detection with trusted recovery. The new integration uses Microsoft Sentinel, Microsoft Security Copilot, and the Commvault Cloud platform to streamline resilience operations and enable real-time data insights, helping organizations move quickly from identifying a threat to validating and restoring clean data faster with greater confidence. ConductorOne announces AI Access Management extension ConductorOne announced its AI Access Management product extension, a unified control plane for managing access to AI tools, agents, and MCP connections across the enterprise. The platform enables organizations to accelerate AI adoption while maintaining full visibility, policy enforcement, and compliance. Cribl adds background detection to Cribl Guard Cribl has introduced background detection for Cribl Guard, an AI-driven capability that continuously scans in-flight logs, traces, and events to identify previously unknown patterns of PII, secrets, and regulated data. The detection model runs entirely within Cribl Workers, meaning sensitive data is analyzed inside the customer’s own infrastructure rather than being sent to an external service. When a new pattern is detected, findings are surfaced in the Cribl interface with full event context, and security teams can convert a finding into an active Guard rule in a single action. CrowdStrike announces platform enhancements CrowdStrike announced new platform innovations that extend AI agent discovery, shadow AI governance, and runtime threat detection directly from the endpoint – the point of AI execution – to every surface where AI agents operate across SaaS, browser, and cloud environments. CrowdStrike also announced that its Falcon Next-Gen SIEM now ingests and correlates Microsoft Defender for Endpoint telemetry, enabling Microsoft endpoint customers to modernize security operations without deploying additional sensors. CrowdStrike also unveiled native Falcon Onum real-time data pipelines, federated search across third-party data stores, third-party intelligence integration, and its Query Translation Agent. CyberProof unveils Reveal360 Hub CyberProof announced the availability of CyberProof Defense Center (CDC) Reveal360, a centralized visibility hub that delivers continuous insights into enterprise security posture, service performance, and operational outcomes to help teams understand what their security program is delivering. CDC Reveal360 brings together threat, defense, exposure, and asset estate data from across cloud and security ecosystems into configurable, persona-aligned workspaces that evolve as the environment changes. Dataminr launches Dataminr for Cyber Defense Dataminr launched Dataminr for Cyber Defense, an agentic AI solution designed to move the SOC from reactive triage to predictive intelligence. By fusing internal telemetry with external signals, the solution autonomously investigates and financially quantifies risk. Dropzone AI launches AI Threat Hunter Dropzone AI has introduced AI Threat Hunter, a new autonomous agent designed to continuously and proactively search for security threats across an organization’s environment without increasing workload. The tool automates complex threat hunting processes, analyzing large datasets, investigating anomalies, and integrating across security platforms. By reducing the time needed to conduct investigations, the AI Threat Hunter expands SOC capabilities, allowing human analysts to focus on higher-value strategic work while improving overall security visibility and response. Fenix24 launches Argos99 asset intelligence and resiliency platform Fenix24 has debuted Argos99, its asset intelligence and resiliency platform, now available as a standalone SaaS offering. Originally developed by Fenix24’s recovery teams during real-world breach restoration efforts, Argos99 ingests and correlates telemetry from more than 60 cloud and on-prem data sources to deliver real-time visibility into an organization’s assets, how they operate, and how they depend on one another. Argos99 was built from hundreds of real-world incident response engagements to address that exact problem. The platform was reverse engineered by the Fenix24 team using insights gained from breach restoration efforts to both dramatically accelerate ransomware recovery and provide critical resiliency intelligence for organizations who want to invest in their cyber resiliency in advance of an attack. Flashpoint announces new capabilities Flashpoint is announcing three new capabilities designed to connect threat intelligence more directly to asset risk and operational workflows. The first is a threat-informed External Attack Surface Management (EASM) module that continuously discovers internet-facing assets and automatically maps them to Flashpoint’s vulnerability intelligence. The second is an in-platform Priority Intelligence Requirements (PIRs) feature that lets teams formally tie alerts, investigations, and reporting to defined business risk priorities. The third is a new anonymous browser within Flashpoint Managed Attribution that provides an isolated environment for investigating underground forums, suspicious links, and threat actor activity. F5 and Forcepoint partner to secure enterprise AI Forcepoint and F5 announced a new alliance to help enterprises secure AI across its lifecycle—from foundational data discovery and classification through runtime protection and continuous assurance. Forcepoint’s AI-native Data Security Posture Management (DSPM) data discovery and classification capabilities combined with F5 AI Red Team and F5 AI Guardrails functionality in the F5 Application Delivery and Security Platform (ADSP) will provide runtime protections for AI applications, APIs, models, and agents help organizations operationalize AI safely while maintaining control and visibility over sensitive enterprise data. Forescout unveils network segmentation capabilities and publishes report Now available within the Forescout 4D Platform, Forescout’s new agentless, cloud-native network segmentation capabilities help organizations model and validate zones based on device identity, function, behavior, and risk. Forescout also published its 2026 Riskiest Connected Devices Report, which shows that network infrastructure now surpasses traditional endpoints in overall risk. Among the topline findings, financial services now has the highest average device risk of any industry — more than three times that observed in retail and significantly higher than government and healthcare. Geordie AI introduces AI agent remediation suite Geordie AI has released a new solution for managing AI agent risk through context engineering. Geordie’s new remediation suite, named Beam, assesses risk and continuously feeds mitigation back to the agent using context-based controls. Google Cloud unveils agentic AI security strategy Google Cloud is debuting a suite of AI-powered security innovations designed to transition organizations toward an ‘Agentic SOC’. These updates integrate frontline threat intelligence directly into autonomous AI agents to automate complex investigation and response tasks. Illumio announces new enhancements to Insights Illumio is delivering new enhancements to Illumio Insights to expand how lateral movement risk is exposed and mitigated, anchored by the introduction of Network Posture. By further enriching its AI security graph, Illumio now delivers system-wide, real-time visibility across hybrid, multi-cloud, and OT environments, surfacing end-to-end attack paths and showing where risk must be prioritized and mitigated. Intel 471 announces cyber threat exposure bundle Intel 471’s Cyber Threat Exposure Bundle brings together three core capabilities (Attack Surface Exposure, Third-Party Exposure and Brand Exposure) into a single, intelligence-driven solution on the Verity471 platform. With this unified approach, security teams can close visibility gaps across complex external environments and turn high-fidelity threat intelligence into clearly prioritized remediation actions. The solution continuously discovers internet-facing assets, monitors vendors, detects brand impersonation and applies intelligence-led prioritization by enabling streamlined remediation and more proactive threat management. Keeper Security launches KeeperDB Keeper Security has officially launched KeeperDB, a new vault-embedded database access capability that enables secure, policy-controlled database interactions directly from the Keeper Vault. KeeperDB enables developers, database administrators and security teams to work with sensitive data through a unified interface that simplifies workflows while maintaining strict access governance. KeeperDB broadens KeeperPAM with a vault-native interface that unifies database session management within the zero-trust and zero-knowledge platform. By embedding database access directly into the Vault, KeeperDB helps reduce credential sprawl, standardize database access workflows and strengthen audit readiness across cloud and on-prem environments. Kiteworks launches Compliant AI Kiteworks has released Compliant AI, a governance layer that enforces attribute-based access control (ABAC), FIPS 140-3 validated encryption, and tamper-evident audit logging on every AI agent interaction with regulated data, independent of the underlying model, prompt, or agent framework. Controls are applied at the data access layer via four checkpoints: agent authentication, ABAC policy evaluation at the operation level, FIPS 140-3 encryption in transit and at rest, and full audit logging fed directly into the organization’s SIEM. The product ships with three Governed Agent Assists: a Folder Operations Assist for navigating and managing folder hierarchies, a File Management Assist for handling the full data lifecycle in line with retention and disposal requirements, and a Forms Creation Assist for generating governed data collection forms from natural language. Lumu introduces new Defender capabilities Lumu announced new capabilities to its flagship NDR solution. Lumu Defender now extends Continuous Compromise Assessment beyond the network to include endpoints, cloud environments, and user behaviors. Lumu continuously confirms whether an organization is compromised by observing live network activity and validating it against known malicious infrastructure. By linking confirmed malicious communications to identities, endpoints, cloud services, and email, Lumu delivers real-time Continuous Compromise Assessment across the environment. NVIDIA describes OpenShell runtime NVIDIA has explained how the new NVIDIA OpenShell runtime is being built to provide tools for controlling autonomous agents in an infrastructure policy layer, adding security in the environment, rather than the model or application layer. Currently in early preview, the OpenShell runtime is being developed as organizations are rapidly defining their strategies for long-running AI agents such as OpenClaw. Instead of relying on behavioral prompts, OpenShell enforces constraints on the environment the agent runs in, so security policies are out of reach of the agent — they’re applied at the system level. Operant AI releases Agent ScopeGuard and launches partnership program Operant AI has released Agent ScopeGuard, a new capability within its Agent Protector product that enforces operational boundaries for AI agents at runtime, blocking out-of-scope actions before they execute. ScopeGuard enforces boundaries at the infrastructure level using GPU-accelerated processing, evaluating every agent action against a defined policy in real time. Security teams can configure per-agent scope policies specifying which data sources, APIs, workflows, and data types each agent is authorized to access or modify. Operant AI also launched an AI Infrastructure Ecosystem Partnership Program, through which the company will integrate its runtime security capabilities directly into the inference stacks of AI infrastructure providers. OmniTrust launches with Trust Lifecycle Management platform OmniTrust (formerly Integrity Security Services) has officially launched as an independent entity and unveiled its Trust Lifecycle Management (TLM) platform. The platform
← Retour