My First RSA: Agents, Challenges, and Community

I am no stranger to conferences, and certainly no stranger to security conferences. Over the years, BlackHat and DEFCON have both become staples of my calendar. But this year brought a new one to the list: RSA, and it truly lived up to the hype. The show floor was full of bright lights, fancy booths, and yes, tattoos, if you knew where to find them. But most of all it was filled with a real drive to tackle the real world challenges facing the industry today, and top of mind for everyone was securing agentic AI.

In my experience from events over the past year and a half, we've gone from conversations and questions around “what is an AI agent" to now actionable and technical conversations around how we should go about securing these things. People’s opinions are now based on real use cases, personal experiences, and community learnings.

While supporting the Zenity booth, I was pleasantly challenged with questions and technical points of conversation that focused on the Zenity approach, how it's different, and especially how it actually works. The shift from "what is this?" to "how does your solution handle this specific problem?", is a meaningful one. It signals that the industry has crossed a threshold. Agentic AI is no longer theoretical. It's deployed, it's in production, and the people on that show floor knew it.

Conversations Around AI Governance

So, while there was a vast improvement in the practice of securing agentic AI, one theme I felt was stuck in the past was AI governance. I had multiple conversations with different people around the practice of AI Governance and its challenges in catching up. It's always interesting to me that some will firmly stand on the hill that AI Governance needs to ensure we can walk before we run (so they say), meaning that the strict focus on AI Governance being on model security alone is almost a necessary siloed emphasis. Yet here we were, having these discussions on the show floor, where the conversation was firmly grounded in the fact that we are already running, with AI Agents at the center of the race. I kept walking away with a clear recognition that we still have a ways to go to help the governance community expand its focus to incorporate AI Agents into their standards, while the train is already in motion, rather than allowing those gaps to form before frameworks even have a chance to arrive. The cost of waiting isn't a delayed standard. It's a security debt that compounds with every agent deployed in the meantime.

The Race is On: Securing Agentic AI

Obviously, staffing the booth brings a multitude of conversations, even though they can tend to drift in the same direction. Another key theme that came through for me was the fact that many security vendors, and even some forward thinking security practitioners, are developing their approach to securing Agentic AI.

Multiple times I had people walk up and say, “I’ve already heard the securing agentic AI pitch 5 times today, how do you do it differently?” This is always a fun way to kick off a product demo, by the way.

So everyone is focused on this challenge, and developing different ways to tackle it. I enjoyed being able to walk security and technology pros through the full lifecycle story that Zenity covers, and also got to hear a lot about how others are approaching the topic.

My takeaway here was that, while agentic AI security is still new, people are striving for a holistic and longer term security approach to tackle the issue. And I’m sure by next year the more proven paths forward will be even more battle tested and ready for showcasing.

The End of the Beginning: The Future of AI

Our CTO and co-founder Michael Bargury, had a great line in summary of his insights on this year’s event: It’s the end of the beginning.

I truly felt this through every conversation I had. This theme extended beyond how we are going to secure agentic AI, and often quickly blossomed into how YOU are using AI. The idea that every business, every process, every person has the opportunity to embrace the disruption provided through AI was an often unspoken vibe. I’d be in conversation with someone, discussing how AI helps me, and how I think it can help even the smallest of organizations.Typically the conversation would would drift into a thoughtful pause, leaving all participants with a glazed look of anticipation, anxiety, and excitement for what the future will bring before we brought it back to either another topic or wrapped up. It sounds far-fetched, but the sheer number of very different conversations with all sorts of people that trended this way has very shaped my own outlook as a believer in the future.

Don’t Forget the Side Events

On a more personal note, this was my first RSA, and I was honored to have been named a finalist for the SC Media Security Executive of the Year award. It was a pleasure to attend the reception and cheer on the winners and the nominees. While I didn't take the award this time, it was an incredible win to simply be included among that group. It was also a pleasure to take the stage with my fellow OWASP core contributors during the second half of the OWASP GenAI Security Summit to discuss all things AI Agents and the Agentic Security Initiative.

The Connection of Community

The common thread I felt between these side events and throughout the entire conference was, truly, community. There's a real personal connection folks have in attending RSA. Whether they meet up with people they haven't seen in years or people they've only ever met virtually, everyone is friends with someone, and the connections made seem to make the fantastically frantic cadence of this event worth it year after year.

If this year's RSA was any indication, the industry isn't waiting for permission to move forward on agentic AI. The conversations have matured, the use cases are real, and the urgency is palpable. The next frontier isn't getting people to understand what agents are — it's making sure the frameworks meant to govern them don't show up late to a party that's already well underway. I'll see you there next year.

If you want to join me in continuing these great conversations, save your seat for our upcoming webinar, on April 2, 2026, From RSA to Reality: AI Agent Security in the Enterprise.