惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
CERT Recently Published Vulnerability Notes
U
Unit 42
T
The Blog of Author Tim Ferriss
H
Hackread – Cybersecurity News, Data Breaches, AI and More
B
Blog RSS Feed
Microsoft Azure Blog
Microsoft Azure Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Securelist
L
Lohrmann on Cybersecurity
Blog — PlanetScale
Blog — PlanetScale
Recorded Future
Recorded Future
D
DataBreaches.Net
Spread Privacy
Spread Privacy
T
Threat Research - Cisco Blogs
I
Intezer
P
Palo Alto Networks Blog
Simon Willison's Weblog
Simon Willison's Weblog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
I
InfoQ
宝玉的分享
宝玉的分享
Security Latest
Security Latest
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
T
Threatpost
Cisco Talos Blog
Cisco Talos Blog
P
Proofpoint News Feed
博客园 - 司徒正美
H
Hacker News: Front Page
Y
Y Combinator Blog
爱范儿
爱范儿
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
NISL@THU
NISL@THU
月光博客
月光博客
有赞技术团队
有赞技术团队
Cloudbric
Cloudbric
酷 壳 – CoolShell
酷 壳 – CoolShell
G
Google Developers Blog
A
Arctic Wolf
博客园 - 【当耐特】
W
WeLiveSecurity
V
Visual Studio Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
V
V2EX
C
Cyber Attacks, Cyber Crime and Cyber Security
S
SegmentFault 最新的问题
The GitHub Blog
The GitHub Blog
The Cloudflare Blog
Stack Overflow Blog
Stack Overflow Blog

Search Security Resources and Information from TechTarget

How to operationalize threat modeling with AI | TechTarget CISO First fully agentic ransomware attack sparks readiness concerns | TechTarget Evaluating secure enterprise browsers vs. security plugins | TechTarget The AI vulnerability storm is here: Is your security program ready? | TechTarget Perimeter to posture: A roadmap to zero trust maturity | TechTarget TLS certificate lifetime changes: What CISOs must do now | TechTarget The agentic AI 8 key aspects of a mobile device security audit program | TechTarget Why mobile security audits are important in the enterprise | TechTarget Beyond the perimeter: The shift to data-centric protection | TechTarget How agentic AI threat intelligence aids NGO cyber defense: Case study | TechTarget How to conduct a mobile app security audit | TechTarget NO FAKES Act advances: What CISOs need to know | TechTarget What CISOs should know about AI runtime security | TechTarget As Q-Day looms, 90% of systems are unprepared for PQC | TechTarget A CISO Most security pros say their culture is Zscaler lays out its vision to secure the AI era at Zenith Live | TechTarget The OpenClaw security risks every CISO needs to know | TechTarget Cloud security metrics and KPIs: A CISO Florida public sector training on SimSpace cyber range: Case study | TechTarget Reporters' Notebook — Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security It's time to update incident response for the AI era How to build AI security guardrails without blocking innovation The prosecution gap: Why cybercrimes go unpunished AI in cyberdefense: Learning from threat actors' playbooks Top identity and access management risks CISO role changes as cyber-risk appetites in the C-suite grow CISO's guide to data minimization Researchers build autonomous AI worm that can reason and adapt How to secure data at rest, in use and in motion How to find cyber-risk data sources for a FAIR analysis Lost in translation: Cybersecurity board reporting for CISOs How to prepare security controls for future AI regulations EO 14390 raises stakes for enterprise cybersecurity First month of Mythos Preview testing exposes 10K flaws OT attacks shift from recon to physical control, raising stakes For CISOs, dawn of OpenAI Daybreak brings good and bad news Gartner Security & Risk Management Summit 2026: Adapting for AI | TechTarget Inside business email compromise attacks: Real-world examples Verizon 2026 DBIR: 6 key takeaways for CISOs Identity security for AI agents: The proliferation challenge How to build a business impact analysis checklist Taking care of business: The CISO's role in a cyber crisis What CISOs need to know about AI audit logs SOC vs. MDR: What CISOs need to consider Instructure cyberattack reignites ransom payment debate Transform SIEM rules with behavior-based threat detection CISO's guide: How to test an incident response plan How to implement zero trust for AI Data after the breach: Economics of the dark web The breakup: Why CISOs are decoupling data from their SIEMs | TechTarget News brief: Security worries and warnings as AI use expands How to construct an effective security controls evaluation 5 leading enterprise password managers to consider Claude Mythos changes the AI security threat matrix Buyer 6 things to check in your cyber insurance policy fine print How cyber insurance helped with breach recovery -- or not News brief: Critical infrastructure, OT cybersecurity attacks Tape's strategic role in modern data protection Top zero-trust use cases in the enterprise What every CISO should consider before a SIEM migration CISO's guide to centralized vs. federated security models Shadow code: The hidden threat for enterprise IT How to fix cybersecurity's agentic AI identity crisis 5 top SIEM use cases in the enterprise Top 8 e-signature software providers for 2026 How do digital signatures work? News brief: AI woes continue for security leaders Deepfake era demands proof-based security, not just awareness Is SOAR dead or alive? Sort of The push for digital sovereignty: What CISOs need to know Beyond awareness: Human risk management metrics for CISOs Cybersecurity in the age of AI means bigger, faster threats At RSAC 2026, AI optimism and anxiety -- and an MIA U.S. government Inside the SOC that secured RSAC 2026 Conference How to roll out an enterprise passkey deployment How to improve the SOC analyst experience -- and why it matters How contact centers detect and prevent fraud News brief: Iranian cyberattacks target U.S. water, energy CISO checklist: Cybersecurity platform or marketing ploy? RSAC 2026 Conference: Key news and industry analysis | TechTarget Next-generation firewall buyer's guide for CISOs Contact center monitoring best practices for CX leaders RSAC 2026: Cyber insurance and the rise of ransomware Agentic AI's role in amplifying and creating insider risks RSAC 2026 recap: AI security and network security trends Meaningful metrics demonstrate the value of cyber-resiliency What to know about red team testing and the law News brief: Iran cyberattacks escalate, U.S. targets named 5 top SOC-as-a-service providers and how to evaluate them Cloud security architecture: Enterprise cloud blueprint for CISOs Contact center compliance checklist for modern workforces How AI caught a malicious North Korean insider at Exabeam Watch your words: Tim Brown's advice for CISOs News brief: U.S. absence at RSAC sparks leadership concerns Network security management challenges and best practices 10 enterprise secure remote access best practices
Identity security at RSAC 2026: The new enterprise dynamics
2026-04-07 · via Search Security Resources and Information from TechTarget

Todd Thiemann

By

  • Todd Thiemann, Principal Analyst
  • Omdia

    Intelligence and advice powered by decades of global expertise and comprehensive coverage of the tech markets.

Published: 07 Apr 2026

As I was hanging out with more than 40,000 of my closest cybersecurity friends at RSAC Conference 2026 -- CISOs, practitioners and vendor leaders -- I learned the dominant theme was widespread adoption of AI agents. This has a variety of implications for identity and data security across its use cases, including adversaries using AI agents, security for AI agents and applying agents to improve cybersecurity tools. These are the key identity and security themes from the show.

Threat landscape: Increasing threat velocity

RSAC week kicked off with events from Microsoft and Google, and the consistent message that adversaries were using AI to increase the volume, speed and sophistication of their attacks. Long story short, adversaries are using AI to dramatically amp up their efforts. While the attacks might not be super-sophisticated today -- better phishing lures, etc. -- attackers will learn and get progressively better, especially because they can now deploy agents for malicious purposes.

While everyone has opinions on the risks and where the threats will emerge, these are early days for deploying AI agents, and the risks in the field have yet to emerge in volume. Researchers have found many vulnerabilities, but actual events or compromises causing significant business damage have yet to appear. Given how enterprises are embracing agentic AI across their businesses, it is a matter of when -- rather than if -- they will face attacks or incidents.

The increased attacker velocity with AI needs to be countered by defender velocity that is also powered by AI. The topics on most RSAC attendees' minds were how defenders can up their game using AI agents and ensuring that enterprises use agents securely.

Finding the signal in the AI security marketing noise

From a defender's perspective, the volume of the AI agent message was cranked to 10, but there was distortion coming out of the speaker. Signage blared "security for AI agents," but there was little clarity about the layers comprising a complete solution for AI agent security. An AI agent security stack has many layers: AI security posture management; data security, including data security posture management and data loss prevention; identity security -- i.e., governance, fine-grained access control, lifecycle management; and data and cyber-resilience for AI agents, including backup and recovery, ensuring AI infrastructure, retaining AI agent logs, etc.

The AI agent phenomenon is relatively new, and it will take time for enterprises, security practitioners and the cybersecurity ecosystem to figure out how the cybersecurity pieces fit together. The various technology providers are approaching it from different perspectives. When it comes to identity security for AI agents, three approaches stand out:

  • Cybersecurity platform players. Bigger cybersecurity players have a comprehensive "we will solve your AI agent issues" approach to solve the broad range of AI agent security challenges. That runs the gamut from prompt injection attacks and model poisoning to governing and securing agent identities. These players include Cisco, CrowdStrike, Microsoft, Palo Alto Networks/CyberArk and Thales.
  • Identity platform players. Enterprises have already invested in identity governance and administration, privileged access management, access management, identity security posture management and identity threat detection and response. It is a natural extension for vendors such as Delinea, SailPoint Technologies, Saviynt, BeyondTrust, ConductorOne, Teleport, Andromeda Security and Xage Security to expand their portfolios to manage and secure AI agent identities alongside existing platforms for securing and governing human and nonhuman identities.
  • AI agent identity management and security players. These are pure-play technology providers focused on the specific problem of AI agent identity security. They include Astrix Security, Barndoor AI, GitGuardian, Natoma Labs, Oasis Security, Token Security, and AppViewX and Eos Cyber.

Identity and security teams have a job to do and need to be ruthless about achieving their goals. Teams typically want to extract more value from the existing technology stack. However, if an incumbent platform doesn't solve the problem or meet their needs, teams are more than willing to consider a best-of-breed tool that will. Time will tell which approach predominates as the market distinguishes between strong AI agent identity tools that can work today and roadmaps that might require some patience.

Changing enterprise budget dynamics for AI agents

AI agents are a recent phenomenon, and the management and security of these initiatives frequently vary from other IT and security processes. While a CEO might tap a subordinate to lead the AI initiative -- and hand them a budget to do so -- conversations at RSAC underscored that the budget dynamics for AI agent security can differ. CISOs and CIOs continue to have budgets, but there is often a standalone AI budget that could be owned by a CDO, CTO or other C-level executive tasked with driving AI initiatives.

If you are a security or identity team leader, you need to help the enterprise AI leader grasp the business value of security and identity management needed for production AI agent deployment. Identity security teams, in particular, recognize that AI agents still have compliance obligations, require security best practices, and need common identity governance and management processes to deliver efficiency and scalability across the enterprise. The vendor community needs to arm its constituents with the information to make the case for security investments.

It is an amazing time to work in security; the dynamism of it can make your head spin. If you are a new technology player solving an interesting new identity or data security problem, or you have an innovative approach to an existing challenge, I would like to hear about it. You can reach me on LinkedIn.

Todd Thiemann is a principal analyst covering identity access management and data security for Omdia. He has more than 20 years of experience in cybersecurity marketing and strategy.

Omdia is a division of Informa TechTarget. Its analysts have business relationships with technology vendors.

Next Steps

Why identity is the new perimeter -- and how to defend it

Identity security tool sprawl: Origins and the way forward

Key identity and access management benefits

RSAC 2026 recap: AI security and network security trends

Dig Deeper on Identity and access management