RSA Conference 2026: What the Security Community Is Saying About AI Governance
RSA Conference 2026 made one thing unmistakably clear: AI governance is no longer a future agenda item. It’s the present problem the security community is trying to solve in real time.
The conversations we had on the floor, in sessions, and in side meetings reflected an industry at an inflection point. Security leaders are moving past awareness — they understand the challenges — and pressing hard for answers that actually work at enterprise scale.
Four themes defined the conference this year.
Theme 1: “We Secured AI for Developers. Now We Need to Secure AI in Operations.”
The first generation of AI security investment focused on protecting AI development: securing model training pipelines, preventing data leakage into third-party models, managing shadow AI in developer tooling.
That work isn’t finished, but it’s becoming familiar. What dominated conversation at RSA 2026 was the second-generation problem: securing AI in production operations.
The Operational AI Security Gap
Enterprises have deployed AI agents that send emails, provision infrastructure, analyze security telemetry, and respond to customer inquiries. These agents operate autonomously, at scale, with real system access. And in most organizations, they’re governed by policies that weren’t designed with autonomous agents in mind.
The specific gap we heard about repeatedly: privileged AI actions. When an AI agent performs an operation that would require MFA or approval for a human user, how does that get handled? Most organizations have honest answers — the human-in-the-loop controls that apply to people don’t apply to agents, because agents can’t perform MFA. The controls simply don’t reach the new access patterns.
What Organizations Are Doing About It
The most advanced organizations we spoke with are building intent-level access controls for AI agents — defining what an agent should be capable of in terms of business purpose rather than specific technical permissions. The shift from permission-based to intent-based access is the same shift from policy-as-code to Policy as Prompt, applied to identity and access management.
Theme 2: Compliance Frameworks Haven’t Caught Up — And Security Teams Are Navigating the Gap
Multiple compliance frameworks are in the process of incorporating AI governance requirements, but the timelines are long and the specifics are still being written. SOC 2, ISO 27001, and NIST are all in various stages of updating their guidance for AI systems.
This leaves security teams in a difficult position: compliance auditors are asking about AI governance, and there’s no single authoritative framework to point to.
The Auditability Problem
Several CISOs we spoke with raised the same concern: their auditors want evidence that AI systems are governed, but the typical evidence formats — policy documents, configuration screenshots, audit logs — don’t translate naturally to AI agent behavior.
How do you demonstrate to an auditor that your AI agent is complying with your data handling policies when the agent makes hundreds of decisions per hour and its “actions” are responses in a language model rather than discrete system operations?
Intent-Based Governance as an Audit Bridge
The organizations navigating this most effectively are the ones that have formalized their AI governance as explicit intent statements — “this agent may access customer data only to fulfill the specific request it received; it may not store, summarize, or transmit that data beyond the immediate response” — and tied those statements to enforcement mechanisms and audit logs.
When intent is explicit and enforcement is documented, auditability follows. The challenge is getting from implicit organizational understanding to explicit governance artifacts. That’s the work most organizations are in the middle of.
Theme 3: The Security-Velocity Tension Is Reaching a Breaking Point
This isn’t a new tension, but AI is amplifying it. Development teams shipping AI-powered features are moving faster than ever. Security review processes built for traditional software development are falling further behind.
The AI Feature Velocity Problem
Shipping an AI feature isn’t just shipping code. It involves model selection, data pipeline design, prompt engineering, integration architecture, and a set of security questions that don’t have clear answers in most organizations’ security review checklists.
Security teams are being asked to review AI features without frameworks for evaluating them. The result, predictably, is that reviews take longer, create more back-and-forth, and introduce more friction than they would with a mature evaluation framework.
The Organizations Getting This Right
The security teams we spoke with who were managing AI feature velocity well had two things in common:
First: They’d built governance frameworks for AI features in advance — not review processes that kicked in when a feature was ready to ship, but policy frameworks that developers could reference while building. The security conversation started at design time, not deployment review.
Second: They’d made compliance into a product feature rather than a gate. Rather than treating SOC 2 compliance as an external audit requirement, they’d built compliance monitoring into their deployment pipelines. When a new AI feature deployed, compliance status was a metric reported alongside uptime and latency. Security wasn’t an exit condition; it was a runtime property.
Both of these patterns are consistent with intent-driven governance — expressing security requirements in ways that developers can understand and build toward, rather than as code-level constraints that engineers must navigate.
Theme 4: The Market Is Sorting Into Two Categories
Perhaps the clearest signal from RSA 2026 was market consolidation pressure. The security tooling landscape for AI governance is crowded, and organizations are trying to figure out which solutions address root problems versus which address surface symptoms.
Point Solutions vs. Governance Platforms
A significant portion of the AI security vendor space offers point solutions: tools that address one specific risk category — prompt injection detection, AI API monitoring, model behavior auditing. These tools are useful, but they add to the integration burden for security teams that are already managing too many tools.
The organizations most satisfied with their AI security posture were the ones that had chosen a governance layer rather than a collection of detection tools — platforms that could express intent once and enforce it across multiple risk dimensions, rather than requiring separate policies for each threat category.
The Consolidation Question
The most common question we heard from security leaders evaluating vendors: “How does this integrate with everything else?” The era of evaluating security tools in isolation is over. Buyers are asking how tools fit into a coherent governance architecture before they evaluate what any individual tool does.
This is good news for approaches that provide a governance layer — intent expressed once, enforced everywhere — rather than adding another monitoring surface that generates more alerts for already-overwhelmed security teams.
Our Takeaway
RSA 2026 confirmed what we’ve believed since we started building Aegis: the security challenge of the AI era isn’t a detection problem. It’s a governance problem.
The organizations struggling most are the ones trying to detect their way out of a governance deficit — adding more monitoring to infrastructure that isn’t governed by clear, enforced intent. The organizations doing best have invested in the governance layer first and built detection and monitoring on top of a foundation of explicit, enforced policy.
Intent-driven governance — Policy as Prompt — is the foundation that AI-era security requires. The market is arriving at that conclusion in real time.
We’ll be sharing more specific insights from our conference conversations in the weeks ahead.
How Aegis addresses AI governance | Policy as Prompt explained | Talk to our team