RSAC 2026: AI’s Bifurcated Impact on Cybersecurity
SAN FRANCISCO — RSAC 2026 opened Monday at the Moscone Center, drawing over 40,000 cybersecurity professionals, executives, and policy leaders to assess an industry facing significant pressure. A dominant theme emerged: artificial intelligence has not simply entered the cybersecurity landscape; it has fundamentally split the field into two distinct, accelerating fronts.
The Two Wars in Cybersecurity
The cybersecurity industry is currently engaged in two simultaneous battles. The first involves leveraging AI to revolutionize defense – rebuilding threat detection, response, and security operations with AI at their core. The second, and newer, challenge centers on securing AI systems themselves, even as attackers learn to exploit those same systems.
The First Major AI-Driven Attack
In mid-September 2025, Anthropic detected and disrupted what is believed to be the first large-scale cyberattack executed with minimal human intervention. According to reports, a Chinese state-sponsored group manipulated Anthropic’s Claude Code tool to attempt infiltration of approximately 30 global targets, including financial institutions, technology companies, and government agencies. The AI autonomously handled 80 to 90 percent of the attack process, from infrastructure scanning to credential harvesting and data organization, with human operators intervening only at key decision points.
The Speed of Modern Attacks
The speed of attacks is increasing dramatically. Data exfiltration times have decreased from nine days in 2021 to two days in 2023, and to roughly 30 minutes by 2025. A February 2026 Malwarebytes report, citing a 2025 MIT study, revealed that an AI model using the Model Context Protocol achieved full domain dominance on a corporate network in under an hour, evading real-time endpoint detection by adapting its tactics. Malwarebytes identified Model Context Protocol-based attack frameworks as a defining capability of criminal operations in 2026.
Wave 1: Rebuilding Defenses with AI
For decades, defenders have been structurally outmatched, with the attack surface expanding faster than human teams could respond. AI-native security architecture offers a potential counter to this asymmetry. This involves deploying AI to rebuild the defensive stack – a process referred to as Wave 1. Tools for cloud security, Kubernetes security, network firewalling, and API protection already exist, and the industry understands how to utilize them.
Wave 2: Securing AI Itself
Wave 2 focuses on the security of AI itself – hardening models against prompt injection, governing autonomous agents, and ensuring data integrity. This presents a unique challenge, as language itself has become an attack surface. Adversaries can now probe AI systems through metaphor, images, or language switching, exploiting the flexibility of these systems. Existing defensive tools, such as firewalls and intrusion detection systems, are not designed to address this semantic problem.
The Visibility Gap
A significant gap exists in visibility into AI systems. Rogue AI agents can access sensitive data with limited oversight. Organizations are resolving API and cloud vulnerabilities at rates above 70 percent, but only about one in five serious genAI flaws identified during testing are fixed. The rapid pace of AI deployment is outpacing the security discipline needed to validate it.
The Narrowing Window
The window of opportunity for defenders to gain an advantage is narrowing. Those who move quickly to adopt AI-native architectures have a real advantage in detection speed and response capability. However, attackers are also adopting these tools, and the tools themselves will eventually equalize. Institutional readiness – trained analysts, mature playbooks, and governance frameworks – will be crucial.
RSAC 2026 is serving as a critical juncture for the cybersecurity industry to address these challenges and determine the path forward in this new era of AI-driven threats.
Byron V. Acohido is a Pulitzer Prize-winning business journalist dedicated to fostering public awareness about cybersecurity.