Management & Strategy RSAC 2026 Conference Announcements Summary (Pre-Event) A summary of the announcements made by vendors in the days leading up to the RSAC 2026 Conference. By SecurityWeek News | March 23, 2026 (11:52 AM ET) Flipboard Reddit Whatsapp Whatsapp Email As hundreds of vendors descend on San Francisco for the RSAC 2026 Conference, the sheer volume of news can be overwhelming. To help you navigate the noise, SecurityWeek is providing a daily digest of the most significant announcements. Below is our curated roundup of the essential product and service updates from the days leading up to the event. Action1 adds integrations with Rapid7, Tenable, CrowdStrike, and Microsoft Action1 has announced new integrations between its endpoint management platform and four major vulnerability management and endpoint security tools from Rapid7, Tenable, CrowdStrike, and Microsoft. Each integration correlates vulnerability scan data from the respective platform with Action1’s endpoint inventory and automated patching capabilities. Additionally, Action1 introduced a universal vulnerability data ingestion feature that accepts exported scan data from any vulnerability management tool. Arcjet adds prompt injection detection to its application-layer security platform Arcjet has released a prompt injection protection capability that inspects and blocks malicious prompts before they reach AI models. Rather than relying on the model itself to resist adversarial input, enforcement happens earlier in the request path, where full application context (such as identity, session state, and routing) is available. The feature integrates with Arcjet’s existing controls, including bot detection, rate limiting, and sensitive information detection. Advertisement. Scroll to continue reading. Bonfy launches data security platform for AI agents and enterprise GenAI workflows Bonfy has released Adaptive Content Security (ACS) 2.0, a platform designed to monitor and control how sensitive data is accessed and handled by AI agents, copilots, and unsanctioned AI tools. It covers a broad range of systems (Microsoft 365, Google Workspace, Salesforce, Slack, AWS S3, and on-premises file stores) and introduces an MCP server interface that allows AI agents to label and risk-score content before it reaches external services. A browser extension provides real-time inspection of web traffic to detect shadow AI usage. The platform also adds a ‘data surface visibility’ view that maps where sensitive content resides across an organization’s data stores and tracks how employees and agents interact with it. Booz Allen Hamilton launches Vellox AI-native cyber defense suite Booz Allen Hamilton launched Vellox, a suite of five AI-native cybersecurity tools covering malware analysis, detection engineering, adversary emulation, compliance monitoring, and autonomous remediation. Vellox Reverser (generally available) automates malware reverse engineering to produce defensive recommendations; Vellox Ranger (limited preview) autonomously maps customer environments to generate tailored detection logic; and Vellox Striker (limited preview) emulates AI-powered attackers to stress-test defenses. Vellox Navigator (real-time compliance monitoring) and Vellox Responder (autonomous remediation across cloud and infrastructure) are announced but not yet available. Cobalt expands its offensive security platform with new AI capabilities and managed program service Cobalt announced two additions to its Offensive Security Platform: new AI-driven pentesting capabilities and a Security Program Manager service. On the AI side, the platform now automates reconnaissance, vulnerability discovery, credential validation, and finding deduplication. The Security Program Manager is a dedicated human expert who handles scheduling, remediation tracking, and asset inventory management for enterprise-scale pentesting programs, and produces executive-ready reporting from technical findings. Druva launches Identity Resilience to cover Okta, Active Directory, and Entra ID Druva Identity Resilience extends the company’s data security platform to include identity protection and recovery across Okta, Microsoft Active Directory, and Microsoft Entra ID in a single SaaS platform. Rather than treating identity as a static list of directory objects, the platform models it as a continuously evolving state (tracking how permissions, relationships, and non-human identities change over time) to help teams reconstruct what happened during an incident and restore access to a known-good state. Secure Code Warrior launches ‘SCW Trust Agent: AI’ for governance of AI-assisted development Secure Code Warrior has unveiled ‘SCW Trust Agent: AI’, which provides commit-level visibility into which LLMs (both sanctioned and shadow AI tools) influenced specific code commits, and correlates that AI usage with vulnerability exposure and developer skill levels to enforce policy before code reaches production. It also tracks active MCP servers to prevent AI agents from accessing internal tools or databases through unvetted connections. Entro Security adds AI agent governance to identity platform Entro Security has launched Agentic Governance & Administration (AGA), a new module that extends identity governance principles to AI agents and the non-human identities they use. AGA builds a profile for each agent by correlating its sources (endpoint telemetry, agent foundries, cloud environments, MCP servers), the enterprise assets it accesses, and the identities it relies on. It also provides MCP activity monitoring and policy enforcement. Graylog adds threat prioritization, automated investigations, and MCP server to SIEM Graylog announced three new capabilities for its SIEM platform. A threat prioritization engine groups related alerts using entity context, asset criticality, vulnerability data, and threat campaign intelligence to surface high-priority incidents and suppress noise. Context-aware incident response workflows automate evidence collection and generate AI-driven step-by-step response recommendations. An open MCP server connects compatible LLMs to Graylog security data, enabling natural-language queries and agentic workflows such as automated triage, MITRE ATT&CK coverage mapping, and false-positive analysis. Huntress adds endpoint and identity security posture management to platform Huntress has launched Managed Endpoint Security Posture Management (ESPM) and Managed Identity Security Posture Management (ISPM) as new additions to its platform. Managed ESPM controls which applications can run on endpoints, integrates with Microsoft Defender for Endpoint for vulnerability prioritization and remediation, and generates compliance-ready reports. Managed ISPM applies expert-built policies to Microsoft 365, continuously checks for misconfigurations, and automatically rolls back unauthorized changes within minutes. Both products are currently in Early Access, with general availability expected by summer 2026. Nagomi Security expands platform with agentic exposure remediation and verification Nagomi Security has launched Agentic Exposure Ops, which extends the platform’s focus from exposure visibility to automated remediation. Agents investigate exposures by correlating vulnerability data, control telemetry, and threat signals across domains, then route remediation tasks to the appropriate owners with contextual tickets. Once a fix is applied, the agents continuously re-verify that the closure holds as environments change, producing evidence at each stage of the detect-investigate-remediate-verify loop. Opal Security launches Paladin, OpalScript, and OpalQuery for AI-native access governance Opal Security has introduced three new capabilities forming a closed loop for access governance. Paladin is an AI access evaluation agent that sits directly in the approval chain, reviews requests against the requester’s history, resource sensitivity, and referenced project tickets, and either approves or escalates them. OpalScript is a Python-like policy language that lets teams codify access rules as executable automations (such as separation-of-duties enforcement or time-limited access grants). OpalQuery allows security and GRC teams to interrogate the organization’s identity and access graph using plain-language queries, with results exportable as audit evidence. Orca Security adds AI agents and runtime AI detection to cloud security platform Orca Security has announced four new capabilities for its platform. A Threat Investigation Agent automatically correlates signals across cloud environments and produces investigation reports with recommended containment actions, while an AppSec Triage Agent analyzes SAST findings to filter out false positives. Runtime AI Threat Detection identifies when workloads, identities, and processes interact with AI models, MCP servers, and third-party AI tools, providing visibility into how AI is being used at runtime and where sensitive data may be exposed. Orca also introduced code reachability analysis, which determines whether vulnerable code paths are actually invoked in running applications, and Orca Missions, which groups related findings into tracked remediation initiatives. Panther releases AI SOC platform Panther has announced the general availability of its AI SOC Platform, in which AI agents have native access to the platform’s data lake, detection engine, and organizational knowledge to investigate and triage alerts autonomously. A key architectural feature is closed-loop detection tuning: every triage outcome is fed back as a label that automatically adjusts detection logic over time. Other capabilities include an AI Detection Builder that converts natural-language threat hypotheses into Python-based detection rules, proactive threat hunting that runs scheduled analysis across the full data lake, and cross-tool context assembly via MCP integrations with identity providers, ticketing syste