TechTarget and Informa Tech’s Digital Business Combine. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise NEWSLETTER SIGN-UP Cybersecurity Topics World The Edge DR Technology Events Resources CYBERSECURITY OPERATIONS CYBERSECURITY CAREERS ENDPOINT SECURITY THREAT INTELLIGENCE INTERVIEWS Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know. Human vs AI: Debates Shape RSAC 2026 Cybersecurity Trends As AI dominated RSAC 2026, CISOs and industry leaders debated its role in security, from agentic applications to the challenges of scaling human involvement in decision-making. Alexander Culafi,Kristina Beek April 7, 2026 SOURCE: INFORMA TECHTARGET RSAC 2026 conference kicked off with a whirlwind of insights, debates, and predictions about the future of cybersecurity, with a particular focus on the ever-evolving role of artificial intelligence (AI). On day one, Informa TechTarget’s Jamison Cush and Sabrina Polin hosted a series of thought-provoking discussions with industry leaders, including an interview with Alex Culafi, senior news writer at Dark Reading. Culafi, a seasoned RSAC attendee, shared his observations on the heightened prominence of AI in the cybersecurity landscape and the noticeable absence of government representatives at this year’s event. AI dominated the conversation, as Culafi noted the aggressive push by vendors to market AI-driven solutions, a trend that has only intensified since 2023. From combing through data to acting as automated threat intelligence bots, AI's capabilities have matured, with vendors now touting more ambitious use cases, such as agentic AI systems that aim to augment or even replace traditional security operations centers (SOCs). However, this rapid evolution has sparked debate among security executives, with some questioning the scalability of keeping humans involved in every AI decision — a concept known as "human in the loop." Culafi noted that Vodafone's global CISO, Emma Smith, argued for a shift toward "human on the loop," where AI takes the lead, and humans intervene only when necessary, a stance that raises both opportunities and concerns. Related:RSAC 2026: How AI Is Reshaping Cybersecurity Faster Than Ever Beyond AI, Culafi highlighted key developments in the threat landscape, including the rise of sophisticated supply chain attacks targeting open-source ecosystems and the evolving tactics of ransomware actors. While ransomware payments are trending downward as organizations improve their defenses, data theft remains a significant concern. As the conference unfolds, Culafi's insights set the stage for deeper discussions on the balance between innovation and risk in cybersecurity, making it clear that the industry is at a pivotal crossroads. Live from RSAC 2026: "Human in the Loop" Doesn't Scale: Full Transcript This transcript has been edited for clarity and length by Informa TechTarget's internal AI assistant. For the full experience, please watch the video, above. Jamison Cush: Hello, and welcome as we conclude our live streaming coverage of day one from RSAC Conference 2026. I'm Jamison Cush with Informa TechTarget. And if you missed it earlier, we chatted with thought leaders from WiCyS and from ISACA and Informa TechTarget's cybersecurity expert Sharon Shea. I've also been chatting with the co-host here from the news desk, Informa TechTarget senior managing editor Sabrina Polin. And Sabrina, thank you once again for joining us. Related:Geopolitics, AI, and Cybersecurity: Insights From RSAC 2026 Sabrina Polin: Absolutely. JC: And I mean it. It's been a pleasure. And it was also a pleasure chatting with Rob and Jenai. They had a lot of interesting nuggets to share. Was there anything that jumped out? SP: Totally. Rob and Jenai from ISACA. We were asking them about a recent survey they conducted about AI and you know I asked I was like "Are you scared at all or worried about how crazy the landscape of AI is getting?" And Rob said no. This is the most excited I've been since the advent of the internet, which I thought was just a really cool nugget. Uh, and yeah, I think it's really representative [of] where we're at right now. Things are exciting. Things are changing. Things are going crazy. JC: Yes, things are exciting at the desk because we are joined by a four-time guest, another Informa TechTarget colleague, Dark Reading, senior news writer, Alex Culafi. Alex, thank you for joining us once again. Four times. Alex Culafi: Yes. Saving … I won't say the best for last, but ending on a strong note. Saving the best for the last of day one. Related:RSAC 2026: AI Dominates, But Community Remains Key to Security SP: Very diplomatic way to put it. JC: No. Yeah, absolutely. Absolutely. So, Alex, I just want to give you the floor. I mean, you are I know you have the show floor hasn't opened yet, but you've already attended some sessions and I think you've been pitched a thousand things, I'm sure. So, so what do you expect to happen here at RSAC? What are you seeing from talking to the CISOs and the other smartest people in the world? AC: So, this is my sixth, I think, RSAC conference. I'll start with this. The reason I like going to this conference every year is that it gives me a bit of a pulse on what businesses are thinking about each year, because it's very vendor-heavy. There's still plenty of research, but it's a vendor-heavy conference. So, you get an idea of what people are selling. AI is obviously like at the top of that. I'm sure every conversation you had today, every conversation you're having tomorrow, is going to mention it at some point. This is the most aggressive I've seen AI pushed and sold since, I would say, like 2023, when the products really started coming out. I don't really have an assessment on that other than it was really surprising that like the show floor is not open yet but all the billboards half the sessions a lot more vendors that have AI at the end of their name. And it's crazy because in 2023, 2024, I was like, "Okay, this is the year of AI. What's next year going to be?" And it was AI again, and, it's maybe it's more agentic this year, but it's still AI, again. So, that's the first thing that I would say I noticed. The second thing is that even though the show floor isn't open yet until uh a little later after we're done recording, the absence of government personnel is very noticeable this year. Usually, CISA, FBI and some other folks from the US government have a presence here, but CISA in January announced that they weren't going to be here. Plus, DHS employees furloughed. Kristi Noem had her first and probably last RSAC last year. And it's weird not having a government presence here. And I'm not like going to say I'm like the biggest fan of the government or anything, but it's nice to see the public sector show up because they're such an important part of the security ecosystem. So, I would say those are the two things. AI has been more aggressive, the selling side, than I've ever seen before. And the absence of any government employees is weird. SP: Right. I remember from two years ago, you and I did a little postgame interview, and I said three things you learned from RSA 2024. You said AI, AI, more AI. JC: It was hyping AI, selling AI, and marketing AI. SP: Oh, okay. Yeah. I repeated this to him last year. Okay. AC: I think I said both at different points, and I'll tell you I thought I was going to have a different answer this year, and I don't. It's because, you know, okay, uh, in 2023, they started to be like, "Okay, we have products that are related to AI and the security space." 2024, 2025, it's started to get a little more mature. And then 2026, they're talking about the agentic [AI]. They're talking about more ambitious use cases for this stuff and like the selling is a lot more, like I said, prominent. But it's been the same theme for the last four or five years. Even though like people try to say, "Oh, it's the humans this year. It's something else." But it's been AI since AI became a thing as we know AI now. SP: Is there a difference, is there any difference, in the offerings from years past now? Like, is it still kind of surface-level? Are we getting more practical? Is it the change from GenAI to agentic AI? like any themes there or is it kind of just throw an AI at the wall, something will stick? AC: I don't think they're throwing it at the wall. I think the use cases are a lot fancier. So, back in 2023, they were selling it as uh it can comb through your data. It can act as an automated threat intelligence bot. And that is still definitely the case now. It's a lot of combing through data, making human-readable documents for the board. And now with agentics, it's like they're trying to either implement or augment or replace or be the sock all at the same time, depending on who the audience is. And what's also interesting now is that you have, uh, a class of organizations that have started to actually use these products over the over the last few years. So, it's been really interesting to hear the you know sometimes positive, sometimes mixed response. Eric Geller over at Cybersecurity Dive, he just put up something that was talking about the mixed reception uh that some of these early waves of products have had. So, it's a weird space right now. It has matured a lot, but I thought that the sales aspect would fade into the background, but I mean you look at the billboards on the trucks driving by outside, it's AI everywhere. JC: To shift away from AI. I'm sure reluctantly on your part. AC: You want to talk about the government? JC: No — I do want to talk [about] the threat landscape though because we talked about this last year and you are highlighting some hypotheticals where there were satellite hacking, there were you know attempts or organizations that could hack you know traffic lights and then the sort of complexities behind that and trying to se