Key Trends From RSAC: Agentic AI, MCP, and Supply-chain Risks

AI2

By: R. Scott Raynovich


SAN FRANCISCO (RSAC 2026)—The cybersecurity landscape just got a lot more complicated. Agentic AI is capturing the imagination of the public at large, but it’s also unleashing massive security risks for the enterprise.

In short, it’s a security nightmare for CISOs and other cyber pros, unleashing huge new attack surfaces and security gaps across applications, infrastructure, and data.

The vendor and venture community is, of course, eating this up, unleashing a new wave of cybersecurity product category creation in areas such as autonomous SOC, agentic AI, MCP, API security, supply chains, and data security.

"Every day there is news now where agents are doing something funky with enterprise data,” said Rehan Jalil, President of Products and Data with Veeam Software, in an RSAC presentation. “Whether it's exposing sensitive data, or deleting data... or deleting an entire repo of data. It's happening."

In the same session, Michael Dolan, Vice President and Chief Privacy Officer of Best Buy, said that the power and potential risks of AI demand an entirely new way of thinking about things.

"The whole way we are thinking about security and governance is different,” said Dolan.

Enterprise Data at Risk

Jalil and Dolan painted a picture in which enterprises don’t have full visibility into how AI agents can move or exfiltrate data or even manipulate systems—a problem that is taking root in the form of attack techniques such as prompt injections, which insert malicious instructions into AI queries. There's also the ongoing challenge of hallucinations.

“There is a probabilistic nature of these tools,” said Dolan. "They're going to get things wrong. We know things are going to make mistakes, but we are turning them on, on purpose.”

Here’s some common themes I saw repeating here at RSAC:

Identity and governance. As agentic AI moves into enterprises, cybersecurity professionals will need to move from tactical tools to a wider strategic approach. Identity access management, authentication, and access control increase in importance, with the need to implement wide identity controls across environments.

Agentic AI threats. Organizations are moving from chatbots and copilots to autonomous agents capable of independently triaging alerts, investigating threats, and even patching software.

Vin Sharma, Cofounder and CEO of AI security company Vijil, told me that enterprises are struggling to ensure safe agentic operations: "Enterprises have a pattern to getting close to adoption, then pulling back. Enterprises worry about three things: 1) Is it reliable? 2) Can I protect it—I don't want it to be hijacked; and, 3) In the event that it fails, what is the blast radius."

Supply chain trust. New approaches will be needed to secure the software supply chain, focusing on uncovering vulnerabilities in commercial, open-source, and AI-generated code.

Feross Aboukhadijeh, Founder and CEO of Socket, a company focused on securing AI code, told me that as AI-generated code propagates, the risks of the software supply chain are skyrocketing.

"We are seeing all sorts of attacks," said Aboukhadijeh. "It's not like humans did a good job of vetting code, but now agents are doing it, and they are accelerating. It's the same trend only fifty percent more third-party code being brought in."

I also met with Tom Pace, Cofounder and CEO of NetRise, a software supply-chain security company. Pace, who had no shortage of opinions, said supply-chain risks about, from GitHub to firmware, describing a world in which the largest companies in the world have little control over their software.

AI will accelerate that, he said. "There is no piece of software on the planet that doesn't have an issue," he said.

Vendors with Big Launches

In the cybersecurity world, a crisis is a terrible thing to waste. Agentic AI raises new questions about how to secure critical infrastructure, from the chips to networking and data stores. And that has unleashed a flood of new product announcements from the largest vendors.

New offerings target better access controls, identity, guardrails, and data security.

Let's start with big vendor launches:

  • Cisco announced DefenseClaw, an "open source secure agent framework," and also extended Zero Trust Access to AI agents through Cisco Duo IAM. Cisco said this enables managers to assign time-bound, task-specific permissions to agents.
  • Microsoft launched new identity features in Entra ID to track and control agent behavior, alongside guardrail previews in Microsoft Foundry.
  • SentinelOne unveiled a batch of new offerings, including Prompt AI Agent Security, a real-time governance control plane designed to monitor and remediate unauthorized agentic actions.
  • Databricks looked to boost its security credentials with Lakewatch, an agentic SIEM tool powered by Anthropic's Claude models. This launch is targeted at SOC infrastructure. Databricks also released an extension to its AI Security Framework (DASF) that adds 35 technical risks and 6 mitigation controls specifically for agent memory and planning.
  • Just prior to the conference, Futuriom 50 company and identity security specialist Teleport announced Beams. Beams are trusted runtime environments that provide secure, isolated infrastructure access for AI agents.

Jeetu Patel, Cisco’s President and Chief Product Officer—who seems to appear at every major tech conference—touted Cisco’s growing role in a keynote address Monday, which he also detailed in his blog. Patel said that in a Cisco survey of major enterprises, 85% reported having AI agent pilots underway. Only 5% had moved those agents into production.

“That 80-point gap isn’t skepticism about AI’s potential," wrote Patel in his blog. "It’s a rational response to a genuine security problem. Organizations can see what agents can do. They’re not sure yet they can trust them to do it safely.”

“ [W]ith a chatbot, the worst case is a wrong answer,” wrote Patel in his blog previewing the keynote on Monday. “With an agent, the worst case is a wrong action, and some actions can’t be undone.”

With Cisco Identity Intelligence and DefenseClaw, Cisco implements active scanning of identity, actions, MCP servers, and assets. Separately, Cisco unveiled an Agent Runtime Software Development Kit (SDK), which embeds policy enforcement directly into agent workflows at build time. The SDK supports frameworks including AWS Bedrock AgentCore, Google Vertex Agent Builder, Azure AI Foundry, LangChain, and more.

Startup Funding Action

With the larger vendors pumping out new products targeting agentic AI, the startups weren’t left behind. Agentic AI provides fertile ground in areas such as identity control, MCP, and supply-chain security.

RSAC is always fertile ground for launches and funding events. Here were some key funding and startup announcements:

  • A week prior to RSAC, Cloaked announced a gargantuan $375 million round to expand its enterprise-grade privacy platform. Cloaked has products for both consumers and enterprises targeting data security and privacy, but it looks like this recent round will help it expand its enterprise offerings, which include data cleanup, secure identities, and encrypted password management.
  • Surf AI launched with $57 million in funding for its agentic security operations platform. The round was led by Accel, with participation from existing investors Cyberstarts and Boldstart Ventures. Surf AI says it will operationalize security with a single agentic platform that connects the business context and data scattered across an organization's systems. The platform reads signals from identity, cloud, security, data, HR, and IT tools to build a living context graph that links assets, owners, permissions, and dependencies.
  • Above Security, a Tel Aviv, Israel-based AI-native agentic managed insider threat platform, has emerged from stealth and announced $50 million in funding. The round was led by Ballistic Ventures, Merlin Ventures, and Norwest, with participation from Jump Capital and QPV Ventures.
  • Futuriom 50 company Eclypsium, which specializes in hardware and AI infrastructure protection, has raised an additional $25 million in financing. The round was led by PEAK6 Strategic Capital, with participation from a top-three US bank. Previous backers include Ten Eleven Ventures, Andreessen Horowitz, Pavilion Capital (Seviora Group), Qualcomm Ventures, and Madrona Ventures.
  • Native announced on Tuesday that it raised $42 million in total funding as it emerged from stealth, addressing the growing challenge of enforcing security policies across multi-cloud environments. The latest raise is a $31 million Series A led by Ballistic Ventures, with participation from General Catalyst, YL Ventures, and Merlin Ventures. Phil Venables, former CISO of Google Cloud and now a venture partner at Ballistic Ventures, has joined Native’s board of directors.