AI attack techniques are changing cybersecurity at RSAC 2026 – SiliconANGLE

The theme of this year’s RSAC conference in San Francisco was “Community Power.” Based on announcements and discussions that spanned four days, the cybersecurity community is becoming more independent and vulnerable to AI attacks.

Research results presented to SiliconANGLE from Enterprise Technology Research show that as organizations shift to stronger hygiene and deeper security features, AI is becoming a bigger part of the business platform, often at the expense of cloud investments. However, agent adoption of AI is also moving faster than an organization’s ability to control it, and AI-generated attacks add a new layer of complexity to an already complex security picture.

“This is the first time we see LLM security and gen AI as the first player. Cloud security has been the first player for the past two years,” according to Erik Bradley, chief strategist and director of research at Enterprise Technology Research, in an analysis of CUBE, SiliconANGLE Media’s livestreaming studio. “I don’t think anybody has a control tower right now. I think it’s going to be a mix. That’s why I always talk about defensive depth. It’s a term we used 10, 20 years ago that I think is more important than ever.”

Bradley and other industry experts joined CUBE Research’s Jon Oltsik, Christophe Bertrand and Dave Vellante during the RSAC 2026 Conference to provide exclusive insights on how enterprise security is being enhanced by identity separation, automated threats and AI systems. (*Advertisement below.)

Here’s a full video review of CUBE with Erik Bradley and Dave Vellante:

Here are three things you might not have missed:

Insight #1: The lateral world will play a central role in defending against AI attacks, and cyber resilience now requires AI-driven defense at machine speed.

Some of the most devastating cybersecurity attacks can occur when a threat actor successfully breaches a poorly secured part of the network and uses that access to bypass IT systems.

This exposure is what Broadcom Inc. which handles it, with a four-step transfer design, and systems placed close to the workload. The key is to have enforcement, prevention and mitigation – not just detection – according to Prashant Gandhi (pictured, left), vice president of products for the network and security division at Broadcom.

“If you really look at any attack generated by AI, ultimately what happens is that the boundary is broken, the attacker comes in, lands on a weakly protected asset, and then goes sideways,” Gandhi explained during an interview with CUBE. “Lateral propagation is where we come in, because we set a trap in the lateral world, and that’s where we destroy the trust of nothing.”

Organizations are grappling with a new reality where attacks are moving at a much faster pace. Google Mandiant’s “M-Trends 2026” report noted that the average time from the attacker’s first action to the next threat action has dropped from eight hours to just 22 seconds. Human response is no longer a possibility.

“Time is measured in seconds and minutes,” said Francis deSouza, chief operating officer and president of security products at Google Cloud, in an interview with theCUBE. “It will not be possible to install human protection only against AI attacks. The old models of having human protection or human-in-the-loop protection really have to change. Now what we see mainly is agent protection – using AI to fight AI – so that you can move at the speed of the machine, and you can have people overseeing the process, creating strategies and monitoring methods.”

Here is the full CUBE video interview with Prashant Gandhi and Umesh Mahajan (pictured, right) of Broadcom:

Insight #2: The quantum threat is upon businesses, and it’s time to take the leap toward built-in security.

The ability of quantum computing to override algorithms that have protected critical systems for decades could soon force businesses to take new preventative measures, according to Mark Hughes, global managing partner of cybersecurity services at IBM Corp. The only question now is how long before the protection should be in place.

“My first advice is not to panic, because there are many things we know how to do, which clearly support the safe use and introduction of AI in businesses. But despite the thing of ‘don’t panic’, it’s ‘get busy and move very quickly,'” Hughes told Cube. “Same principles [around governance and deployment] work when it comes to how we do that with AI and how you put that into business, but we need to accelerate. “

Hughes believes that the silver lining in the digital threat is that it will push businesses to be more disciplined in the management of certificates, keys and broader cryptographic workflows. It could also remove a growing barrier to AI adoption as much of the work required cannot be done by humans.

IBM has developed four quantum-resistant algorithms, and the National Institute of Standards and Technology of the United States Department of Commerce has released its first three completed encryption standards that organizations accept.

“Organizing around cryptography is now important – not just because of the quantum phenomenon, although that is a necessity,” Hughes said. “You need to do that now so we can get to the level of what we’re describing to IBM. [as] ‘crypto agility,’ where we move away from our usual storage method, which is hard crypto. It worked, and it really worked well for us, but that’s no longer useful in today’s environment.”

Here is the full video interview of CUBE with IBM’s Mark Hughes:

Idea #3: AI agents are changing the information channel and helping to close the skills gap in cybersecurity.

Zero trust is one of the most important principles for business systems, and it has worked well when human behavior is involved. However, the introduction of AI agents into common work processes has changed the nature of identity, where every action needs to be approved in real time according to the situation.

To address this new security, enterprise access security provider Ping Identity Inc. announced Identity for AI platform designed to improve visibility to agents across environments to ensure they are not operating outside the boundaries for a given task.

“With agents working in our system, there is no impact of something that we consider to be … damaging to the company,” said Andre Durand, founder and chief executive officer of Ping Identity, during an appearance on theCUBE. “For this reason, the seeds have to be stronger.”

Despite the need for strong regulation, AI agents are proving to be a timely solution for the cybersecurity industry. According to the ISC2 Cybersecurity Workforce Study of 2025, the cybersecurity industry experienced a major shortage of 3.5 to 4 million professionals worldwide last year.

The ability to offload “tier-one” tasks such as phishing triage to AI agents will help security professionals free up hundreds of hours each month and focus on chasing the first threat, according to Scott Woodgate, general manager for threat protection at Microsoft Corp.

“Agents offer a real opportunity to take automation to the next level and elevate the roles that people have [the] the job gap can be filled by the interaction between people and agents,” Woodgate told CUBE.

Here is the full video interview of CUBE with Andre Durand of Ping Identity:

To watch more CUBE coverage of RSAC 2026, here’s our full video lineup:

https://www.youtube.com/watch?v=videoseries

(*Disclosure: TheCUBE is a paid media partner for the RSAC 2026 Conference. TheCUBE event sponsors have no editorial control over the content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE