Back to Blogs Industry Perspectives

RSAC 2026: AI Security as an Operational Necessity

By Thyaga Vasudevan - EVP of Product

April 3, 2026 3 Minute Read

Another illuminating RSAC is in the books! As in years past, the Skyhigh Security team had a great time engaging with our peers in San Francisco at this RSAC 2026. Our conversations with customers, analysts, partners, and media highlighted the needs of the evolving security landscape and demonstrated where current controls fall short.

Based on these conversations, we’ve identified a few core takeaways from the event:

Generative AI Security is Table Stakes

If there’s one thing that our time at RSAC made clear to us, it’s that AI security is now nothing short of an operational necessity. Nearly every security vendor showcased or discussed the evolving AI risk landscape, including threats such as prompt injection attacks and the expansion of enterprise Shadow AI adoption.

Addressing these threats requires competent solutions. Prompt inspection capabilities and AI-focused Data Loss Prevention (DLP) are becoming baseline standards for security vendors, but they still need refinement. What comes after these initial guardrails, and how can we identify risky prompts or content moderation issues before they spiral into real threats? This is the next challenge our industry needs to tackle.

Agentic AI is the Inflection Point

The biggest conceptual shift at RSAC was from generative prompts to agentic solutions. As autonomous and semi-autonomous AI agents become reality, security capabilities must evolve in lockstep. Governance must shift from inputs to AI-driven action across systems, protecting against a much larger and more dynamic threat landscape than teams have become accustomed to.

The emerging control plane can be broken down into three essential questions:

Who is acting? (human, service identity, or AI agent—including Shadow AI agents)
What are they accessing? (data across SaaS, APIs, and MCP servers)
What are they trying to do? (are these actions authorized or not)

Context, intent, and outcome are just as critical as access in the agentic future.

Data Sovereignty is Front and Center

Driven by geopolitical pressures and increasing regulatory scrutiny, data sovereignty was a recurring topic of conversation at RSAC. AI solutions are accelerating cross-border data movement by default, thereby challenging our traditional assumptions about data residency, processing, and storage boundaries.

Today’s enterprises are looking for inline enforcement and hybrid architectures that help them maintain control of sensitive data without stalling innovation. Enabling this sovereignty will soon be a core architectural requirement for AI-driven organizations, not just an applicable edge case.

Compliance Must Become Continuous

Besides complicating sovereignty, AI is exposing the limits of traditional point-in-time compliance. Static data audits and periodic checks simply cannot keep up with always-on AI workflows, creating coverage gaps and a higher risk of noncompliance.

Enterprises need continuous visibility and control to meet the compliance needs of an evolving AI landscape. With real-time insight into how data is being accessed, processed, and reused by AI systems, teams can shift their compliance from a reporting exercise into a living, embedded control plane across data workflows.

The Browser is the New Endpoint

A quieter, but consistent, signal at RSAC was the growing importance of browser-level security. With AI and SaaS workflows living almost entirely in the browser, finding ways to secure this browser—and not have to rip and replace it—is emerging as the most practical path forward.

This will help combat the disillusionment many enterprises have about the need to install entirely new browser replacements. Securing the existing browser against copy-paste and exfiltration risks is possible with the right tools, as long as they’re made accessible.

What’s Next from Skyhigh Security

Our time at RSAC 2026 strongly validated our data-first approach to security, but it also reinforces where we must go next. The future of AI security won’t just be about inspecting prompts; it will be about securing how data, identity, and actions flow across autonomous systems. Our goal is to give enterprises the confidence to move forward into the AI-driven future safely, supporting innovation while maintaining reliable security.

About the Author

Thyaga Vasudevan

Executive Vice President of Product

Thyaga Vasudevan is a high-energy software professional currently serving as the Executive Vice President, Product at Skyhigh Security, where he leads Product Management, Design, Product Marketing and GTM Strategies. With a wealth of experience, he has successfully contributed to building products in both SAAS-based Enterprise Software (Oracle, Hightail – formerly YouSendIt, WebEx, Vitalect) and Consumer Internet (Yahoo! Messenger – Voice and Video). He is dedicated to the process of identifying underlying end-user problems and use cases and takes pride in leading the specification and development of high-tech products and services to address these challenges, including helping organizations navigate the delicate balance between risks and opportunities.

Back to Blogs