Executive Summary

The upcoming RSA Conference (RSAC) 2026 in San Francisco is set to be dominated by discussions on the profound impact of Artificial Intelligence (AI) and Quantum Computing on cybersecurity. The conference agenda reflects a pivotal moment for the industry, moving beyond traditional defense paradigms to focus on building resilience and adaptability. Key themes will include the dual-use nature of agentic AI—its potential for both defense and attack—and the urgent, practical steps organizations must take to prepare for a post-quantum cryptography (PQC) world. The focus is shifting from 'if' to 'when,' with a clear call to action for security leaders to begin their transition to quantum-resistant technologies immediately.

Key Theme 1: The Double-Edged Sword of Agentic AI

Agentic AI, which involves autonomous agents capable of performing complex tasks, is a major topic. The conference will explore this from two angles:

• Offensive AI: How will adversaries use agentic AI to create more sophisticated, automated, and scalable attacks? This includes AI-powered malware, autonomous hacking agents, and hyper-realistic phishing campaigns.
• Defensive AI: How can defenders leverage agentic AI to create self-healing networks and autonomous security operations centers (SOCs)? This includes the kind of technology announced by Accenture and Microsoft, where AI agents can independently detect, investigate, and remediate threats.

A significant sub-theme is the challenge of Identity and Access Management (IAM) for non-human identities. As organizations deploy thousands of AI agents, each with its own identity and permissions, securing and managing these at scale becomes a monumental challenge that traditional IAM models are not equipped to handle.

Key Theme 2: The Quantum Imperative - Migrating to PQC

The threat of quantum computing is no longer a distant, theoretical problem. A sufficiently powerful quantum computer could break most of the public-key cryptography that currently protects global data and communications. The key message at RSAC 2026 will be one of urgency:

• 'Harvest Now, Decrypt Later': Adversaries are likely already capturing and storing encrypted data today, with the expectation of decrypting it once a quantum computer is available. This makes protecting long-term sensitive data an immediate priority.
• The PQC Transition: The conversation has moved to the practicalities of migrating to quantum-resistant algorithms. Sessions will focus on:
  1. Crypto-Agility: Designing systems that can easily swap out cryptographic algorithms.
  2. Cryptographic Bill of Materials (CBOM): The first step for any organization is to create a comprehensive inventory of all cryptographic assets and algorithms in use across the enterprise.
  3. Hybrid Approaches: Implementing a hybrid approach that uses both a classic and a quantum-resistant algorithm simultaneously as a transitional measure.

The National Institute of Standards and Technology (NIST) has already selected the first set of PQC algorithms, and the push at RSAC will be for organizations to start planning and testing their migration strategies now, not later.

The Shift to Resilience

Underlying both the AI and quantum themes is a broader strategic shift towards cyber resilience. The understanding is that in a world with AI-powered attackers and code-breaking quantum computers, perfect prevention is impossible. The focus must therefore be on the ability to withstand, adapt to, and recover from attacks. This involves not just technology, but also processes, people, and a fundamental change in security architecture and mindset. The popular 'The Five Most Dangerous New Attack Techniques' session will likely provide a glimpse into how these emerging technologies will shape the threat landscape of the near future.