Do you have something cool to share? Some questions? Let us know:
The discussion opened with a reflection on the evolution of the RSA Conference recaps, a tradition maintained by the hosts since 2021. The central theme of the 2026 RSA Conference was the overwhelming presence of Artificial Intelligence, characterized by both genuine innovation and significant "AI washing."
The AI Framework: Categorizing Vendor Messaging
Anton and Tim developed a spontaneous framework to evaluate the spectrum of AI adoption and marketing observed on the showroom floor:
AI Washing: Vendors who claim to utilize AI but lack substantive integration. This was compared to "greenwashing" or "cloud washing," where legacy products are rebranded with AI terminology without functional changes.
AI Touch-up: A subtle form of rebranding where marketing materials are updated—for instance, changing "employees and contractors" to "agents"—without a fundamental shift in the underlying technology.
The "AI-Free" Movement: Notably, some leading vendors like Wiz adopted a contrarian marketing strategy, creating "AI-Free Zones" to appeal to attendees suffering from AI fatigue.
AI Tourists vs. AI Natives: A distinction was made between "tourists" (using AI for basic tasks like text summarization) and "natives" (whose core architecture is built upon AI models).
Strategic Risk: AI Labs vs. Security Vendors
A significant portion of the debate focused on whether General AI labs (e.g., OpenAI, Anthropic, Google DeepMind) will eventually displace traditional security vendors.
Disruption Potential: There is a credible risk that native AI integration within enterprise tools could render specialized security categories—such as vulnerability scanners or static analysis tools (SAST)—obsolete.
The Survival of the Specialist: Anton argued that security vendors will survive by leveraging "tribal knowledge" and "enterprise reality"—contextual data that general-purpose LLMs lack.
Analyst Relevance: Similar to the security industry, analyst firms (like Gartner) face pressure from AI. However, their value remains in "Inquiry Data"—the aggregated, non-public gossip and context gathered from direct client interactions that cannot be scraped for model training.
Adversarial AI and the "Death of Luck-Based Security"
The conversation shifted to the threat landscape, specifically the emergence of "bad guys with AI" and "bad AI" as distinct actors.
Scale and Speed: AI allows attackers to scale traditional methods (like ransomware) at a velocity that eliminates "luck-based security." Organizations that previously survived through obscurity or attacker inefficiency will no longer be safe.
The Fundamental Defense: Despite the AI hype, the hosts concluded that "getting the fundamentals right" remains the best defense. If a system is configured correctly and code is secure, AI has no vulnerabilities to exploit.
Securing AI: In a positive shift from 2025, there is now a visible market for securing AI, including agent identity management and data security for training sets.
The "Wiz Effect" and Show Floor Logistics
The hosts observed a shift in booth aesthetics, moving away from "all-black" tactical messaging toward "whimsical" and soft-colored branding (purples and pinks). However, Tim expressed skepticism regarding the information density of the showroom floor, noting that low-information buyers cannot distinguish between top-tier vendors and "number six" vendors who simply have large marketing budgets.
Conclusions and Future Outlook
Tim posited that by 2031, the IAM (Identity and Access Management) and SIEM (Security Information and Event Management) spaces will be unrecognizable due to AI disruption. Furthermore, there is a growing trend toward "active disruption"—large-scale efforts by providers like Google to take the fight to adversaries, specifically targeting "pig butchering" scams and other organized cybercrime.
Timeline of Key Topics
Introduction and RSA Recap History
Reflections on past conferences and the exhaustion of the RSA circuit.
Development of the AI Maturity Framework
Definition of AI washing, AI touch-ups, and the rise of "AI-Free" marketing.
The Evolution of Vendor Technology
Discussion on "reading the mind of a model" and evaluating deep technical AI claims.
The Threat of Industry Consolidation via AI Labs
Will General AI labs cannibalize the specialized security market?
The Role of Context and "Tribal Knowledge"
Why general models struggle with enterprise-specific security nuances.
The Decline of SAST and Specialized Tools
Identifying categories most vulnerable to AI replacement, such as static analysis and firewall rule analysis.
Adversarial AI and Attacker Modernization
The transition from human-speed to machine-speed attacks and the end of "luck-based" security.
Defense Through Fundamentals
Reiterating that secure configuration and "doing the boring stuff well" mitigates AI-powered threats.
The Rise of "Securing AI" Products
New market segments for agent identity and training data protection.
The "Wiz Effect" and Branding Trends
The move toward whimsical booth designs and the lack of information density on the showroom floor.
The Persistence of Legacy Vendors
Why "number six" firewall and AV vendors remain profitable despite the lack of innovation.
Open vs. Closed Ecosystems
The signaling effect of "openness" and whether it indicates genuine value or a defensive marketing posture.
Predictions for 2031
Anticipating the complete transformation of IAM and SIEM markets.
Active Adversary Disruption
The role of large providers in dismantling attacker infrastructure and addressing scams.
Closing Advice and Recommended Reading
The demand for vendors to "bring data/numbers" and a summary of essential 2026 threat reports.
