The RSA Conference 2026 saw leading technology companies, including CrowdStrike, Cisco, and Palo Alto Networks, introduce innovative solutions to address the challenges in agentic Security Operations Center (SOC) tools. CrowdStrike’s CEO reported a significant reduction in adversary breakout time to 27 seconds, highlighting the critical role of endpoint sensors in detecting various AI applications. Cisco’s President noted that while 85% of surveyed enterprises are piloting AI agents, only 5% have moved them to production due to unresolved security concerns.
One of the key issues discussed at RSAC 2026 was the difficulty in differentiating between agent and human activity in security logs, emphasizing the need for enhanced endpoint visibility. CrowdStrike also shed light on the first major supply chain attack on an AI agent ecosystem, underscoring the importance of robust security measures.
Both CrowdStrike and Cisco presented distinct approaches to enhance SOC capabilities. Cisco and Splunk unveiled specialized AI agents for Splunk Enterprise Security, while CrowdStrike integrated analytics into the data ingestion pipeline for real-time threat detection. Furthermore, Palo Alto Networks outlined its AI security platform expansion and collaboration with Intel to optimize AI PCs for improved agent behavior tracking.
Despite these advancements, security leaders were advised to take immediate action in understanding their current SOC stack’s capabilities, establishing agent differentiation, and building behavioral baselines to adapt to the evolving threat landscape.
Source: VentureBeat