A few weeks ago, the consultancy I’m part of made a decision about a minor, nagging business issue we’d been debating. And then promptly forgot what it was.

During a team meeting last Monday I agreed to dig through email and figure out what we’d agreed to. It was the kind of small, time-sucking chore that puts a ten-minute dent in your day, and can destroy a week if you accumulate enough of them.

This chore, however, ended up being dentless, because I decided to use it as a test case for Claude Cowork’s newly acquired ability to manipulate desktop apps in addition to web services. I told it what I needed to know and where it was likely to find the answer, then let it search through Outlook, find the appropriate thread, read it, and summarize what it discovered. Which it did, to perfection, in a few minutes while I worked on something else.

It was kind of magical, and a mere hint at what Claude will apparently soon be capable of doing (aside from crash markets).

On the other hand, it could also have ended very differently. The task I’d assigned Claude didn’t require it to write or send an email on my behalf, but given that AI agents have been known to do things even when explicitly told not to, it was at least possible that my simple prompt could have resulted in the distribution of the company’s latest financials to everyone in my address book.

Or something worse. The trick with agentic AI security risks is that they shapeshift—and expand—too fast for most of us to keep pace with.

Which is why it’s kind of perfect that I conducted my Claude Cowork experiment at an airport lounge on my way to San Francisco for this year’s RSA Conference in San Francisco, where pretty much every exhibitor on the show floor would be promising answers to problems ranging from agentic browser hijacking to agentic insider threats to so many other real and potential agentic dangers that Microsoft needs 28 pages to catalog them all.

And that’s what researchers are worried about now. It’s a sure bet there will be something new worth worrying about next week. People ask what the threat landscape’s going to look like in six months, muses Coro CEO Joe Sykora (pictured). Six months?

“This stuff is going so fast that I don’t know if anyone can really comprehend what it’s going to be in three months,” he says.

Which is new and difficult terrain for security vendors. How do you secure end users against dangers posed by autonomous, rapidly advancing technologies that move in ways so mysterious even the people who created them can’t explain how they work?

The answer, my conversations at RSAC suggest, entails pairing the newest, most sophisticated defenses with their very oldest counterparts.

Fighting speed with speed

Arctic Wolf’s SOC collects a little over 1.5 trillion security observations a day. According to Dan Schiappa, the company’s technology and services president, that’s about the equivalent of everything the app formerly known as Twitter processed in its first decade of existence. Finding and then mitigating threats in all that noise is hard work.

“I used to always say it was like an arms race in the past, but now it’s like a nuclear arms race,” Schiappa says.

So what will it be two years from now when there will be 1.3 billion agents exchanging traffic across the internet, according to IDC, or two years after that when IDC expects the number of agents in use at businesses to have risen 10x over 2025 levels? Keep in mind before answering that threat actors will be using agents themselves to create sophisticated new zero days, at scale and cost-effectively.

“It becomes almost a volume game for these attacks to come down market” into SMBs, observes Tuan Nguyen, vice president of channels and alliances at Huntress.

And a speed game as well, adds Michal Jankech, global VP of enterprise, SMB, and MSP at ESET. “Agentic AI can create new variants of malware much faster than an actual attacker,” he says. “It’s like a multiplier effect.”

Which means SOC vendors have to move faster in response. “We must attack speed with speed is just the reality of where we’re at now,” says Will Ledesma, director of global MDR cybersecurity operations at N-able.

Superhuman speed, one might add, which is why N-able is one of many vendors I spoke with at RSAC fighting AI threat fire with AI SOC fire.

Or AI MDR fire in N-able’s case. According to Ledesma, a senior analyst at the company’s Adlumin XDR/MDR unit recently uncovered 10 indicators of attack in a mountain of client telemetry after a major incident in an impressive 60 minutes. AI needed just three seconds to detect the same 10 IOAs—plus three more the human analyst missed entirely.

Not everyone, it’s worth noting, is fixated on time to detection. Rohit Ghai (pictured), who became CEO of Barracuda last September, thinks MSPs serving SMBs need simplicity more than speed, and is building the company’s MDR platform accordingly.

“We’re going to prioritize easy over fast,” he says. “It’s a contrarian view.”

Follow Me on LinkedIn

An ounce of prevention

For all the talk about high-speed SOCs at RSAC, though, even their biggest proponents recognize the dangers of betting everything on detection and response. LLMs are masters of unpredictability, after all, so the surest way to keep their “agents of chaos” from wreaking havoc is to neutralize them before they have a chance to surprise you.

Hence Gartner’s prediction that “preemptive cybersecurity technologies” will account for over half of security spending overall by 2030, up from less than 5% in 2024. For the first time since EDR made anti-virus unhip, it seems, good old fashioned prevention is where it’s at.

“Which is cool,” Jankech says. “We’ve been saying that for years.”

Indeed, ESET has long identified itself as a “prevention-first” vendor. The latest manifestation of that philosophy, unveiled at RSAC, is the addition of a runtime cloud workload security solution to the company’s PROTECT Platform. Products from other vendors announced at the conference similarly seek to deny detection and response solutions anything to detect or respond to.

“The best incident response is no incident response,” says Dan Candee, CEO of Cork Cyber, whose new Automated Asset Analysis tool vaults the company past merely identifying gaps, misconfigurations, and inconsistencies across dozens of security solutions to remediating them, at the press of a button now and automatically in the near future.

“We’re closing and locking the windows and doors before the threat actors are able to get to the house and find the windows and doors,” Candee explains.

Huntress, a vendor best known for right-of-boom offerings in the past, introduced left-of-boom posture management solutions for endpoints and identities shortly before RSAC with the same goal in mind.

“That’s really kind of where we see the opportunity,” Nguyen says. “It isn’t just about how do we respond once we see an attack, but how do you actually help prevent an attack?”

Veeam’s latest solution, meanwhile, unifies left- and right-of-boom functionality specifically for agentic AI in a single package. Called Agent Commander and announced last month, the system combines automated detection and rollback of agent-initiated mistakes with policy enforcement and permissions control features designed to prevent mistakes from happening in the first place. Mitigating the human propensity for error has long been one of the biggest reasons to use data protection tools, observes Brad Linch, Veeam’s director of enterprise strategy.

“You even more need to be concerned, in my opinion, with the increased accidental mistakes that take place with these AI agents when these projects get deployed and they’re given more rights than they should be,” he says.

The human touch

N-able’s SOC was investigating and remediating 90% of incidents automatically as of last year, and the company expects that number to go as high as 99% by the end of 2026. Coro, for its part, is processing about 94% of SOC tickets automatically at present, and that figure too is rising. But only to a point, according to Sykora.

“We will never get to 100%,” he says.

Every SOC operator I spoke with at RSAC agrees. No matter how good AI gets at addressing agentic threats, it will never completely eliminate the need for HI, as in human intelligence.

“AI is only trained on what it’s seen, what’s already happened,” Jankech says, which means it’s likely to be stumped by something totally new. “You need to have skilled humans who can actually empathize with the attacker and think like the attacker.”

Schiappa, of Arctic Wolf, sees a collaborative future ahead for humans and AI in security too. The state-of-the-art agentic SOC his company introduced last week relies heavily on a “swarm of experts,” hundreds of function-specific agents chattering away with each other under the supervision of an AI-powered security orchestrator that is itself continually monitored and assessed for efficacy by an AI judge.

And who judges the AI judge?

“We also have human judges,” Schiappa says. “AI is not always right.” Nor are humans, however.

“That AI judge also judges the output of the humans,” Schiappa notes. “With the AI and the human together, we’re getting accuracy higher than humans alone and higher than the AI alone.”

Just as Claude and I are now getting more done together than either of us could apart. What’s true in the SOC is true on my laptop too, it seems.

Share

Over on The Business of Technology

Host Dave Sobel is pondering agentic security as well.

A whole post full of thoughts on the topic is available here.

Three final insights from RSAC 2026

1. It’s still all about platforms in security

It’s not hard to envision a world in which the challenges of AI security broadly and agentic security specifically lead big-time platformization proponents to adopt point solutions with capabilities not available in their platform of choice. Based on my RSAC conversations last week, platform-of-choice vendors aren’t worried much about that vision becoming reality.

Barracuda, for example, believes AI makes the power of platforms like its BarracudaONE even more compelling for the SMBs in its target market.

“They’re resource constrained. They can’t deal with tool sprawl,” Ghai says. Or with a newer, still emerging version of that phenomenon, he adds.

“In the AI era, it’s not tool sprawl. It’s now agent sprawl, because everybody and their brother and their sister and their dog is delivering an agent,” Ghai says. Bad things happen, he adds, when those agents don’t work together well.

“Agents have, well, agency, and if they act in conflict, it’s not a question of efficiency or efficacy. It’s a disaster,” Ghai explains. Which is why businesses of all sizes, he maintains, are better off getting all their agents from one source.

Plus, platforms can share telemetry and coordinate responses in ways point products can’t, adds Greg Clark, senior director of product management for enterprise cybersecurity at OpenText Cybersecurity, whose platform includes systems for managing sensitive data, setting access permissions, and threat monitoring.

“When a human or a non-human or an agent is doing something around data that maybe they shouldn’t or that seems anomalous to the identity system or the threat detection system, that heightened signal will allow us to act quicker with more specificity,” he says.

2. Fears of a security SaaSpocalypse may be a tad overblown

Anthropic’s recent release of an AI code-checking product sent security share prices plummeting, as did word of a forthcoming “step change” improvement in the company’s Claude model. Schiappa isn’t losing sleep over the matter. LLMs are powerful tools, he says, but lack the deep end user knowledge needed to excel at security.

“I honestly don’t think that in a lot of the security I’m involved in they’re going to have that big of an impact, because they just can’t get to that individual customer context,” Schiappa says. “That’s not what they do. They’ll produce great models and we use them as the basis of our small language models and we’re huge fans of them, but they’re never going to get us where we need to go without our own models on top of it.”

3. Security vendors are using AI to fight AI-related partner program sat risks

I wrote early this month about research from GTIA hinting at erosion in member satisfaction with vendor partner programs for reasons probably related to misalignment between what partners need in the AI era and what partner programs offer. What I didn’t mention is that while AI may be partly responsible for a modest decline in partner program sat, according to GTIA, it’s also made working with vendors easier in ways partners appreciate.

More specifically, 37% of partners surveyed by GTIA said that access to vendor AI has made enablement and support easier, 35% said the same of collaboration on product and service roadmaps, and 34% said the same of pricing, discount, and margin management. Which bodes well for the vendors I spoke with at RSAC, many of whom are using AI to boost partner engagement and loyalty.

SentinelOne, for example, is actively exploring a wide range of AI-based portal enhancements. “How do you give partners real-time access to data about how they’re performing for the customer, customer renewals, customer insights, the pipeline, the deal registrations,” says Brian Lanigan, the company’s senior vice president and global head of partner ecosystem. “How do we give them more visibility to what we’re doing? How do [we help them] understand the health of their business with us and what we expect from them?”

The company’s looking for ways to use AI behind the scenes to accelerate responsiveness as well, he adds. “What can we do on our end, whether it’s with Google Workspace and what we can instrument through the AI capabilities across Gemini and working with NotebookLM and Google Apps Script and those things, that can really streamline how we service our partners?”

Sophos, for its part, is rolling out functionality that lets partners build self-service quotes in natural language via Microsoft Copilot.

“That can happen within seconds, versus oftentimes it takes minutes to hours or a phone call” to get a quote, says Chris Bell (pictured), the vendor’s SVP of global channel, alliances, and corporate development.

The revamped partner program Barracuda rolled out during RSAC similarly features an AI-powered portal offering guided onboarding, automated deal registration, simplified MDF tracking, and more, with AI‑based marketing automation capabilities coming later.

All of that is necessary but not sufficient for Barracuda and software makers like it though, according to Michelle Hodges, the vendor’s senior vice president of global channels and alliances. Yes, she says, AI tools make doing business with Barracuda simpler, but the vendor’s “secret sauce” is and must remain people.

“It’s still two entities that need to create connection, understand what the joint opportunity is, what the sweet spot is to be able to grow,” Hodges says. “We can’t forget about the role of people in partnership programs.”

Bell agrees. The biggest benefit of chatting with AI, he says, is that it frees up time for chatting with humans.

“My whole goal, and this is what I always tell my team, is how can we give sales capacity back so our partners can have more touch with their customers and we can have more touch with our partners,” Bell says. “That human engagement can’t be replaced.”

Live from RSAC

Want to see my podcast co-host and me enjoy a rare moment of serenity at RSAC while discussing AI governance in California sunshine outside the Moscone Center? Tune into the latest episode of MSP Chat, which should go live on Monday. Until then, there are more great (IMO) episodes located here.

What will it take to move the numbers on women in cyber?

Forgive me for leaving this last part until the end as if it doesn’t matter as much as what preceded it, because I think it matters a lot.

An ISC2 blog post published two weeks before RSAC shared details from the association’s most recent Cybersecurity Workforce Study about the role women play in that workforce. As I’ve written before, that role is way too small. Indeed, just 16% of participants in ISC2’s study were women, a number all too consistent with input from survey respondents that 21% of cybersecurity teams are 10% female or less and that 14% of teams have no women at all.

It speaks volumes about how accurate ISC2’s data is that of the 20 people I interviewed at RSAC, precisely one—Barracuda’s Michelle Hodges—was a woman. She’s the one I chose to ask about the gender gap in security and what can be done about it.

“I’m in the latter half of my career, not the last chapter but the latter half of my career, and when you get to this stage you start to reflect on what’s really important to you and what drives you,” she said. For her, getting more women involved in the security industry is a big part of the answer.

“I feel that I have a responsibility to share my experience and also to continue learning from women in cyber and in technology to be able to pay it forward for future generations,” Hodges (pictured left) says.

Working with HR teams and boards to keep women from exiting the workforce is one way she acts on that responsibility. “You might be a carer, you might be a mother, lots of different things, and the environment that you start in might not be conducive to some of them,” Hodges notes. Helping security vendors be more accommodating is a top priority, she says, as is helping women appreciate the existence of career paths in security that fit well for caregivers.

“Particularly if you’re an engineer, you don’t need to leave the workforce because that culture might not be good,” Hodges observes.

Helping men in security be better allies to women is another focus area, she says, noting that some of that work is no more complicated than making men aware of what female colleagues often endure at work.

“We did a roundtable at this breakfast where we had women responding to questions about what is their experience like, and even the most woke of guys was like, ‘Really? That’s your experience?’”

There’s a lot more we all can contribute. Diving into ISC2’s data on the topic is a good place to start.

Also worth noting

• Huntress expanded ID threat detection and response coverage to Google Workspace.

• WatchGuard announced expanded NDR capabilities.

• Cisco announced a security architecture designed to protect the “agentic workforce” by embedding security directly into AI-driven workflows and identities.

• Cisco also introduced DefenseClaw, a new AI-powered security capability aimed at detecting, analyzing, and responding to advanced agentic threats. (Want to guess which one in particular they had in mind when choosing that name?)

• Palo Alto Networks introduced a secure workspace platform designed to help small businesses simplify and strengthen cybersecurity across users, devices, and applications.

• Palo Alto also unveiled a secure browser purpose-built for agentic AI environments.

• CrowdStrike introduced new next-gen SIEM and MDR capabilities, launched Falcon Data Security, and introduced Flex for Services to provide flexible consumption of cybersecurity services.

• SentinelOne introduced new AI-driven security offerings aimed at improving threat detection and response capabilities for defenders.

• SentinelOne and LevelBlue expanded their strategic partnership to deliver AI-powered managed security operations and incident response services.

• Proofpoint introduced a redefined email and data security platform designed to secure the agentic workspace and protect human-centric risks.

• ExtraHop outlined a comprehensive approach to agentic security built around AI asset inventory and real-time observability.

• Snyk launched an agent security solution designed to protect the full AI lifecycle, and announced general availability of its Evo AI SPM platform.

• Nudge Security expanded its platform with AI agent discovery capabilities.

• Mimecast introduced runtime data security technology to provide visibility and control over AI-related data risks.

• Darktrace introduced an AI-native managed email security offering for MSSPs.

• Dell announced expanded cybersecurity and resilience offerings designed to address AI-era threats and emerging risks such as quantum computing.

• HP introduced a range of new security innovations, updated its LaserJet portfolio with enhanced security and digitization capabilities, and highlighted new AI-driven workforce experience platform capabilities.

• HPE announced a new Juniper SRX400 series of firewalls, expanded hybrid mesh firewall capabilities, and more.

• KnowBe4 launched a Phish Alert Button for Microsoft Teams and added AI agents designed to advance human risk management capabilities.

• Gurucul launched an open AI SOC platform designed to reduce vendor lock-in and lower security data costs.

• More evidence that online marketplaces are huge and getting huger: security-focused marketplace operator Sherweb has secured $125 million in investment funding.

• ScalePad has introduced an MCP server that lets your favorite chatbot access client relationship data.

• TD SYNNEX announced that it’s achieved Microsoft’s Frontier distributor designation.

• Sectigo introduced a multi-tenant partner platform to deliver certificate lifecycle management as a managed service.

• TeamViewer unveiled AI-driven TIA reporting designed to provide deeper insights into digital workplace performance and user experience.

• Shianne Sampson is the new CRO at JumpCloud.