Staff Engineering Program Manager

RSAC 2026 proved the industry agrees on the problem - now comes the hard part. Published March 25, 2026 Agentic AI dominated RSAC 2026, but security leaders warn governance is lagging. Here's why discovery isn't enough - and where control must evolve. I spent RSAC 2026 doing what I do every year: walking the floor, talking to vendors, and - more importantly - listening to the security leaders who stopped by the Kiteworks booth. What struck me this year wasn't the volume of announcements. It was the consensus. Vendor after vendor, conversation after conversation, the same word kept surfacing: agents. * Cisco announced MCP policy enforcement and agent discovery. * CrowdStrike launched AI agent discovery across endpoints, SaaS, and cloud. * Palo Alto Networks introduced Prisma AIRS 3.0 to secure the full agentic AI lifecycle. * BeyondTrust rolled out endpoint privilege enforcement for AI coworkers. * The Cloud Security Alliance established an entirely new foundation - CSAI - with a stated mission of securing the agentic control plane. * Even Nvidia weighed in, explaining that its OpenShell runtime enforces constraints at the infrastructure level rather than at the model layer. The industry has arrived at a shared diagnosis. The question that kept coming up in our booth conversations was sharper: Where does governance actually belong? The floor confirmed what our research already showed. When we published the Kiteworks 2026 Data Security, Compliance & Risk Forecast Report last December, the headline finding felt almost too stark: 100% of organizations surveyed have agentic AI on their roadmap. Zero exceptions. Walking the RSAC floor, that number no longer surprises anyone. What surprised the people I spoke with were the numbers underneath it: * Sixty-three percent of organizations cannot enforce purpose limitations on their AI agents. * Sixty percent cannot terminate an agent that's misbehaving. * Fifty-five percent cannot isolate AI systems from their broader networks. These aren't obscure technical gaps - they're the basic containment controls that prevent an autonomous system from exceeding its authorized scope. And yet, 33% of organizations are already planning autonomous workflow agents that act without human approval, with another 24% building decision-making agents that will access sensitive data independently. That's the gap I kept hearing practitioners describe in different words at the booth: we can observe our agents, but we can't stop them. Our Forecast quantifies it as a 15-20 point gap between governance controls (monitoring, human-in-the-loop) and containment controls (purpose-binding, kill switches, network isolation). The industry has invested in watching. It hasn't invested in stopping. Discovery is necessary - it isn't sufficient. Several of the strongest RSAC announcements targeted the discovery problem. Astrix introduced four-method AI agent discovery. CrowdStrike extended shadow AI detection from endpoints to SaaS and cloud. Nudge Security announced AI agent discovery at the point of creation. Snyk launched Agent Security to surface shadow AI across development pipelines. BeyondTrust's Phantom Labs published research showing that most enterprises run shadow AI agents with privileged access invisible to security teams. This matters. You cannot govern what you cannot see. But discovery alone doesn't close the governance gap - it illuminates it. Our Forecast found that shadow AI ranks as a top-five security concern at 23%, yet few organizations have the discovery tools to even identify unauthorized usage. The vendors launching discovery capabilities at RSAC are addressing a real and urgent need. The question is what happens after discovery: once you find the agents, how do you enforce policy on the data they access? That's where the conversations at our booth got specific. CISOs weren't asking whether agents are a risk. They were asking how to govern what agents do with regulated data - across HIPAA, CMMC, PCI, SOX - without building a separate governance stack for every AI platform they adopt. Only 43% of organizations have a centralized AI data gateway today, according to our research. The remaining 57% are fragmented, partial, or flying blind. Several of the CISOs I spoke with described exactly that fragmentation: different controls for different AI tools, no unified audit trail, no way to produce evidence that satisfies an auditor. Audit trails: the infrastructure nobody talks about on stage. Here's something you won't find in the RSAC keynotes: 33% of organizations lack evidence-quality audit trails entirely, and 61% have fragmented logs scattered across disconnected systems. Our research consistently shows that audit trail quality is the single strongest predictor of AI governance maturity. Organizations without audit trails are half as likely to have AI training data recovery, 20 points behind on purpose binding, and 26 points behind on human-in-the-loop controls. The audit trail isn't a compliance artifact. It's the foundation on which the rest of the governance architecture is built. This is what I kept emphasizing at the booth: every AI agent interaction with regulated data needs to be authenticated, policy-governed, encrypted, and logged in a tamper-evident trail that feeds your SIEM - regardless of which model or agent framework is doing the asking. Regulators don't distinguish between a human analyst and an autonomous agent accessing protected health information or controlled unclassified information. The compliance obligation is identical. The evidence standard is identical. And 33% of organizations can't meet it today. The architectural bet: data layer, not model layer. The RSAC announcements revealed a strategic fork in the industry's approach to AI governance. Some vendors are securing at the model or runtime layer - through prompt filtering, agent sandboxing, and behavioral guardrails. Others, including Kiteworks, are enforcing governance at the data layer. Nvidia's description of OpenShell - applying security at the environment level rather than the model or application layer - signals that this architectural principle is gaining traction beyond our own positioning. Our bet is that data-layer governance will prove more durable. Model prompts can be bypassed. Agent runtimes will evolve. But data access controls - identity verification, ABAC policy enforcement, FIPS 140-3 encryption, and tamper-evident audit logging - operate independently of whatever model or framework is making the request. That's why Kiteworks Compliant AI enforces all four checkpoints at the data access layer via the open Model Context Protocol standard, ensuring governance remains consistent regardless of which AI platform an organization adopts today or migrates to tomorrow. The practitioners I spoke with at RSAC understand this intuitively. They're not looking for an AI security product for each AI tool. They're looking for a governed data layer that works across all of them. Third-party AI vendor data handling is the number-one security concern in our research at 30%, yet only 36% have visibility into how partners handle data in AI systems. When the AI platform changes - and it will - the governance must persist. That only works if governance lives at the data layer. What i'm taking home from san francisco. RSAC 2026 confirmed three things. First, the industry has reached consensus that agentic AI governance is an urgent, unsolved problem - the sheer density of agent-focused announcements from Cisco, CrowdStrike, Palo Alto, BeyondTrust, Wiz, and dozens of others makes that unmistakable. Second, discovery and runtime protection are outpacing the foundational infrastructure - audit trails, centralized gateways, and containment controls - that make governance enforceable and auditable. Third, the security leaders I talked with at the booth aren't waiting for the market to sort itself out. They're making architectural decisions now about how AI agents access regulated data, and those decisions will lock in governance models - or governance gaps - for years. The window is open. The question is whether your organization will govern the data before agents make decisions for you. Stay vigilant: the recent Crunchyroll breach shows how attackers exploited a third-party vendor to access millions of user records, reinforcing why supply chain security can't be overlooked. Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday Tim Freestone Tim Freestone, the chief strategy officer at Kiteworks, is a senior leader with more than 17 years of expertise in marketing leadership, brand strategy, and process and organizational optimization. Since joining Kiteworks in 2021, he has played a pivotal role in shaping the global landscape of content governance, compliance, and protection.

BeyondTrust has unveiled new capabilities in its Pathfinder Platform, claiming to offer the industry's first unified solution for securing AI agent identities across endpoints, cloud infrastructure and SaaS platforms. The platform addresses both AI coworkers operating alongside users and autonomous AI workloads executing at scale. The announcement comes as BeyondTrust Phantom Labs research reveals most enterprises run shadow AI agents with privileged access that security teams cannot monitor. The platform provides visibility into AI agent identities, privileges and secrets across platforms including OpenAI, AWS Bedrock, Salesforce Agentforce, ServiceNow and Google Vertex AI. BeyondTrust's CTO Marc Maiffret emphasised that organisations cannot secure agentic identities in isolation, noting these agents are interconnected with human identities, machine accounts and entitlements across environments. The company says machine and AI identities already outnumber human identities in many enterprises.

BeyondTrust wins 2026 Global InfoSec award for Most Innovative Identity Security solution. Mar. 23, 2026, 11:00 AM * Cyber Defense Magazine recognizes BeyondTrust for redefining identity risk discovery with its Identity Security Risk Assessment during RSAC 2026 * Award highlights BeyondTrust leadership in helping organizations uncover hidden Paths to Privilege(TM) before attackers exploit them SAN FRANCISCO, March 23, 2026 (GLOBE NEWSWIRE) - RSAC 2026 - BeyondTrust, the global leader in privilege-centric identity security protecting Paths to Privilege(TM), today announced that Cyber Defense Magazine has named BeyondTrust a winner in the Most Innovative Identity Security category in the 2026 Global InfoSec Awards. "We are honored to receive this recognition from Cyber Defense Magazine," said Sam Elliott, Senior Vice President, Product Management at BeyondTrust. "Identity risk today extends far beyond human users. Organizations must secure service accounts, secrets, and autonomous AI agents operating across hybrid environments. Our Identity Security Risk Assessment gives organizations a fast, practical way to see how attackers can exploit hidden identity relationships across any environment, prioritize the risks that matter most, and take action before a breach occurs." The award recognizes BeyondTrust's Identity Security Risk Assessment (ISRA), a complimentary service that helps organizations quickly understand and reduce identity risk across both human and non-human identities, including service accounts, machine identities, APIs, secrets, and AI agents. "Cyber Defense Magazine is proud to name BeyondTrust a winner in the 2026 Global InfoSec Awards for Most Innovative Identity Security," said Gary S. Miliefsky, Publisher of Cyber Defense Magazine. "BeyondTrust's Identity Security Risk Assessment demonstrates the kind of innovation our judges look for. It delivers meaningful insight into real identity risk, helps organizations identify attack paths before they are exploited, and gives security teams a practical and scalable way to strengthen defenses." As cloud adoption, automation, and AI-driven activity accelerate, most organizations still lack a unified view of how identities, entitlements, service accounts, and secrets connect across environments. BeyondTrust addresses that challenge by giving defenders the context they need to see and remediate identity exposures before they lead to a breach. BeyondTrust's Identity Security Risk Assessment provides organizations with quick visibility into AI agent risk as part of a comprehensive identity security posture analysis. Unlike traditional identity security tools that focus on isolated controls, the assessment is built to reflect how breaches actually unfold, revealing the full identity attack surface and modeling real-world attack paths from an attacker's perspective. By mapping human and non-human identity relationships across Active Directory, cloud identity providers, SaaS platforms, AI agents, and modern automation environments, the assessment shows how adversaries can exploit hidden paths to privilege to reach critical systems. It highlights misconfigurations, excessive permissions, dormant accounts, machine identities, and risky identity relationships that attackers can use for privilege escalation and lateral movement, giving security teams a clear, prioritized view of their most urgent risks. The assessment connects across enterprise identity and AI agent infrastructure in under an hour and delivers findings within 24 hours, including discovery and inventory of AI agents, shadow AI detection, cross-domain privilege path analysis, and risk scoring aligned to MITRE ATT&CK with prescriptive remediation guidance. To learn more about BeyondTrust's Identity Security Risk Assessment, visit: https://www.beyondtrust.com/products/identity-security-insights/assessment. About the Global InfoSec Awards This is Cyber Defense Magazine's thirteenth year of honoring InfoSec innovators from around the globe. The awards recognize startups, early-stage, later-stage, and public companies in the information security space with unique and compelling value propositions. Learn more at www.cyberdefenseawards.com. About the Judging Judges include CISSP, FMDHS, CEH, and other certified security professionals who vote based on their independent review of submitted materials, including data sheets, white papers, product literature, and other market variables. Cyber Defense Magazine maintains a flexible philosophy that seeks out innovative players with new and unique technologies. The judging process focuses on identifying best-of-breed, next-generation InfoSec solutions. About Cyber Defense Magazine Cyber Defense Magazine is the premier source of cybersecurity news and information for InfoSec professionals in business and government. It is managed and published by ethical, honest, passionate information security professionals. Its mission is to share cutting-edge knowledge, real-world stories, and awards covering the best ideas, products, and services in information technology. Learn more at www.cyberdefensemagazine.com. About BeyondTrust BeyondTrust is the global leader in privilege-centric identity security protecting Paths to Privilege(TM). Identity alone doesn't create risk. Privilege does. As human, machine, and AI agent identities explode across every environment, BeyondTrust is the only company built to discover, control, and secure privilege across all of them from a single platform. Trusted by 20,000 customers, including 75 of the Fortune 100, and recognized as a multi-category leader by Gartner, Forrester, and KuppingerCole, BeyondTrust turns identity security from a management problem into a strategic advantage. For BeyondTrust: BeyondTrust Public Relations P: (516)-521-5582 E: [email protected] CDM Media Inquiries: Irene Noser, Marketing Executive E: [email protected] Markets Insider and Business Insider Editorial Teams were not involved in the creation of this post. Sponsored Financial Content