Tactical Answers for the Agentic Era: Our RSAC 2026 Takeaways

Every person who left RSAC 2026 this year with the same realization: the "Year of the AI Agent" has officially arrived. And they're all kind of sick of it already. We’re kidding, but the onset of this new era introduces a new reality. 

A few weeks ago, we published a guide on the 3 Critical Questions for Security Leaders at RSAC 2026. We challenged the industry to look past the shiny objects on the expo floor and confront the architectural shifts required to survive an agentic workforce.

Now that we’re all back and (mostly) unpacked, it’s time to revisit those questions and see what we learned. For security leaders across the world, the answers aren't just tactical - they are the new baseline for data sovereignty.

1. If your AI agents have "Identity," who owns the data they access?

The Question We Posed: In our pre-RSA briefing, we noted that when an autonomous agent plans and executes a task, it often inherits or assumes the broad permissions of a service account. We asked: Who truly owns that data once an agent consumes it?

What We Learned: The "Agentic Identity" is a new primary attack surface. RSAC 2026 confirmed that traditional Identity & Access Management (IAM) is too blunt an instrument for autonomous workflows. If configured improperly, agents effectively become "bad actors" with legitimate credentials. The efficiency gains of an AI workforce are quickly negated the moment an agent "hallucinates" or shares sensitive proprietary information it was never meant to ingest.

Confidencial Insight: Data-centric Zero Trust via selective encryption is the only way to ensure agents don’t overreach. By embedding protection directly into the metadata of the data itself, you ensure that even an "authorized" agent can see only the specific fields it needs to perform its job. 

2. How are you shrinking the "Blast Radius" in a borderless data economy?

The Question We Posed: In our pre-conference brief, we looked at the "Data Economy" - where enterprise information moves fluidly between the cloud, third-party LLMs, and external partners. We asked: If a single credential or agent is compromised, how much of your data is at risk?

What We Learned: While the specific term "Blast Radius" may not have been as prominent as we thought, the underlying anxiety certainly was. We observed a significant shift in how \ security leaders view their ecosystem. The primary concern has moved from "Is my network secure?" to "Is my data secure when it lives on my vendor's network?"

Conversations around supply chain security and third-party risk management (TPRM) were ever-present in the expo hall. Organizations are thinking along the right lines: they realize that a breach of a trusted partner or a customer-facing AI agent shouldn't result in a total compromise of their proprietary information. The "Blast Radius" is the technical reality of these business relationships, and leaders are looking for ways to contain it.

Confidencial Insight: We advocate for data-level security as the primary way to manage these borderless risks. By using Selective Encryption, a breach of one system, or even one of your vendors, doesn't result in a total data giveaway.

When security is attached directly to the data, the blast radius is confined to that specific object. Even if a partner or supplier is breached, they may have the file, but the sensitive information remains cryptographically obscured and useless to unauthorized eyes.

3. Is Your "Data in Use" Actually Secure, or Just Obscured?

The Question We Posed: In our pre-RSA briefing, we highlighted a critical architectural flaw: data is at its most vulnerable when it is being processed. Standard encryption handles data at rest and in transit, but most AI tools still require raw data to be "unlocked" to function. We asked: How are companies closing this exposure window?

What We Learned: Silence. While the expo floors were crowded with "AI-Ready" labels, the conversation around securing Data in Use was notably absent. Why? Because for most of the industry, this is an unsolved problem.

RSAC 2026 confirmed that to achieve true data sovereignty, protection must persist during computation. The "Answer" we found on the floor is that the industry is still stuck on a two-thirds solution. They can protect the data while it sits and while it moves, but the moment an AI agent "reads" it to perform a task, the "crown jewels" are exposed. This gap is where the next generation of catastrophic breaches will occur.

Confidencial Insight: We are taking a contrarian stand because the stakes are too high for half-measures. Confidencial is the only platform that ensures your data is secure in transit, at rest, and, most importantly, in use. Through selective data-level controls, organizations can finally unlock the value of their datasets without ever exposing the raw information to the underlying LLM or Agent. You can experience the full benefits of AI innovation—speed, scale, and sophistication—without the fear of exposing sensitive information during the active processing phase. We don't just obscure the data; we ensure it stays encrypted while it works.

Turning Questions into Strategy

The transition from pre-RSA questions to post-RSA answers reveals a stark truth: the industry is thinking along the right lines regarding identity and supply chain risk, but it is still blind to the vulnerability of data in use. The "Answer" we found at RSA is that you cannot wait for the industry to catch up. You must protect the data itself.

Ready to see the only solution that secures Data in Use? Book a demo with Confidencial.io and lead the shift to active data defense.