Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

One man’s perspective on RSA 2026 and what the AI agent security market actually looks like up close. Every year at RSA, there's a theme, not the official one printed on the lanyards, but the real one. The one that shows up in every booth conversation, every hallway argument, every dinner where people finally say what they wouldn't say on a panel. A few years back, it was cloud. Then zero trust took over and held the room for a while. XDR came through and confused everyone. Identity had its moment.

Conversations at RSA 2026 circled back to the same topic: identity is the foundation of AI agent security. While it’s understandable, it’s the wrong way to look at things. Identity tells you who showed up. It says nothing about whether what they did made sense.

Cisco polled its major enterprise customers before RSA 2026 and found something astounding. 85% of large enterprises are experimenting with AI agents. Only 5% have moved them into production. That's not a technology gap. The models work. The tools exist. The 80-point spread between experimentation and production is a governance gap. It's also a context gap.

Organisations deploying agents face a challenge: the predominant AI frameworks most organisations rely on do not explicitly address agentic AI. This is true for the big three: ISO 42001, NIST's AI Risk Management Framework (RMF), and the EU AI Act.

Fresh off two weeks of back-to-back meetings in Washington, DC, and on the floor/in the wings of the RSA Conference, one theme echoed through nearly every conversation I had with senior government officials and public policy leaders from global technology companies: agentic AI security is the defining emerging security challenge of this moment — and policy is not keeping pace.

I am no stranger to conferences, and certainly no stranger to security conferences. Over the years, BlackHat and DEFCON have both become staples of my calendar. But this year brought a new one to the list: RSA, and it truly lived up to the hype. The show floor was full of bright lights, fancy booths, and yes, tattoos, if you knew where to find them.

As agents take on more responsibility, they also introduce a new class of security challenges, ones that traditional tools weren’t built to handle. This is why Zenity and ServiceNow have partnered to bring end-to-end agent security directly into ServiceNow SecOps, where security teams already operate.

AI agent adoption and development are evolving quickly. The tooling used to build agents is improving fast, but the security controls around those agents are often rigid, opaque, or difficult to adapt to real environments. As more teams experiment with OpenClaw, one challenge becomes clear: developers need ways to inspect what agents are doing, evaluate risky behavior, and intervene when necessary.

AI agent risk doesn’t emerge in a single moment. It develops over time across configuration changes, runtime behavior, long-horizon tasks, and interactions between agents, users, and enterprise systems. Their behavior and exposure can shift in real time as agents rewrite instructions, update memory, and dynamically alter execution.

How the integration works: Zenity integrates with the Foundry control plane to inspect agent behavior and enforce security policies inline at runtime. Over the past year, Microsoft Foundry has emerged as a cornerstone for enterprises building and deploying homegrown agents at scale. Organizations across industries are using Foundry to move beyond experimentation and into production, creating AI agents that can reason, invoke tools, access enterprise data, and automate complex workflows.