The RSA Conference 2026 is over.
But the need for cybersecurity to reduce enterprise risk is an ever-present concern.
So, let’s revisit some of the conversations from the Decoding RSAC & Driving Strategy analyst event that Bospar hosted last month at RSAC in San Francisco while they’re fresh in our minds.
Jarad Carleton, global research director of the cybersecurity program at Frost & Sullivan
At the gathering of leading analysts, Carleton noted the importance of the reduction of risk, which is a growing concern as the threat landscape continues to accelerate with the use of AI.
Yet despite the risks that AI represents, Carleton added, organizations are encouraging their employees to experiment with AI to find out how it can accelerate their work processes.
“You have people setting up things like Mac minis, plugging it into the corporate network,” he explained. “They’ve got OpenClaw on there, which as it turns out is something really interesting. Some people are saying it’s the closest they’ve gotten to a Star Trek computer so far.”
But, the cybersecurity analyst added: “On the other side, people are saying ‘Yeah, and it’s the greatest tool that you could give to a cyber adversary because once they get a toehold in, they can go to the OpenClaw instance, have it collect [data from] whatever it’s connected to in the organization and feed it out to [those adversaries] without any additional effort.’”
Adam Etherington, leader of the global cybersecurity intelligence and advisory team at Omdia
Cybersecurity analyst Etherington talked about the expectation and execution gaps with AI.
CISOs know they need to enable business innovation with applications, he noted, but they’re not sure they can get there fast enough because they’re unwilling to take on more risk to drive that innovation. “That’s why I think we’re seeing such a huge proliferation in the number of tools… because everyone’s kind of throwing things [at the wall] and hoping that something sticks.”
He said identity and data were other huge topics at his RSAC meetings. “Probably half my meetings with vendors have been about tools that could do really cool things [with] observability,” he said, including showing where NHI threats are and how they tie to the cloud.
The Omdia analyst also shared his surprise to learn that organizations in heavily-regulated sectors are advancing agentic AI the fastest. He explained that’s because such organizations’ policies and operating functions are codified to meet regulatory standards. That narrows the execution gap, he added, but CISOs still need the funds to secure the innovation engine.
Hollie Hennessy, OT/IoT cybersecurity lead at Omdia by Informa TechTarget
Omdia’s Hennessy talked about the value and traction of things like secure remote access and microsegmentation to mitigate risk in OT. She said that’s being driven by business goals in manufacturing, industrial, healthcare and multiple critical national infrastructure environments.
Ketaki Borade, senior analyst, infrastructure security at Omdia
In other cybersecurity analyst insights shared at the Bospar analyst relations event, Borade of Omdia noted that sovereignty was a recurring theme at RSA this year, adding that organizations today need to make sure their data is under their control and in the right place.
Todd Thiemann and Andrew Braunberg, principal analysts at Omdia
Thiemann mentioned that his table at Bospar’s analyst relations event was discussing the security implications of AI agents in terms of data security, identity security and the many different layers that make up a complete solution for enterprises wanting to control the risk related to AI agents. Braunberg added that participants at the AR event were talking about enterprise use of generative AI.
At a time when the AI threat landscape for enterprise security teams is rapidly expanding and evolving, Bospar was thrilled to bring together our analyst friendlies from around the world with our clients and other companies to discuss RSAC 2026 analyst perspectives on AI security.
