An engineer, a CRO, and a sales rep walk into RSAC. Sounds like the start of a joke, but the punchline is that everyone’s selling the same AI wrapper.
That said, RSAC 2026 was an interesting event, with 44,000 attendees, a packed expo floor, and real energy across the board. There was plenty of substance between the buzzwords, but with 600+ vendors and AI on nearly every banner, the signal-to-noise ratio made it hard to separate what’s real from what’s repackaged.
So we asked three of our team members, each with a very different perspective, to share what actually stood out to them. Here’s what they saw:
Adi Milner, Head of Engineering — AI Is Everywhere, Specialization Is Next
The energy around AI at RSAC was exciting. Everywhere you looked, companies were investing in it, talking about it, and building with it. That’s a good thing. It means the industry is taking AI seriously.
We’re Still Early
But the excitement also revealed something important: we’re still very early. A lot of what I saw on the floor were general-purpose LLMs layered into existing products. These can work for simpler use cases, but they’re just the starting point.
The real opportunity is in what comes next: agentic solutions built around detailed workflows, trained on domain-specific data, and designed to handle the nuance that generic models often miss. That’s where AI goes from “cool demo” to something that actually performs in production. We’re not there as an industry yet, but RSAC made it clear that’s where things are heading.
What This Means for Remediation
This is where it connects back to what we’re doing at Tamnoon. Remediation is one of those problems that demands specialized AI. You can’t just ask a general model to fix a misconfiguration across a complex cloud environment and expect safe, reliable results. It requires models trained on specific tasks, broken into focused workflows, and built on real-world remediation outcomes.
I see Tamnoon as a layer that sits on top of CNAPPs, providing a bird’s-eye view across integrations and improving the value, quality, and noise reduction we deliver. Add our professionals into the mix, and it’s a fundamentally different approach. It was encouraging to see the broader market moving in this direction too.
What Customers Told Us
The customer conversations reinforced all of this. People want specialized AI that knows their environment, code, and context. They can see how LLMs generate fixes, but the moment they need to apply them across hundreds of resources in a complex environment, they fall apart.
They need it at scale. And they want the confidence that comes from having real experts in the loop. That combination, AI plus human oversight, kept coming up. It’s not one or the other. It needs to be both.
Patrick Guay, CRO — The Market Narrative Shifted Again
Over the past three years, I’ve watched the AI story on the RSAC floor change completely. Year one, AI was going to help security teams be more productive and responsive. Year two, agentic AI showed up, and vendors started talking about autonomous systems. This year? AI became a threat.
Shifting From Helper to the Threat
The pitch flipped this year. Companies are now offering AI-powered defenses alongside protection against AI-driven threats, like deepfake-driven social engineering, prompt injection, and model poisoning. These have shifted from theoretical to real attack surfaces, and the vendor floor reflected that.
That’s because these threats have shifted from theoretical to real attack surfaces, and the vendor floor reflected that.
At one point, it felt like the entire narrative went from “AI will save you” to “AI is coming for you” in the span of 12 months. That’s a hard turn for security leaders trying to make smart purchasing decisions.
The research backs this up, too. 37% of 607 vendors on the RSAC floor referenced AI directly in their booth messaging this year. As one attendee put it, “AI fatigue is real. The companies’ customers want to work with those who know who they are and are doing it well, not chasing trends.”
Where Tamnoon Fits
For us, it’s not about AI as a threat, but rather using the best of both worlds.
AI gives us machine speed, the ability to ingest hundreds of thousands of alerts around the clock, find commonality across vulnerabilities, and build remediation initiatives fast. That’s the scale piece.
But AI alone doesn’t provide enough context or certainty to deliver a complete solution. That’s where human oversight comes in. It’s the combination that makes remediation trustworthy, safe, and scalable.
The Real Value of RSAC: The People You Meet Along the Way
Here’s the thing about conferences in the age of AI: they still work because of people. It’s a struggle for security leaders to get straight answers from vendors right now. Everyone’s pitching the same thing in slightly different packaging.
RSAC has always been valuable because it brings security professionals and solution providers together face-to-face. All the AI in the world won’t replace a good conversation. And this year, those conversations mattered more than ever.
Tyler Carr, Enterprise Account Executive — A First-Timer’s Take on RSAC
This was my first RSAC. First time back in San Francisco since I was a kid. The city surprised me, with way more energy than I expected. Early morning runs through Presidio Park and over the Golden Gate Bridge didn’t hurt either.
But walking the expo floor is what really puts things in perspective. The sheer number of vendors makes it clear just how crowded and competitive this space is right now.
Where the Real Conversations Happened
The most valuable part of my week wasn’t the expo floor. It was the time we spent at the Insight ScaleUp Suite having real conversations with teams dealing with real problems.
There weren’t any pitches or booth presentations, just people talking about what’s actually hard in their day-to-day. And the consistency was clear, as the same pain points kept coming up across almost every conversation: alert volume, remediation backlogs, and teams stretched too thin to close the loop alone.
The Click Moment
There were a few moments where it really clicked. People were describing the exact problems we’re solving at Tamnoon without prompting from us.
One team talked about spending more time triaging alerts than actually fixing anything. Another said their remediation backlog just keeps growing, no matter how many people they throw at it.
The Rest of It
It was a fast week. We covered a lot of ground, caught up with people across the industry, and made the most of every day.
Also, if you’re ever in San Francisco, get the butternut squash dumplings at E&O Kitchen. Trust me. Definitely looking forward to going back next year.
Same Conference. Same Conclusion
Three roles. Three very different weeks. But the takeaway was the same: AI is everywhere, most of it is surface-level, and remediation is still the hard part.
That’s exactly why we build the way we do:
- Task-specific models trained on real remediation outcomes.
- Human experts validating every action.
- No wrappers or generic chatbots, but instead, a platform that actually fixes things.
If that sounds like the approach your team needs, we’d rather show you than pitch you.
