Human vs AI: Debates Shape RSAC 2026 Cybersecurity Trends - Dark Reading

CYBERSECURITY OPERATIONS CYBERSECURITY CAREERS ENDPOINT SECURITY THREAT INTELLIGENCE INTERVIEWS Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know. Human vs AI: Debates Shape RSAC 2026 Cybersecurity Trends As AI dominated RSAC 2026, CISOs and industry leaders debated its role in security, from agentic applications to the challenges of scaling human involvement in decision-making. Alexander Culafi,Kristina Beek April 7, 2026 SOURCE: INFORMA TECHTARGET RSAC 2026 conference kicked off with a whirlwind of insights, debates, and predictions about the future of cybersecurity, with a particular focus on the ever-evolving role of artificial intelligence (AI). On day one, Informa TechTarget’s Jamison Cush and Sabrina Polin hosted a series of thought-provoking discussions with industry leaders, including an interview with Alex Culafi, senior news writer at Dark Reading. Culafi, a seasoned RSAC attendee, shared his observations on the heightened prominence of AI in the cybersecurity landscape and the noticeable absence of government representatives at this year’s event. AI dominated the conversation, as Culafi noted the aggressive push by vendors to market AI-driven solutions, a trend that has only intensified since 2023. From combing through data to acting as automated threat intelligence bots, AI's capabilities have matured, with vendors now touting more ambitious use cases, such as agentic AI systems that aim to augment or even replace traditional security operations centers (SOCs). However, this rapid evolution has sparked debate among security executives, with some questioning the scalability of keeping humans involved in every AI decision — a concept known as "human in the loop." Culafi noted that Vodafone's global CISO, Emma Smith, argued for a shift toward "human on the loop," where AI takes the lead, and humans intervene only when necessary, a stance that raises both opportunities and concerns. Related:RSAC 2026: How AI Is Reshaping Cybersecurity Faster Than Ever Beyond AI, Culafi highlighted key developments in the threat landscape, including the rise of sophisticated supply chain attacks targeting open-source ecosystems and the evolving tactics of ransomware actors. While ransomware payments are trending downward as organizations improve their defenses, data theft remains a significant concern. As the conference unfolds, Culafi's insights set the stage for deeper discussions on the balance between innovation and risk in cybersecurity, making it clear that the industry is at a pivotal crossroads. Live from RSAC 2026: "Human in the Loop" Doesn't Scale: Full Transcript This transcript has been edited for clarity and length by Informa TechTarget's internal AI assistant. For the full experience, please watch the video, above. Jamison Cush: Hello, and welcome as we conclude our live streaming coverage of day one from RSAC Conference 2026. I'm Jamison Cush with Informa TechTarget. And if you missed it earlier, we chatted with thought leaders from WiCyS and from ISACA and Informa TechTarget's cybersecurity expert Sharon Shea. I've also been chatting with the co-host here from the news desk, Informa TechTarget senior managing editor Sabrina Polin. And Sabrina, thank you once again for joining us.  Related:Geopolitics, AI, and Cybersecurity: Insights From RSAC 2026 Sabrina Polin: Absolutely.  JC: And I mean it. It's been a pleasure. And it was also a pleasure chatting with Rob and Jenai. They had a lot of interesting nuggets to share. Was there anything that jumped out?  SP: Totally. Rob and Jenai from ISACA. We were asking them about a recent survey they conducted about AI and you know I asked I was like "Are you scared at all or worried about how crazy the landscape of AI is getting?" And Rob said no. This is the most excited I've been since the advent of the internet, which I thought was just a really cool nugget. Uh, and yeah, I think it's really representative [of] where we're at right now. Things are exciting. Things are changing. Things are going crazy. JC: Yes, things are exciting at the desk because we are joined by a four-time guest, another Informa TechTarget colleague, Dark Reading, senior news writer, Alex Culafi. Alex, thank you for joining us once again. Four times. Alex Culafi: Yes. Saving … I won't say the best for last, but ending on a strong note. Saving the best for the last of day one. Related:RSAC 2026: AI Dominates, But Community Remains Key to Security SP: Very diplomatic way to put it. JC: No. Yeah, absolutely. Absolutely. So, Alex, I just want to give you the floor. I mean, you are I know you have the show floor hasn't opened yet, but you've already attended some sessions and I think you've been pitched a thousand things, I'm sure. So, so what do you expect to happen here at RSAC? What are you seeing from talking to the CISOs and the other smartest people in the world? AC: So, this is my sixth, I think, RSAC conference. I'll start with this. The reason I like going to this conference every year is that it gives me a bit of a pulse on what businesses are thinking about each year, because it's very vendor-heavy. There's still plenty of research, but it's a vendor-heavy conference. So, you get an idea of what people are selling. AI is obviously like at the top of that. I'm sure every conversation you had today, every conversation you're having tomorrow, is going to mention it at some point. This is the most aggressive I've seen AI pushed and sold since, I would say, like 2023, when the products really started coming out. I don't really have an assessment on that other than it was really surprising that like the show floor is not open yet but all the billboards half the sessions a lot more vendors that have AI at the end of their name. And it's crazy because in 2023, 2024, I was like, "Okay, this is the year of AI. What's next year going to be?" And it was AI again, and, it's maybe it's more agentic this year, but it's still AI, again. So, that's the first thing that I would say I noticed. The second thing is that even though the show floor isn't open yet until uh a little later after we're done recording, the absence of government personnel is very noticeable this year. Usually, CISA, FBI and some other folks from the US government have a presence here, but CISA in January announced that they weren't going to be here. Plus, DHS employees furloughed. Kristi Noem had her first and probably last RSAC last year. And it's weird not having a government presence here. And I'm not like going to say I'm like the biggest fan of the government or anything, but it's nice to see the public sector show up because they're such an important part of the security ecosystem. So, I would say those are the two things. AI has been more aggressive, the selling side, than I've ever seen before. And the absence of any government employees is weird. SP: Right. I remember from two years ago, you and I did a little postgame interview, and I said three things you learned from RSA 2024. You said AI, AI, more AI.  JC: It was hyping AI, selling AI, and marketing AI. SP: Oh, okay. Yeah. I repeated this to him last year. Okay.  AC: I think I said both at different points, and I'll tell you I thought I was going to have a different answer this year, and I don't. It's because, you know, okay, uh, in 2023, they started to be like, "Okay, we have products that are related to AI and the security space." 2024, 2025, it's started to get a little more mature. And then 2026, they're talking about the agentic [AI]. They're talking about more ambitious use cases for this stuff and like the selling is a lot more, like I said, prominent. But it's been the same theme for the last four or five years. Even though like people try to say, "Oh, it's the humans this year. It's something else." But it's been AI since AI became a thing as we know AI now. SP: Is there a difference, is there any difference, in the offerings from years past now? Like, is it still kind of surface-level? Are we getting more practical? Is it the change from GenAI to agentic AI? like any themes there or is it kind of just throw an AI at the wall, something will stick? AC: I don't think they're throwing it at the wall. I think the use cases are a lot fancier. So, back in 2023, they were selling it as uh it can comb through your data. It can act as an automated threat intelligence bot. And that is still definitely the case now. It's a lot of combing through data, making human-readable documents for the board. And now with agentics, it's like they're trying to either implement or augment or replace or be the sock all at the same time, depending on who the audience is. And what's also interesting now is that you have, uh, a class of organizations that have started to actually use these products over the over the last few years. So, it's been really interesting to hear the you know sometimes positive, sometimes mixed response. Eric Geller over at Cybersecurity Dive, he just put up something that was talking about the mixed reception uh that some of these early waves of products have had. So, it's a weird space right now. It has matured a lot, but I thought that the sales aspect would fade into the background, but I mean you look at the billboards on the trucks driving by outside, it's AI everywhere. JC: To shift away from AI. I'm sure reluctantly on your part.  AC: You want to talk about the government?  JC: No — I do want to talk [about] the threat landscape though because we talked about this last year and you are highlighting some hypotheticals where there were satellite hacking, there were you know attempts or organizations that could hack you know traffic lights and then the sort of complexities behind that and trying to secure that environment. So how has the threat landscape changed at all since last year? Are we still seeing a lot of the same threats or the same issues, or are there, you know, unique threats because of this emerging AI? AC: I'll give you one scary thing and one cool/good thing.  JC: Exactly what I'm looking for. Okay. AC: The scary thing is that the development environment open-source code has been just it's been brutal out there. You had Shai Hadud and you had Glassworm um targeting the npm and other sort of open-source environments with these very aggressive info stealers that are supply chain attacks not just infecting uh components that are used in development but also downstream the components that that are used in those components. So, the supply chain attacks are nasty. They continue to be. But here's the good thing. Ransomware seems to be broadly speaking on a positive trend. People are paying slightly less often because people are getting better at recovering from ransomware attacks, getting their backups, engaging with their incident response folks, being smart about how they defend their environments. A lot of organizations are still not great at the basics, but there is a lot of promising data that ransomware is moving in the right direction that way. And if you take out the outlier extreme payments, the average and median ransomware payment seem to also be going down over time. So, there are good things happening, but even still, like thread actors don't care as much about encryption as they used to. It's all data theft now. And they're getting, and they're still pretty good at that. SP: So, what's the crazy thing? AC: Oh, the crazy thing is that there are these uh worms, these malware worms infecting the open-source supply chain ecosystem. I'm trying to think. So, it feels like you're challenging me to come up with something cooler.  JC: No, that's okay. SP: No, sorry. That was just, you know, me trying to dig in.  AC: I mean, they're still hacking satellites. I don't know how to top that. JC: That was Bond-villain stuff. Yeah. So, you had written a story I think last week about that the median price or the um the ransomware, it's not as lucrative as a business. So, where are these threat actors moving to? Are they just sort of because of the best practices we're better at recovering from that? So, does that, is that putting now other elements in greater danger, like infrastructure attacks, or are there other sort of is the threat expanding or moving on to more lucrative targets? AC: No, I think the case with threat actors is always the same that they're going to go for the easiest way into environments and on that front, there has been some movement. So, threat actors are still going after vulnerabilities to exploit, and they're still using some of the same old tricks to get in. But we're also seeing a higher incidence of living off the land, of leveraging PowerShell in an organization's own environment, of bringing their own drivers in, of using EDR killers to sort of kill the antivirus on defender systems. Basically, ways to make it easy for them to go quiet because the EDR products are getting better. The antiviruses are getting better. So, they're not using things like Cobalt Strike Beacon as much, which that use is way down. And even Mimikatz is slightly down because antiviruses can just pick that up immediately. So, they're being smarter about not being as loud. And on that same note, like there are positive aspects of ransomware, but data theft is still terrible, and info stealers continue to be aggressive. So, it seems like less of a focus on encryption and more on straight up data stealing is also a thing. JC: So, you were at a session earlier today. I think you have a story going up uh on the session. I just want to touch on this. AC: It's up now, by the way, on Darkreading.com.  JC: There we go. So, it was a panel from threat to strategy, the CISO's playbook for the AI revolution. Sorry to bring it back to AI, but that sounds like a very overarching title. So, what  AC: Oh, no. It's a new title now. Sorry. Uh "CISOs Debate Human Role and AI-Powered Security." JC: So, take us into that debate. AC: I gave you a rough draft. I gave you a preview. JC: What take us into that debate? What is the what is the shift that these CISOs are making um in the sort of the when it comes to AI and security?  AC: So, it was a really interesting panel I ended up in today where it was three security executives. You have Emma Smith who is Vodafone's global CISO. You have Francis deSouza who is Google Cloud's chief operating officer and president of security products, and then you have PayPal senior VP and CISO Shaun Khalfan talking about how to adapt to the AI landscape. So, it was structured as a CISO playbook, but there was one aspect of the discussion that really like stood out to me as a loud siren. And it was actually Vodafone's Emma Smith who was talking, I think she was following up on uh something that the guy from Google said, but she was talking about the idea that human in the loop, this concept that a human should always be involved in AI decisions so that it doesn't hallucinate or make mistakes. She's saying it's not scalable for larger organizations, larger security threats, especially as attackers are starting to use agentic technology for themselves. And she was saying that instead of human in the loop, which is a human being involved at every key decision-making process, that she was advocating for thinking more about human on the loop, which is one of those like gimmicky executive things. But the important part is that you're getting insights from AI and you're stepping in once in a while to make decisions, but deemphasizing stepping in and being there at every turn, which is which is scary. I mean, because it's the idea is letting go of more control to the AI when it feels like we're still hearing about AI-driven security threats constantly. And I understand what he's saying to some degree that threat actors are scaling their TTPs with AI, so defenders might not be able to rely on humans as much to meet that threat. But I don't really trust the state of the technology to be good enough to not have humans in the loop. And that's, you know, I'm a reporter, so maybe I'll learn something over the next couple days and maybe I'll change my mind. But that's that stood out to me as something worth earmarking and then ultimately making the whole article about. SP: Yeah. our previous interview with Rob from ISACA he said something like regarding human in the loop and humans approving decisions that AI you know proposes. He said something like we already don't have enough people to verify and fact check like the work that humans are doing never mind the exponential work that like that AI agents are doing you know and so it's like so like does there is there a point where like we just don't have enough humans to be in the loop as much as we want them to be where it like it's creating more work than if we didn't have the AI agents at all like you know I don't know is there a line there? AC: It's hard to make heads or tails of it because I've I don't want to say I've gotten more cynical over the years, although I definitely have. I would say that I've started to question the things I hear at a vendor convention more. And the thing I can't make heads or tails of is this another piece of everyone selling GenAI so aggressively? Some companies desperately, I'm not saying they are. saying that we're seeing that in various areas of tech. Or is it a real thing? And I don't know I don't know if they're saying we should get humans out of the loop, so people feel they need to spend money on AI. I don't know if they're doing that because thread actors are scaling the technology and there's no other solution. So, I all I can tell you is that AI is getting sold far more bullishly than before. And so that's why I'm questioning things a lot more. But I thought it was worth highlighting as my my day one. JC: Yeah. Day one or day zero? Day one.  SP: Day point five. AC: As my Day point five story because I thought it was an interesting thing that a prominent security executive was saying she was agreeing with the gentleman from Google who was also saying things about how human in the loop doesn't scale. So, it's an interesting time we're in. Yeah. JC: Nice. So, what do you have lined up for the rest of the show? Any interesting sessions or interviews? AC: Mhm. I am talking to ESET and Palo Alto Networks tomorrow. I'm excited about that. I have some more sessions coming up. The one I'm like excited about, I don't know whether or not it'll be a story, but I'm interested to watch it, is one about threat actor attribution. How much it matters but more importantly, how it's way more difficult than maybe even we who are sort of like a surface a little deeper than surface level, but kind of surface level facing the security industry. I think attribution is a very interesting topic because it's like "Oh, this is Salt Typhoon" and that matters but how much does it matter and when there's a threat cluster versus a threat actor what are you describing are you describing a boogeyman or are you describing a pattern of activity and I think that's another interesting thing. That's more like semantics than like something important for us to talk about right now but it's interesting JC: Excellent And we can find your stuff at Dark Reading? AC: Darkreading.com. JC: Excellent. Well, Alex, thank you. Four times. Maybe we'll get you five times for next year. The champion or later this week. We'll get you right before you hop on your plane. AC: Yeah. Wednesday morning, 8 a.m. flight. SP: Yeah, we'll let that slide. We'll get you next year. AC: Thanks, Sabrina. Thanks, Jameson. JC: Thank you for joining us. And again, Sabrina, thank you. And thank you for joining us as we conclude day one. We'll be back for days two, three, and four. So please join us, and until then, please like and subscribe. About the Authors Alexander Culafi Senior News Writer, Dark Reading Alex is an award-winning writer, journalist, and podcast host based in Boston. After cutting his teeth writing for independent gaming publications as a teenager, he graduated from Emerson College in 2016 with a Bachelor of Science in journalism. He has previously been published on VentureFizz, Search Security, Nintendo World Report, and elsewhere. In his spare time, Alex hosts the weekly Nintendo podcast Talk Nintendo Podcast and works on personal writing projects, including two previously self-published science fiction novels. Kristina Beek Associate Editor, Dark Reading Kristina Beek is an associate editor at Dark Reading, where she covers a wide range of cybersecurity topics and spearheads video-related content. She is the creator and host of the Heard It From a CISO video series, where she interviews CISOs, directors, and other industry strategists to provide insights into the ever-evolving cybersecurity landscape. In addition to her editorial work, Kristina manages Dark Reading's social media channels and contributes to the platform's video coverage. Kristina graduated from North Carolina State University in 2021 with a degree in Political Science, concentrating in law and justice, and a minor in English. During her time at NC State, she honed her writing skills by contributing opinion pieces to the university's newspaper. After graduation, she began her career as a content editor before joining Dark Reading. Currently based in Washington, DC, you can find Kristina reading, taking walks in Georgetown, and wandering the museums surrounding the National Mall. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports AI SOC for MDR: The Structural Evolution of Managed Detection and Response How Enterprises Are Developing Secure Applications Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Gartner IGA Voice of the Customer 2026 Access More Research Webinars Identity Maturity Under Pressure: 2026 Findings and How to Catch Up Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN More Webinars You May Also Like CYBERSECURITY OPERATIONS County Pays $600K to Wrongfully Jailed Pen Testers by Nate Nelson, Contributing Writer FEB 02, 2026 CYBERSECURITY OPERATIONS Women Who 'Hacked the Status Quo' Aim to Inspire Security Careers by Elizabeth Montalbano, Contributing Writer JUL 16, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 CYBERSECURITY OPERATIONS Dogged by Trump, Chris Krebs Resigns From SentinelOne by Nate Nelson, Contributing Writer APR 17, 2025 Edge Picks APPLICATION SECURITY AI Agents in Browsers Light on Cybersecurity, Bypass Controls CYBER RISK Browser Extensions Pose Heightened, but Manageable, Security Risks CYBERSECURITY OPERATIONS Video Convos: Agentic AI, Apple, EV Chargers; Cybersecurity Peril Abounds ENDPOINT SECURITY Extension Poisoning Campaign Highlights Gaps in Browser Security Latest Articles in The Edge CYBERSECURITY OPERATIONS RSAC 2026: How AI Is Reshaping Cybersecurity Faster Than Ever APR 7, 2026 CYBER RISK Lies, Damned Lies, and Cybersecurity Metrics APR 7, 2026 CYBER RISK Shadow AI in Healthcare Is Here to Stay APR 6, 2026 DATA PRIVACY Inconsistent Privacy Labels Don't Tell Users What They Are Getting APR 3, 2026 Read More The Edge Want more Dark Reading stories in your Google search results? BLACK HAT ASIA | MARINA BAY SANDS, SINGAPORE Experience cutting-edge cybersecurity insights in this four-day event featuring expert Briefings on the latest research, Arsenal tool demos, a vibrant Business Hall, networking opportunities, and more. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS