Geopolitics, AI, and Cybersecurity: Insights From RSAC 2026

CYBERSECURITY OPERATIONS CYBER RISK CYBERSECURITY CAREERS INTERVIEWS Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know. Geopolitics, AI, and Cybersecurity: Insights From RSAC 2026 AI-driven threats, global leadership shifts, and the future of cybersecurity in a rapidly evolving landscape were among the discussions at RSAC 2026 Conference. Becky Bracken,Kristina Beek April 2, 2026 SOURCE: INFORMA TECHTARGET RSAC 2026 Conference offered a platform to explore the shifting landscape of cybersecurity — where geopolitics, artificial intelligence (AI), and private-sector innovation converged to address emerging threats. In this Eye on Tech interview, Dark Reading senior editor Becky Bracken joins Informa TechTarget (ITT) senior executive editor Jameson Kush and ITT managing editor Sabrina Polin to dissect the critical issues shaping the industry, from the absence of US federal government leadership at the event to the European Union's proactive approach to regulation. Their conversation highlighted the growing influence of international players in filling the leadership vacuum and underscored the urgency of collaboration in an era defined by rapid technological advancements and geopolitical uncertainty. As the cybersecurity community grapples with the transformative impact of AI, the discussion shed light on the practical challenges chief information security officers (CISOs) face in balancing innovation with risk mitigation. Bracken emphasized the increasing pressure on CISOs to navigate boardroom expectations while safeguarding their organizations against vulnerabilities introduced by AI tools. The conversation also explored the broader implications of AI-driven threats, such as adaptive malware and machine-speed attacks, which demand equally sophisticated responses from defenders. These insights painted a vivid picture of the evolving role of cybersecurity professionals in a world where adversaries are leveraging cutting-edge technologies to exploit weaknesses. Related:Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense The interview also ventured into the future of cybersecurity, with predictions about the role of quantum computing and the integration of cyber capabilities into kinetic warfare. Bracken highlighted the need for organizations to prepare for quantum computing's arrival by auditing their encryption standards and developing robust policies. Meanwhile, the European Union's methodical approach to regulation, contrasted with the US administration's minimal stance, sparked debate about the long-term implications for innovation and global partnerships.  As RSAC 2026 drew to a close, Bracken left viewers with a sobering yet hopeful perspective on the resilience and adaptability of the cybersecurity industry in the face of ongoing unprecedented challenges. Live from RSAC 2026: The Geopolitics of Cybersecurity: Full Transcript This transcript has been edited for clarity and length by Informa TechTarget's internal AI assistant. For the full experience, please watch the video, above. Related:How Organizations Can Use Mistakes to Level Up Their Security Programs Jameson Kush: Hello and welcome to day four, our last day of live-streaming coverage from RSAC Conference 2026. I'm Jameson Kush with Informa Tech Target. And if you missed day one, two, three, please check them out at Eye on Tech. We chatted with thought leaders from Wiz, ISACA, and other organizations, as well as the cybersecurity experts from Informa Tech Target covering the show. Please hold that thought. Joining me to once again share in hosting duties here at the desk is Sabrina Polin, senior managing editor, Informa Tech Target. Sabrina, welcome back. Sabrina Polin: Thanks for having me, Jameson. Happy to be here.  JK: We're just about ready to wrap up RSAC Conference, a few more interviews, but what are your thoughts on the show?  SP: I think it's really interesting. This show is definitely about the people. I think everyone we've talked to about security and especially security in the age of AI. We're talking about people — humans in the loop, on the loop, around the loop. It's just been some really interesting conversations. JK: That's right, humans at the desk, which leads us to our guest, another one of those cybersecurity experts from Informa Tech Target, Becky Bracken. She's the senior editor for Dark Reading. Becky, welcome back. Thank you for joining us.  Related:Software Development Practices Help Enterprises Tackle Real-Life Risks Becky Bracken: Thank you so much. Speaking of people, it is so nice to see you guys in person instead of on screens. That's kind of the best part about all of this, huh? It's worth all the effort to get here in front of people. JK: Absolutely. I agree. Well, Becky, I wanted to follow up on the conversation we had last year because there's a lot of interesting stuff happening. I know Kristi Noem, the then-DHS secretary, was here, and there was a lot of anxiety and talk about cuts to CISA and all that. I wonder, how has that played out leading up to the conference this year? BB: Well, it's been a chaotic year. I think that's fair to say. CISA was decimated, I think, by half by DOGE cuts. Experienced technical experts were back in the office, kind of out of their normal environments, and so we were waiting to see what would roll out. Notably this year, no federal government leadership is here at RSA, which is a real departure from years past. Last year we had Kristi Noem, who was a cabinet secretary. The year before we had Anthony Blinken, then Secretary of State, and Alejandro Mayorkas, who was also Kristi Noem’s predecessor at DHS. They really prioritized being able to come here and reach out to the private sector, both for feedback on what they were doing and looking at what they need to be doing. That interaction was really prioritized, it seemed, throughout the federal government. And it wasn't just leadership; it was CISA rank-and-file. It was policymakers. It was a whole cadre of people who used to show up here from the government. This year it didn't happen. Reports from my colleagues at Cybersecurity Dive, Eric Geller, said that once RSAC hired Jen Easterly, who's our former CISA director under the Biden administration, once they hired her into a leadership role, within eight days, the entire slate of presenters from the federal government pulled out, which seems like this would be a time when they would want to be here. We're at war with a known nation state cyber actor. AI is pretty much upturning all of the tables. We've got quantum right around the corner. So there's a lot to talk about what I noticed was that the EU and our European counterparts came in to fill that gap this year, which was very interesting.  It started with Dr. Richard Horn from the UK cyber center. He gave a keynote taking on vibe coding and really talked to the private sector. We know there are use cases there. We know it's going to be part of our future of code generation. However, now is the time to build in those guardrails. We cannot get sloppy with cybersecurity through vibe coding, which I think is right on time. I was also invited to Brussels at the bay, which was EU leadership. We had regulators from the EU who are now working on the EU cyber resiliency legislation, which is slated to go into effect in December 2027. The European Union obviously takes a different perspective on regulation than our current administration does. They're really out there trying to do the work of, again, engaging with the private sector. I thought it was interesting. They positioned this regulation not only on cyber resilience, but there's going to be AI regulation. They view this regulation as just rules of engagement within their borders. They're not looking at this as sort of an American knee-jerk reaction as a way to stifle innovation or they just want to have clear rules in place. They are taking feedback. They're asking for feedback from the private sector. And I think that they have showed up in greater numbers than before in an effort not only to do that, but to forge partnerships where, perhaps, their counterparts in the US government aren't there anymore or are off doing something else. So they seem to be filling in that gap this year. SP: There seems to be a geopolitical subtext here. Have these EU leaders talked about [whether] they're talking to the people in the private sector making those connections. Have they talked about the US administration?  BB: I asked that when I was sitting in the front row. As a journalist, it's my job to ask the uncomfortable questions that everybody would probably not answer right after a lot of "blah blah blah" and all of the politeness. I mean, let's be honest: Trump has made it his business to be in every room, and I understand why people are reluctant to say it. I understand why people are reluctant to engage, and so I asked the EU regulators, "Who are your US counterparts anymore?" The question was, "Are we any longer a reliable partner?" There were three panelists. The head of Europol put his head down, wouldn't answer. Another regulator simply refused to answer. And the third regulator quoted the EU president, who said, "The American people will always be our friends." So we are at a point now where everybody in politics. I learned a million years ago, politicians never want to be the first person to do anything. They want to ride someone else's coattails, which is kind of counterintuitive. You would think they would want to be the guy standing up with the bold ideas. Not so much. And so I really get a sense from the cyber community that everybody's kind of just looking around waiting for someone else to say the thing.  Everybody has to make a calculation in their head about what the administration might or might not do in this sector. And, so, I think their lobbyists are working overtime. I think everybody is just in a very wait-and-see, hunkered down mode when it comes to that.  JK: What's the private sector saying about this? What are CISOs saying about the European Union stepping up into this leadership vacuum? BB: It's pretty similar. CISOs have a practical job. They don't sit and think about legislation necessarily, and they are practically dealing with enough on their plate right now where they don't need to go borrowing political trouble. I think that CISOs are more attuned with what is actually working. SANS, as you know, every year they do their five most threatening attack vectors. All of them were AI-related, which you'd be quick to sort of dismiss those, but they're different. Each one of these threats through AI presents a certain set of problems, a different set of problems, at the same time in their own shops. CISOs are in a really tricky spot right now. CISOs have long advocated that they should be in the boardroom. They should be at those seats because they need to be able to advocate for safety as a spend, as a risk reducer for the business. AI has come along, and now all of a sudden everybody's really interested in the CISO. So the boards are bringing the CISOs in. They're sitting at the table, but the problem is they're being asked to do kind of impossible things because leadership and the bean counter, so to speak, want to bring AI to bear to reduce costs, to boost efficiency, to do these things. Now CISOs want that too. They're in the unfortunate position of trying to say, "OK, how do we do this without introducing risk? How do we do this effectively without blowing everything else up or people sticking things into ChatGPT?" It's an easy one, but that's a real issue. One CISO I heard I was listening to explained how one of the high rankers in the CFO office went and just dumped every P&L piece of information data into ChatGPT, just a quick generator report, which, OK, that's what ChatGPT is for, but these are things that people aren't intentionally trying to put the business at risk. They're trying to use this new tool. So CISOs are constantly balancing these things, and they're really working in the real world. They're running around trying to make sure and trying to involve themselves in these higher-level conversations before the thing happens where a finance person dumps all the information into ChatGPT. So, once again, cybersecurity people are in a position of evangelizing safety, evangelizing why this stuff needs to exist, and how mistakes and security flaws can really hamper a lot of the intended efficiencies. SP: As someone who is neck-deep in this, you talk about this all the time. What's your biggest takeaway from the EU stepping into this leadership role?  BB: I mentioned earlier that the US federal government isn't here. It was announced a couple days ago that under the State Department, they are standing up a new outfit called the Bureau of Emerging Threats. This is going to be state department-based, and they are going to look at the political implications of cyber threats, which with the Iran war makes a lot of sense. Um, so then the question became, well, are they shifting CISA's traditional role over to the State Department? CISA is, in fact, getting ready to hire another 330 plus people after gutting the entire department. I think there's not a lot of clarity of where does the NSA come in, where are all of these functions going to land in the government, which it's probably why it would have been nice if somebody showed up to help us understand that. The government is doing something, and we've heard rumblings since the Trump administration took over that they have a plan. There is a plan. Hold on. It's coming. So I think it's kind of slowly now being locked out. Part of the mandate, though, of this Bureau of Emerging Threats is that there will not be any federal department stood up that focuses on regulating AI. They've made that very clear. They also wanted to make clear that no regulation other than the most minimal of regulations will be placed on AI in order to spark innovation, which we understand innovation, but the age-old debate does tend to go back a few years when Sam Altman himself was like, "We really need regulations on this stuff, but OK." The EU is not afraid of regulation; they have regulators already engaged in processes and are sort of methodically trying to work through what guardrails they're going to put into place. At the beginning of their presentation here, someone said, "Well, in 2018, when we passed GDPR, everyone said it would be the end of the world, and the world is still here." I think that kind of sums up their approach to this. They're not afraid of it, and they're trying to do it right. It will be interesting to see. We have these two very different approaches to see what happens and who really wins at the end of the day. JK: And that's to say nothing of the states that might step up with their own AI regulations.  BB: California. Yes. Yes. Yes. Yes. And you also have the issues surrounding the data center buildout right now. I mean, this is a fluid thing, and everybody is trying to wrap their heads around this moving target. And I can report that I came here, beyond the government stuff, which is its own sort of weird thing, focused on: Tell me what AI is actually doing. Don't tell me what you think it could do. Don't tell me what it would be neat if it would do. I want to know what AI is actually doing.  To my mind, the function that AI can actually generate efficiencies is in automating. You hear a lot of people in the industry talking about machine speed, Internet speed, getting our responses up because our adversaries. as we know. are using AI to attack at machine speed, and so they're just cranking out these attacks as fast as they can in mass. The response needs to do the same. And that is really where this first level of implementation seems to be real right now —  automating those responses, automating detection, and the like. JK: Excellent. I enjoyed asking everybody what they were hoping to see at the show, but since it's almost over, I'm going to ask  what you expect to see in 2026 as we go through the year with the fluid nature of the politics or AI implementations. We'll call it chaos, maybe. What are we going to be talking about next year at RSAC? BB: I think, practically speaking, that we are where we are, and we need to be practical about that and figure out how to work with the administration that's here. That's the overwhelming sense I get. No one is running around lighting their hair on fire. I think we are going to see a lot of cyber being involved in kinetic warfare. I don't think there's any way around it. I think that securing drones is going to be a priority. I think that securing these kinetic systems is going to be a big deal. How much of that is going to bubble up in the private sector is still to be determined, but that is going to be something that people are going to have to think about. Quantum, I think that's closer than maybe people realize. Organizations need to get ready for quantum, they've got to go through and audit every piece of encryption they have, update it to new standards, figure out a policy, figure out where they go. Inevitably I feel like when quantum hits, 60% of the world is going to go. You know, there's not that many people who have the luxury of prioritizing such a huge thing.  I think quantum is right around the corner, and that's the sense I get, but it's not like AI is not going to save anybody any money. It's not going to do anything tricky. It's just kind of one of those boring costs of doing business that people are going to think about. And again, when it comes to AI, I don't think there's any question that our adversaries are getting really good at it. It's still in the social engineering realm. They are still primarily using it to send really good phishing emails and the like and blast them out, which is dangerous in and of itself. But I think that in the next year, you are going to see there are already a few cases of it where adversaries are using AI to make malware that can change on the fly, which is incredibly scary. What does that mean? That means a piece of malware will go into your system, find a detection, find a block, reconnect itself so it can go another route. So you have this piece of malware that is tasked and thinking on its own against your systems. That's going to be scary, and definitely tremendous work is being done on that now. But I think from the automation and the blasting emails, that's our next our next step. JK: Excellent. Well, thank you for the insights and, if you can come back next year, we'll hold you to those predictions discuss them. Well, thank you, Becky. Sobering thoughts. BB: Well, interesting times. Again, I want to leave you with the idea that the cybersecurity industry is used to this. They have been in this position before. They will be in this position again. And nobody is better at going out and making the case for safety and security than the people in this industry. JK: I think I've heard you refer to them as the smartest people. BB: They're the smartest. The thing I love the most about my job is talking to the smartest people around. And, so, everything's going to be OK. AI is not taking everybody's job. The sky is not falling, but there are, as you say, serious and sobering things that we need to think about. And this is where it's happening.  JK: Excellent. Perfect. What a great way to end. Thank you, Becky. Thank you, guys. And thank you, Sabrina. And thank you. Please check out the rest of our conversations at Eye on Tech. Until then, please like and subscribe. About the Authors Becky Bracken Senior Editor, Dark Reading Becky Bracken is a senior editor with Dark Reading who brings decades of journalism experience across, radio, print, online and video channels. Becky lends her particular voice and cybersecurity expertise to the Dark Reading Confidential podcast as the host and producer, and moderates the Dark Reading editorial webinars. In addition, she oversees the site's Commentary section, hosts Dark Reading's Black Hat News Desk, and contributes regularly as a writer and reporter. Prior to joining Dark Reading, Becky covered cybersecurity and hosted webinars for Threatpost. Other national media outlets she has contributed to include PBS, SheKnows, Complex, and more.  Kristina Beek Associate Editor, Dark Reading Kristina Beek is an associate editor at Dark Reading, where she covers a wide range of cybersecurity topics and spearheads video-related content. She is the creator and host of the Heard It From a CISO video series, where she interviews CISOs, directors, and other industry strategists to provide insights into the ever-evolving cybersecurity landscape. In addition to her editorial work, Kristina manages Dark Reading's social media channels and contributes to the platform's video coverage. Kristina graduated from North Carolina State University in 2021 with a degree in Political Science, concentrating in law and justice, and a minor in English. During her time at NC State, she honed her writing skills by contributing opinion pieces to the university's newspaper. After graduation, she began her career as a content editor before joining Dark Reading. Currently based in Washington, DC, you can find Kristina reading, taking walks in Georgetown, and wandering the museums surrounding the National Mall. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Cybersecurity Forecast 2026 The ROI of AI in Security ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like CYBERSECURITY OPERATIONS Cyberattacks Likely Part of Military Operation in Venezuela by Robert Lemos, Contributing Writer JAN 07, 2026 CYBERSECURITY OPERATIONS Contrarians No More: AI Skepticism Is on the Rise by Rob Wright DEC 31, 2025 CYBERSECURITY OPERATIONS Prep is Underway, But 2026 FIFA World Cup Poses Significant Cyber Challenges by Robert Lemos, Contributing Writer SEP 26, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 Edge Picks APPLICATION SECURITY AI Agents in Browsers Light on Cybersecurity, Bypass Controls CYBER RISK Browser Extensions Pose Heightened, but Manageable, Security Risks CYBERSECURITY OPERATIONS Video Convos: Agentic AI, Apple, EV Chargers; Cybersecurity Peril Abounds ENDPOINT SECURITY Extension Poisoning Campaign Highlights Gaps in Browser Security Latest Articles in The Edge CYBERSECURITY OPERATIONS Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense APR 1, 2026 CYBERSECURITY ANALYTICS Are We Training AI Too Late? APR 1, 2026 VULNERABILITIES & THREATS Automotive Cybersecurity Threats Grow in Era of Connected, Autonomous Vehicles MAR 26, 2026 CYBERSECURITY OPERATIONS How Organizations Can Use Mistakes to Level Up Their Security Programs MAR 26, 2026 Read More The Edge Want more Dark Reading stories in your Google search results? BLACK HAT ASIA | MARINA BAY SANDS, SINGAPORE Experience cutting-edge cybersecurity insights in this four-day event featuring expert Briefings on the latest research, Arsenal tool demos, a vibrant Business Hall, networking opportunities, and more. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS