This article was first published in Current Security, May 28, 2026.

After this year's RSA Conference 2026 in San Francisco, one thing is clear: the cybersecurity discussion has quickly shifted from generative AI to autonomous AI agents. In a post-conference look, Margarita Sallinen and Linda Nieminen, information and cybersecurity specialists at Omegapoint, describe how AI agents are changing the way we think about risk, responsibility, and control – and why security work must now adapt to a threat landscape that operates at “machine speed.”.

The RSA Conference is one of the world’s most influential cybersecurity conferences, bringing together tens of thousands of security experts, decision-makers and technology companies in San Francisco each year to discuss the latest developments in cybersecurity, technology and policy. One month after this year’s conference, one thing is particularly clear: in just one year, the cybersecurity discussion has shifted from generative AI to autonomous AI agents. The focus is no longer primarily on the information AI produces, but on the ability of AI agents to make decisions and act on their own, and the opportunities, risks and security challenges that this brings.

A changing risk picture

One of the recurring insights from RSA Conference 2026 was that AI agents represent a fundamental shift in how organizations use artificial intelligence. Unlike generative AI and AI assistants, which primarily generate content or answer questions, AI agents can make decisions, interact with systems, and perform tasks autonomously. This is changing not only how operations are automated, but also how risk, responsibility, and control need to be understood in the cybersecurity space.

One of the conference's memorable quotes came from Jeetu Patel, Chief Product Officer at Cisco, during one of this year's keynotes:

“With chatbots, you worry about getting the wrong answer. With AI agents, you worry about them taking the wrong action.”

The quote captures the essence of the changing risk landscape that characterized much of the discussions at the conference. As organizations have implemented generative AI, the discussion has focused primarily on information leakage, exposure of sensitive data, and lack of control over information flows. But with autonomous AI agents, the risk landscape changes even further. The risks are no longer just about what information the systems process or generate, but about their ability to make decisions and translate these into autonomous actions in real time.

In parallel, threat actors are also beginning to operationalize AI agents for offensive purposes. Attack chains that previously could take days or weeks to execute can now be automated and greatly accelerated, from initial access to lateral movement and impact in a matter of seconds. This creates a threat landscape where traditional manual security processes risk becoming inadequate, and where security measures must increasingly be able to operate at “machine speed,” without continuous human intervention.

A recurring observation during the conference was also how quickly developments are now taking place. Several discussions were characterized by an almost implicit consensus: AI-driven threats have fundamentally changed the cyber threat landscape and continue to develop at a very high rate.

Human responsibility and AI agents

A clear trend at RSA Conference 2026 was how AI agents are challenging traditional identity and access management (IAM) models. Historically, these systems have been designed to manage both human users and machine identities, such as service accounts, applications, and API keys. AI agents, however, introduce a new category of identity: systems with the ability to make decisions, adapt their behavior, and act autonomously in dynamic environments.

Unlike traditional machine identities that follow predefined rules and clearly defined instructions, AI agents can interact with multiple systems simultaneously, interpret context, and perform tasks with a high degree of autonomy. This creates significantly more complex issues around governance, authorization models, and division of responsibilities.

What rights and privileges should an AI agent have? Under what conditions should it be allowed to act autonomously? How is its scope of action limited? And who bears the legal and operational responsibility when an AI agent makes incorrect decisions or causes harm?

Identity and responsibility are no longer solely linked to people or static systems, but also to autonomous actors with a mandate to make their own decisions. This means that identity and access management is also rapidly evolving from a traditional IAM issue to a broader issue of control, governance and security architecture. IAM today needs to include identity management and governance of AI agents.

Protecting AI agents from the outside world

Another key question during RSA Conference 2026 was how organizations should actually protect AI agents from external environments and manipulation.

Unlike traditional systems, AI agents actively interact with their environment. They read emails, summarize documents, retrieve information from web pages, and integrate with external services and data sources. This also exposes them to a whole new type of attack surface, where malicious or manipulated information can influence the agent's decision-making and behavior.

A recurring topic during the conference was the so-called prompt injection, attacks where hidden instructions are embedded in content that the AI agent processes and then interpreted as legitimate commands. When AI agents interact with external environments, the line between data and instructions blurs, creating new security challenges that many organizations still lack established security measures for.

In parallel, concerns remain about data leakage and information control. AI agents are often given extensive access to internal systems and large amounts of business data, while information is often processed through external LLM services that the organization neither owns nor fully controls. The question is therefore not only about what the AI agent can do, but also about where the organization's information actually goes and how it is exposed outside its own environment.

The same message recurred throughout the conference: identity and access management for AI agents, clear governance, and security measures that limit the agents' scope for action have gone from being "nice to have" to basic security measures, i.e. "need to have".

“"Human in the loop", ideal or illusion?

The new AI-driven threats and the changing requirements for identity and access management for AI agents simultaneously raise broader questions about control, responsibility and human involvement. Here the concept of human in the loop frequently during the RSA Conference 2026, the idea of humans monitoring, reviewing and in some cases approving the decisions and actions of AI agents.

In theory, the model appears both reasonable and necessary. In practice, it raises considerably more complex questions. Are there sufficient resources for continuous human monitoring? Is it realistic in large-scale and highly automated environments? And does the concept risk, in some cases, becoming more of an illusion of security than an actual security measure?

Several discussions during the conference were also marked by a clear paradox: while organizations talk about human control, security capabilities, as mentioned earlier, must increasingly be able to act at “machine speed” to meet AI-driven threats. When attacks and defenses occur autonomously and in real time, the question becomes not only whether humans should be involved, but when and at what level human control is actually possible and effective.

A recurring conclusion was therefore that organizations need to take a more realistic view of human involvement in the actions of AI agents. Rather than relying on continuous manual monitoring, the security architecture needs to be based more on clear constraints, segmentation, rules and safeguards that limit the ability of AI agents to cause harm.

The CISO perspective: groundwork is crucial

The discussions in several CISO panels emphasized that the introduction of AI agents cannot be done in isolation from the organization's overall information security work. On the contrary, the development requires a high degree of maturity in governance, risk management and security architecture. Organizations that lack established security frameworks, clear risk processes and functioning incident management will likely find it significantly more difficult to implement AI agents in a secure manner.

At the same time, the challenge is not only about technology and structure, but also about the distribution of responsibilities. A recurring concept during the conference was the so-called responsibility gap, the situation where responsibility for AI-related risks is fragmented between several different functions within the organization.

In practice, this often means that one function is responsible for AI models, another for data pipelines and infrastructure, product teams handle integrations, legal is responsible for compliance issues, and security functions only get involved at a later stage. The result is a fragmented ecosystem where AI initiatives are run in parallel without clear coordination, creating both inefficiencies and significant security risks.

Several CISOs therefore emphasized the need to integrate security, governance, and accountability early in the AI lifecycle, not as an afterthought once the technology has already been implemented in the business.

The way forward

RSA Conference 2026 made it clear that AI agents represent not just a technological shift, but a broad organizational and security transformation. The questions that dominated the conference were fundamentally about risk management, governance and control: who has it, how it is maintained and what happens when it fails.

To meet this development, organizations need to redefine how identities and access are managed, clarify responsibility and ownership around AI initiatives, and integrate security early in the AI lifecycle.

The crucial question is therefore no longer whether AI agents will be used, but whether security efforts can adapt to the pace of technological development. The organizations that succeed are likely to be those that treat security as an enabler of innovation, not as a consequence of it.