Three days into RSA Conference 2026 in San Francisco, the pattern on the exhibition floor is clear. The dominant product category is not endpoint detection, not cloud security posture management, not SIEM in the traditional sense. It is AI agent security: the tools, frameworks, and identity systems needed to govern autonomous software that acts on behalf of humans inside enterprise networks.

This is a mid-conference report based on announcements through Day 3 (March 26). The trend is not subtle.

The Announcements

The vendor announcements cluster around three categories: identity, runtime enforcement, and detection.

Identity — who is the agent? Cisco’s Zero-Trust Access for AI agents, announced at its RSA keynote, extends Duo IAM to register non-human identities, bind them to accountable human owners, and enforce time-bound permissions. The company’s own survey found that 85% of large enterprises are experimenting with AI agents, but only 5% have moved them to production — a gap Cisco attributes directly to identity and access control concerns.

1Password launched Unified Access, an agent security platform built with Anthropic, OpenAI, GitHub, Cursor, and Vercel as launch partners. The core premise: the old model where authority is confirmed once at login and trusted all day falls apart when the same credential might be used by a human employee today and an automation workflow tomorrow. Anthropic will integrate 1Password via Claude Code, Cowork, and the Claude browser extension, according to IT Pro, letting Claude authenticate as though it were a human user.

RSA (the company) expanded its ID Plus product to support AI agent identities alongside Microsoft’s 365 E7 suite. CEO Greg Nelson told Biometric Update: “The rise of AI agents in the enterprise means organizations need to rethink how they secure every identity — human and machine alike.”

Runtime enforcement — what can the agent do? IBM, Auth0, and Yubico announced a hardware-backed “Human-in-the-Loop” framework that requires a physical YubiKey tap from a verified human before an AI agent can execute high-risk actions. The architecture combines IBM WatsonX orchestration with Auth0’s identity flows and Yubico’s hardware-attested credentials to create cryptographic proof that a human approved the action.

Cisco’s DefenseClaw, an open-source framework built on NVIDIA’s OpenShell sandbox, scans AI agents for vulnerabilities and quarantines compromised skills. It ships to GitHub on March 27.

Detection — what is the agent actually doing? Databricks launched Lakewatch, an agentic SIEM that uses AI agents to automate threat detection and triage. The $134 billion company’s formal entry into cybersecurity signals that the data platform layer sees security as a natural expansion — and that incumbent SIEMs like Splunk and Microsoft Sentinel are vulnerable to disruption from companies that already own the customer’s data infrastructure.

Nudge Security added AI agent discovery capabilities, per SecurityWeek’s Day 2 roundup, enabling enterprises to gain visibility over every agent identity operating across their environment.

The Pattern

Every major vendor at RSA 2026 shipped something for the same problem: software that acts autonomously, using credentials that were designed for humans, inside systems that assume human-speed decision-making. The product launches differ in approach, but the underlying diagnosis is shared.

Cisco framed it explicitly. Jeetu Patel, Cisco’s President and CPO, said at the keynote: “AI agents aren’t just making existing work faster; they’re a new workforce of co-workers that dramatically expand what organizations can accomplish.” He added that security teams are “the key to unlocking this opportunity by making the agentic workforce safe enough to trust.”

That framing — agents as co-workers, not tools — is the philosophical shift that explains the volume of product launches this week. When the entity using a credential is a tool, you lock it down with API keys and service accounts. When it is a co-worker with delegated authority to take actions, you need identity management, runtime governance, auditable authorization chains, and the ability to revoke access in real time.

Passwordless authentication is part of this shift. Swissbit previewed face biometric verification with liveness detection on a FIDO2 key at its RSA booth, according to Biometric Update. The rationale: if post-quantum hardware can handle physical and digital access for humans, extending the same hardware-rooted model to AI agents is the next step.

What This Means for the Market

The spending implications are significant. If every enterprise deploying AI agents also needs agent identity management, runtime enforcement, and agent-aware detection, the addressable market for cybersecurity vendors just expanded by the number of agents deployed across the Fortune 500. Cisco’s survey number — 85% experimenting, 5% in production — suggests the conversion wave is still ahead.

The vendors who win this market will be the ones who solve the identity problem first. Detection and runtime enforcement are downstream: you can only govern agents you can see, and you can only see agents you can identify. That is why the biggest announcements this week come from identity-first companies (1Password, Cisco’s Duo, IBM/Auth0/Yubico) rather than pure-play detection vendors.

The SIEM disruption angle adds a second dimension. Databricks entering cybersecurity with an agentic-first SIEM during RSA week is a strategic signal that the detection layer itself is up for grabs. The traditional SIEM model — ingest logs, write rules, alert humans — breaks when the attackers are AI agents moving at machine speed and the defenders need AI agents to keep pace. Lakewatch’s bet is that the company already owning the enterprise’s data lake is best positioned to run security on top of it.

RSA 2026 still has one day left. But the theme is already locked in: the security industry has collectively decided that AI agent governance is a first-class product category, not a feature bolted onto existing tools.