The RSAC 2026.
Agentic AI dominated RSAC 2026, but security leaders warn governance is lagging. Here’s why discovery isn’t enough — and where control must evolve.
I spent RSAC 2026 doing what I do every year: walking the floor, talking to vendors, and — more importantly — listening to the security leaders who stopped by the Kiteworks booth.
What struck me this year wasn’t the volume of announcements. It was the consensus. Vendor after vendor, conversation after conversation, the same word kept surfacing: agents.
The industry has arrived at a shared diagnosis. The question that kept coming up in our booth conversations was sharper: Where does governance actually belong?
When we published the Kiteworks 2026 Data Security, Compliance & Risk Forecast Report last December, the headline finding felt almost too stark: 100% of organizations surveyed have agentic AI on their roadmap. Zero exceptions.
Walking the RSAC floor, that number no longer surprises anyone. What surprised the people I spoke with were the numbers underneath it:
These aren’t obscure technical gaps — they’re the basic containment controls that prevent an autonomous system from exceeding its authorized scope. And yet, 33% of organizations are already planning autonomous workflow agents that act without human approval, with another 24% building decision-making agents that will access sensitive data independently.
That’s the gap I kept hearing practitioners describe in different words at the booth: we can observe our agents, but we can’t stop them. Our Forecast quantifies it as a 15–20 point gap between governance controls (monitoring, human-in-the-loop) and containment controls (purpose-binding, kill switches, network isolation).
The industry has invested in watching. It hasn’t invested in stopping.
Several of the strongest RSAC announcements targeted the discovery problem.
Astrix introduced four-method AI agent discovery. CrowdStrike extended shadow AI detection from endpoints to SaaS and cloud. Nudge Security announced AI agent discovery at the point of creation. Snyk launched Agent Security to surface shadow AI across development pipelines. BeyondTrust’s Phantom Labs published research showing that most enterprises run shadow AI agents with privileged access invisible to security teams.
This matters. You cannot govern what you cannot see. But discovery alone doesn’t close the governance gap — it illuminates it.
Our Forecast found that shadow AI ranks as a top-five security concern at 23%, yet few organizations have the discovery tools to even identify unauthorized usage. The vendors launching discovery capabilities at RSAC are addressing a real and urgent need. The question is what happens after discovery: once you find the agents, how do you enforce policy on the data they access?
That’s where the conversations at our booth got specific. CISOs weren’t asking whether agents are a risk. They were asking how to govern what agents do with regulated data — across HIPAA, CMMC, PCI, SOX — without building a separate governance stack for every AI platform they adopt.
Only 43% of organizations have a centralized AI data gateway today, according to our research. The remaining 57% are fragmented, partial, or flying blind. Several of the CISOs I spoke with described exactly that fragmentation: different controls for different AI tools, no unified audit trail, no way to produce evidence that satisfies an auditor.
Here’s something you won’t find in the RSAC keynotes: 33% of organizations lack evidence-quality audit trails entirely, and 61% have fragmented logs scattered across disconnected systems.
Our research consistently shows that audit trail quality is the single strongest predictor of AI governance maturity. Organizations without audit trails are half as likely to have AI training data recovery, 20 points behind on purpose binding, and 26 points behind on human-in-the-loop controls.
The audit trail isn’t a compliance artifact. It’s the foundation on which the rest of the governance architecture is built.
This is what I kept emphasizing at the booth: every AI agent interaction with regulated data needs to be authenticated, policy-governed, encrypted, and logged in a tamper-evident trail that feeds your SIEM — regardless of which model or agent framework is doing the asking.
Regulators don’t distinguish between a human analyst and an autonomous agent accessing protected health information or controlled unclassified information. The compliance obligation is identical. The evidence standard is identical. And 33% of organizations can’t meet it today.
The RSAC announcements revealed a strategic fork in the industry’s approach to AI governance.
Some vendors are securing at the model or runtime layer — through prompt filtering, agent sandboxing, and behavioral guardrails. Others, including Kiteworks, are enforcing governance at the data layer. Nvidia’s description of OpenShell — applying security at the environment level rather than the model or application layer — signals that this architectural principle is gaining traction beyond our own positioning.
Our bet is that data-layer governance will prove more durable. Model prompts can be bypassed. Agent runtimes will evolve. But data access controls — identity verification, ABAC policy enforcement, FIPS 140-3 encryption, and tamper-evident audit logging — operate independently of whatever model or framework is making the request.
That’s why Kiteworks Compliant AI enforces all four checkpoints at the data access layer via the open Model Context Protocol standard, ensuring governance remains consistent regardless of which AI platform an organization adopts today or migrates to tomorrow.
The practitioners I spoke with at RSAC understand this intuitively. They’re not looking for an AI security product for each AI tool. They’re looking for a governed data layer that works across all of them. Third-party AI vendor data handling is the number-one security concern in our research at 30%, yet only 36% have visibility into how partners handle data in AI systems.
When the AI platform changes — and it will — the governance must persist. That only works if governance lives at the data layer.
RSAC 2026 confirmed three things.
First, the industry has reached consensus that agentic AI governance is an urgent, unsolved problem — the sheer density of agent-focused announcements from Cisco, CrowdStrike, Palo Alto, BeyondTrust, Wiz, and dozens of others makes that unmistakable.
Second, discovery and runtime protection are outpacing the foundational infrastructure — audit trails, centralized gateways, and containment controls — that make data readiness and governance for enterprise enforceable and auditable.
Third, the security leaders I talked with at the booth aren’t waiting for the market to sort itself out. They’re making architectural decisions now about how AI agents access regulated data, and those decisions will lock in governance models — or governance gaps — for years.
The window is open. The question is whether your organization will govern the data before agents make decisions for you.
Stay vigilant: the recent Crunchyroll breach shows how attackers exploited a third-party vendor to access millions of user records, reinforcing why supply chain security can’t be overlooked.
Tim Freestone, the chief strategy officer at Kiteworks, is a senior leader with more than 17 years of expertise in marketing leadership, brand strategy, and process and organizational optimization. Since joining Kiteworks in 2021, he has played a pivotal role in shaping the global landscape of content governance, compliance, and protection.
