RSAC represents the largest meeting of cybersecurity minds, pulling together innovators in digital security, cyber experts, and industry leaders across verticals in San Francisco annually, this year at the end of March. Across the 600 exhibitors expected in attendance, as well as the hundreds of track sessions and speakers lined up, ABI Research has picked out four predictions across digital security to watch at RSAC 2026.

1. Explosion of Non-Human Identity and Agentic AI Opens Up New Opportunities

The topic of digital identity was pervasive across the conference floor at RSAC 2025 and is expected to retain its popularity this year, especially when considered in conjunction with Agentic Artificial Intelligence (AI) and the continued proliferation of non-human identities, with machine identities now vastly outpacing their human counterparts within digital traffic. The specific features and capabilities of machines and AI agents demand non-human-oriented access control and identity management solutions to match these idiosyncrasies. Non-human identities bring new challenges for securitization due to the sheer scale of machine identities within enterprise systems, the decentralization of those identities (often lacking corresponding human identities) across enterprise environments, and the dynamism of machines and agents with regard to workflow when compared to humans, lacking the same consistency of “logins” associated with traditional identity access management. AI agents further blur the lines between human and non-human identities, incorporating features of both, with excessive use and potential abuse of agency a key concern in this regard.

Identity management and cryptographic controls are one piece of the puzzle here, with vendors like CyberArk, DigiCert, Sectigo, GlobalSign, Defakto, and Delinea all offering solutions to secure machine identity and Public Key Infrastructure (PKI)-Internet of Things (IoT). Additionally, with Non-Human Identities (NHI) and agents demanding continuous authentication processes that correspond with the dynamism of their operations, more and more vendors are expected to exhibit AI-enhanced security capabilities to simplify and streamline the securitization of AI agents, including Fortanix with Armet AI, and Xeris, which uses “super agents” to combat Shadow AI. Newer vendors that are emerging in the market will also be attending, including Operant AI, Opti, and Tego AI, alongside threat detection and response vendors, with specialized offerings for the Agentic AI market, including AiStrike, HiddenLayer, and SurePath AI.

2. Quantum Is Accelerating the “Shift Left” Within Data Security and Secrets Management

Cryptographic sprawl within organizations is not a new issue, but it is one that has been largely ignored until now. However, the prospect of a quantum computer as soon as 2030, accompanied by an accumulating list of national and sector-specific quantum migration guidelines and plans, has prompted enterprises to look inward, at their own cryptographic inventories, in order to prepare for “quantum readiness” or resilience. The first stage of all national or sectoral guidance regarding quantum resilience is to look “left” of system operations, demanding discovery, inventory, and classification of assets within enterprise environments, in line with the now oft-repeated adage in Post-Quantum Cryptography (PQC) circles that “you cannot secure what you cannot see.”

Consequently, while certificate discovery and lifecycle management tools have been in the spotlight the last couple of years, broader crypto asset discovery and inventory platforms that go beyond certifications, to provide algorithm metadata and business-specific recommendations for quantum upgrades regarding cryptographic assets, are expected to take center stage this year.

As algorithm switching and secrets, key, and certificate rotation gears up to become the norm in cryptographic security, with cryptographers increasingly characterizing the quantum “migration” as not one migration but a cultural shift toward continuous algorithm update cycles and remediation, crypto lifecycle management is a necessary next step in the discovery process. This, in turn, is prompting the conception of a new submarket: cryptographic posture management. Enterprise customers looking to expand or improve upon their current discovery, inventory, and broader cryptographic posture management should seek out vendors like Qinsight, QryptoCyber, SandboxAQ, and QuSecure, as well as vendors expanding into the posture management space from other more traditional markets, including Keyfactor, which made its play in the posture management space last year, combining this with its existing PKI and Certificate Lifecycle Management (CLM) capabilities.

3. Emphasis on Government Policy as a Critical Facet of Cybersecurity Is Growing

The year 2025 was a paradigmatic one for illustrating not only the dependency of the security market on the newest regulatory demands and legislative developments, but also on government policies and the practical implications of international state-to-state relations across the cybersecurity market. State-to-state tensions threatened various security segments, chiefly the semiconductor market, while increasing protectionist tendencies have injected a fresh wave of customer interest in sovereign cloud and sovereign AI offerings. Various sessions are dedicated to unpacking the role of geopolitical tensions, state-to-state competition regarding technological innovations, and the continuing increase of cyberwarfare and crime, so RSAC is expected to showcase that cybersecurity is now, more than ever, a part of national government strategy. In turn, vendors that offer solutions catered to supply chain resilience and to sovereignty will be crucial contact points on the convention floor to help enterprises understand the business and operational risks that come with the ceaseless politicization of security.

4. The Challenge of Operationalizing Cyber Regulation, Standards, and Guidance Continues

Roadmaps, guidelines, regulations, and standards prescribing a shift toward crypto-agility, quantum readiness, and an integration of PQC continue to stack up as the prospect of Q-day looms on the horizon. While last year was largely focused on understanding the threat and the first steps needed, this year is expected to be more focused on addressing the practical operationalization of existing quantum-related guidance and addressing the real-world obstacles to integrating PQC into Information Technology (IT) and Operational Technology (OT) environments.

Vendors offering practical ways to assess quantum risk, including risk-scoring mechanisms and custom-made quantum roadmaps are likely to see a lot of booth footfall. This includes vendors like Thales, which is set on hosting another installation of its Post-Quantum Palooza; Entrust, which offers PQC readiness assessments and roadmap guidance via its Cryptographic Center of Excellence; and thought leaders in this space like IBM. And, of course, vendors at the edge of innovation when it comes to PQC, Quantum Random Number Generation (QRNG), and Quantum Key Distribution (QKD) will be out in full force, including PQShield, QuintessenceLabs, pQCee, and PQ Security.

Conclusion

RSAC 2026 is expected to be as packed as ever with security expertise and experts ready to share it. If you are attending,  reach out today to schedule a conversation with me about the top trends and challenges your organization is prioritizing in cybersecurity.