RSAC 2026: Agentic AI and Non-Human Identity (NHI) Are All the Rage, but What About Quantum?

Last week, RSAC 2026 concluded in San Francisco, attended by nearly 44,000 within the cybersecurity sphere, including 700 speakers and 600 exhibitors. In the cybersecurity space, Artificial Intelligence (AI) is increasingly part of the furniture. While Agentic AI was a leading hot topic at last year’s event, it shared the stage with discussions on Post-Quantum Cryptography (PQC) and the quantum migration, thanks in part to the confirmation of four official PQC algorithms by the National Institute of Standards and Technology (NIST) in the lead up to the event in August 2024. Last year’s RSAC signaled a move beyond Generative Artificial Intelligence (Gen AI) chatbots toward Agentic AI with vendors showcasing how agents can be used to optimize security threat investigations, incident reporting, and vulnerability management.

This year, the pendulum swung toward securing all of those agents via several routes. These included startups with a more exclusively Non-Human Identity (NHI)-orientated security remit (e.g., OASIS Security, WitnessAI, Straiker), vendors from the traditional Identity Access Management (IAM), Identity Governance and Administration (IGA), and Privileged Access Management (PAM) spaces (e.g., Delinea, BeyondTrust, Okta, CyberArk within Palo Alto Networks), data security vendors with Data Security Posture Management (DSPM) solutions extending toward AI security posture management (e.g., Seclore, Netwrix, Varonis), and other cryptographic services providers such as Public Key Infrastructure (PKI) players that are extending their prowess in certificate issuance and lifecycle management to NHI such as AI agents.

However, this year, although Agentic AI retained its center stage spot, strictly quantum discussions seemed to encounter a dip. While leading cryptographic experts and digital trust vendors continue to champion the significance of the quantum transition loudly and proudly at their booths and at events like the Thales PQC Palooza, in particular, emphasizing the importance of starting early with migration to quantum-resistant systems, quantum still struggled to rival the attention showered on AI on the expo floor.

RSAC represents the convening of leading cybersecurity experts and vendors across the Moscone Center, with AI beating out PQC in terms of representation on the conference floor. The overwhelming focus at RSAC this year on topics like Agentic AI and NHI has prompted some vendors to question whether enterprises are deprioritizing quantum within their workflows and strategies. Yet, conversations with enterprises and Small and Medium Businesses (SMBs) before, during, and after the conference paint a different story.

First, cryptography has always struggled, to some degree, to grab and retain the spotlight in cybersecurity. While it is at the core of cybersecurity, as the underpinning invisible layer beneath systems and tooling, it does not receive the same attention as more “visible” technologies like AI, which are often depicted as actively evolving and enhancing operational and enterprise workflows. Further, last year revolved largely around education and awareness-building for enterprises regarding quantum, with many still in the dark on the prospective impact of the advent of a Cryptographically Relevant Quantum Computer (CRQC) and how it would affect their operations specifically. Conversely, due to the efforts of leading cryptographic experts and vendors, most enterprises are moving into the strategy, planning, roadmap, and for those ahead of the curve, deployment of PQC into their systems.

Yet, deploying PQC is a much more complex conversation. As a result, while PQC may not have generated the same traction as AI on the expo floor this year, enterprises are actively engaged in strategizing PQC deployment and testing; roadmap activities that cut through hype.

Overall, while the RSAC floor may represent hundreds of vendors vying for the spotlight, cybersecurity does not require the two markets to be pitted against one another. In fact, a combined approach to AI and PQC innovation is best to ensure optimal security of AI models and agents, and to bolster the effectiveness and efficiency of key quantum readiness steps.

For AI vendors, collaboration with PQC experts is key to securing their workloads and agents, particularly given that those workloads and agents exist as another form of identity within enterprise systems. Given that most identities are crypto-dependent, ensuring quantum resilience should be top of mind. On the cryptography side, vendors are already actively combining AI capabilities with their cryptographic solutions and service offerings in preparation for quantum. This includes using Cryptographic Bill of Materials (CBOM) generation tools trained on AI models to identify potential inventory gaps (e.g., QryptoCyber), confidential computing platforms and cryptographic attestation capabilities for sovereign AI use cases (e.g., Fortanix, NVIDIA), Agentic AI and Natural Language Processing (NLP) integrated into Certificate Lifecycle Management (CLM) offerings to ease certificate management (e.g., DigiCert, AppViewX), PKI used to secure AI workloads, agents, and C2PA use cases (e.g., Entrust, Keyfactor, GlobalSign, Garantir).

However, it is important to note that despite movement forward in the quantum migration within enterprises, the quantum transition is still struggling to break from the perception that the migration to PQC is “just another algorithmic update,” potentially to the detriment of PQC exposure at events like RSAC. Consequently, vendors should continue to promote the notion of PQC as an overhaul to how cryptography has always been done, demanding a reworking of how algorithms are updated and kept up-to-date within enterprise systems by organizations and by vendors. Quantum insists on a dynamic and perpetual migration to new and improved algorithms in the interest of resilience, not a “one and done” shift to new cryptography.