Skip to content
Chimera readability score 0.5271 out of 100, reading level.

As hundreds of vendors descend on San Francisco for the RSAC 2026 Conference, the sheer volume of news can be overwhelming. To help you navigate the noise, SecurityWeek is providing a daily digest of the most significant announcements.
Below is our curated roundup of the essential product and service updates from the days leading up to the event.
1Password launches unified access platform to help companies securely deploy AI agents
1Password announced 1Password Unified Access, a new agent security platform that enables organizations to securely deploy AI agents and automated workflows without losing control of credentials, secrets, and machine identities. Unified Access gives AI builders the ability to discover, secure, and audit access at the moment it occurs. At launch, 1Password is collaborating with Anthropic, Cursor, GitHub, Perplexity, and Vercel, as well as other category leaders in AI infrastructure, AI developer tools, MCP gateways, and AI browsers.
Action1 adds integrations with Rapid7, Tenable, CrowdStrike, and Microsoft
Action1 has announced new integrations between its endpoint management platform and four major vulnerability management and endpoint security tools from Rapid7, Tenable, CrowdStrike, and Microsoft. Each integration correlates vulnerability scan data from the respective platform with Action1’s endpoint inventory and automated patching capabilities. Additionally, Action1 introduced a universal vulnerability data ingestion feature that accepts exported scan data from any vulnerability management tool.
Arcjet adds prompt injection detection to its application-layer security platform
Arcjet has released a prompt injection protection capability that inspects and blocks malicious prompts before they reach AI models. Rather than relying on the model itself to resist adversarial input, enforcement happens earlier in the request path, where full application context (such as identity, session state, and routing) is available. The feature integrates with Arcjet’s existing controls, including bot detection, rate limiting, and sensitive information detection.
Bonfy launches data security platform for AI agents and enterprise GenAI workflows
Bonfy has released Adaptive Content Security (ACS) 2.0, a platform designed to monitor and control how sensitive data is accessed and handled by AI agents, copilots, and unsanctioned AI tools. It covers a broad range of systems (Microsoft 365, Google Workspace, Salesforce, Slack, AWS S3, and on-premises file stores) and introduces an MCP server interface that allows AI agents to label and risk-score content before it reaches external services. A browser extension provides real-time inspection of web traffic to detect shadow AI usage. The platform also adds a ‘data surface visibility’ view that maps where sensitive content resides across an organization’s data stores and tracks how employees and agents interact with it.
Booz Allen Hamilton launches Vellox AI-native cyber defense suite
Booz Allen Hamilton launched Vellox, a suite of five AI-native cybersecurity tools covering malware analysis, detection engineering, adversary emulation, compliance monitoring, and autonomous remediation. Vellox Reverser (generally available) automates malware reverse engineering to produce defensive recommendations; Vellox Ranger (limited preview) autonomously maps customer environments to generate tailored detection logic; and Vellox Striker (limited preview) emulates AI-powered attackers to stress-test defenses. Vellox Navigator (real-time compliance monitoring) and Vellox Responder (autonomous remediation across cloud and infrastructure) are announced but not yet available.
Cobalt expands its offensive security platform with new AI capabilities and managed program service
Cobalt announced two additions to its Offensive Security Platform: new AI-driven pentesting capabilities and a Security Program Manager service. On the AI side, the platform now automates reconnaissance, vulnerability discovery, credential validation, and finding deduplication. The Security Program Manager is a dedicated human expert who handles scheduling, remediation tracking, and asset inventory management for enterprise-scale pentesting programs, and produces executive-ready reporting from technical findings.
Druva launches Identity Resilience to cover Okta, Active Directory, and Entra ID
Druva Identity Resilience extends the company’s data security platform to include identity protection and recovery across Okta, Microsoft Active Directory, and Microsoft Entra ID in a single SaaS platform. Rather than treating identity as a static list of directory objects, the platform models it as a continuously evolving state (tracking how permissions, relationships, and non-human identities change over time) to help teams reconstruct what happened during an incident and restore access to a known-good state.
Entro Security adds AI agent governance to identity platform
Entro Security has launched Agentic Governance & Administration (AGA), a new module that extends identity governance principles to AI agents and the non-human identities they use. AGA builds a profile for each agent by correlating its sources (endpoint telemetry, agent foundries, cloud environments, MCP servers), the enterprise assets it accesses, and the identities it relies on. It also provides MCP activity monitoring and policy enforcement.
Graylog adds threat prioritization, automated investigations, and MCP server to SIEM
Graylog announced three new capabilities for its SIEM platform. A threat prioritization engine groups related alerts using entity context, asset criticality, vulnerability data, and threat campaign intelligence to surface high-priority incidents and suppress noise. Context-aware incident response workflows automate evidence collection and generate AI-driven step-by-step response recommendations. An open MCP server connects compatible LLMs to Graylog security data, enabling natural-language queries and agentic workflows such as automated triage, MITRE ATT&CK coverage mapping, and false-positive analysis.
Huntress adds endpoint and identity security posture management to platform
Huntress has launched Managed Endpoint Security Posture Management (ESPM) and Managed Identity Security Posture Management (ISPM) as new additions to its platform. Managed ESPM controls which applications can run on endpoints, integrates with Microsoft Defender for Endpoint for vulnerability prioritization and remediation, and generates compliance-ready reports. Managed ISPM applies expert-built policies to Microsoft 365, continuously checks for misconfigurations, and automatically rolls back unauthorized changes within minutes. Both products are currently in Early Access, with general availability expected by summer 2026.
Nagomi Security expands platform with agentic exposure remediation and verification
Nagomi Security has launched Agentic Exposure Ops, which extends the platform’s focus from exposure visibility to automated remediation. Agents investigate exposures by correlating vulnerability data, control telemetry, and threat signals across domains, then route remediation tasks to the appropriate owners with contextual tickets. Once a fix is applied, the agents continuously re-verify that the closure holds as environments change, producing evidence at each stage of the detect-investigate-remediate-verify loop.
Opal Security launches Paladin, OpalScript, and OpalQuery for AI-native access governance
Opal Security has introduced three new capabilities forming a closed loop for access governance. Paladin is an AI access evaluation agent that sits directly in the approval chain, reviews requests against the requester’s history, resource sensitivity, and referenced project tickets, and either approves or escalates them. OpalScript is a Python-like policy language that lets teams codify access rules as executable automations (such as separation-of-duties enforcement or time-limited access grants). OpalQuery allows security and GRC teams to interrogate the organization’s identity and access graph using plain-language queries, with results exportable as audit evidence.
Orca Security adds AI agents and runtime AI detection to cloud security platform
Orca Security has announced four new capabilities for its platform. A Threat Investigation Agent automatically correlates signals across cloud environments and produces investigation reports with recommended containment actions, while an AppSec Triage Agent analyzes SAST findings to filter out false positives. Runtime AI Threat Detection identifies when workloads, identities, and processes interact with AI models, MCP servers, and third-party AI tools, providing visibility into how AI is being used at runtime and where sensitive data may be exposed. Orca also introduced code reachability analysis, which determines whether vulnerable code paths are actually invoked in running applications, and Orca Missions, which groups related findings into tracked remediation initiatives.
Onapsis unveils capabilities to unlock agentic AI SAP cybersecurity workflows
Onapsis announced Agentic Gateway, an Agentic AI for SAP cybersecurity, enabling organizations to interact with security and compliance data through natural language queries from their existing corporate-sanctioned AI platforms. Security teams can bridge the gap between complex SAP security telemetry and autonomous enterprise AI agents to optimize the full scope of Onapsis platform capabilities. The capability provides an MCP Gateway for SAP Security, Agentic workflows, Context-Aware Reasoning, Enterprise-Grade Privacy and Rapid ‘Shields-Up’ SAP Visibility for all users.
Panther releases AI SOC platform
Panther has announced the general availability of its AI SOC Platform, in which AI agents have native access to the platform’s data lake, detection engine, and organizational knowledge to investigate and triage alerts autonomously. A key architectural feature is closed-loop detection tuning: every triage outcome is fed back as a label that automatically adjusts detection logic over time. Other capabilities include an AI Detection Builder that converts natural-language threat hypotheses into Python-based detection rules, proactive threat hunting that runs scheduled analysis across the full data lake, and cross-tool context assembly via MCP integrations with identity providers, ticketing systems, and code repositories.
Pentera adds natural language AI interface to exposure validation platform
Pentera has released Pentera 8, which introduces Pentera Peer, a natural-language, agentic interface embedded directly into the platform’s adversarial testing workflow. The interface is context-aware, tailoring its outputs to the user’s role and organizational context, such as industry and geography. Pentera 8 is expected to reach general availability in Q2 2026.
Secure Code Warrior launches ‘SCW Trust Agent: AI’ for governance of AI-assisted development
Secure Code Warrior has unveiled ‘SCW Trust Agent: AI’, which provides commit-level visibility into which LLMs (both sanctioned and shadow AI tools) influenced specific code commits, and correlates that AI usage with vulnerability exposure and developer skill levels to enforce policy before code reaches production. It also tracks active MCP servers to prevent AI agents from accessing internal tools or databases through unvetted connections.
Sevii launches Autonomous Proactive Security module
Sevii has released an Autonomous Proactive Security (APS) module as an expansion of its Autonomous Defense and Remediation (ADR) platform. APS continuously ingests threat intelligence from external partners, open source feeds, and attack data generated within a customer’s own environment, then autonomously generates and executes hunting hypotheses and remediation actions. The platform deploys agentic Cyber Warrior agents to the edge of enterprise networks to process and act on detections across endpoint, identity, and cloud environments.
Simbian unifies SOC, threat hunting, and pentesting
Simbian has announced a unified security operations platform anchored by the Simbian Context Lake, a shared intelligence layer that stores an organization’s environment data, past investigation decisions, and institutional knowledge to inform multiple AI agents. The platform brings together three agents (an AI SOC Agent for alert triage and response, an AI Pentest Agent for automated penetration testing, and an AI Threat Hunt Agent in private preview) that share findings with each other in real time, so a vulnerability uncovered during a pentest can automatically elevate the priority of a related SOC alert. The platform integrates with over 90 security tools and includes case management capabilities, with the SOC and Pentest agents generally available now.
Varonis launches Atlas, an end-to-end AI security platform
Varonis has released Atlas, a platform that covers the full AI security lifecycle (inventory, posture management, runtime guardrails, detection and response, compliance, and third-party risk) in a single solution. A key differentiator is its integration with the Varonis Data Security Platform, which enriches AI security findings with data sensitivity and access context so teams can understand not just what an AI system is doing but what sensitive data it can reach. An AI Gateway enforces real-time guardrails inline (blocking policy violations before they reach the model or downstream systems) while keeping all prompt and response telemetry within the customer’s own environment.
Veracode extends remediation engine for supply chain risks
Veracode has launched Fix for Software Composition Analysis (SCA), extending its existing AI-powered code remediation capability to cover vulnerabilities in open source dependencies. The solution performs contextual analysis of how third-party libraries interact with first-party code to avoid introducing breaking changes, then bundles all required configuration and source file modifications into a single, reviewable pull request delivered directly into the developer’s Git environment. Automated fixes are grounded in a proprietary, human-verified vulnerability database. The product is currently in Early Access.
Vicarius launches vIntelligence for continuous exposure validation and closed-loop remediation
Vicarius has launched vIntelligence, a new flagship product that adds continuous exposure validation and agentic orchestration to complement its existing vRx remediation platform. vIntelligence is a new engine built to solve the assurance gap by continuously validating risk across fragmented security data, turning raw findings into actionable guidance. vIntelligence combines its own validation engine with an agentic AI layer, enabling teams to query their environment in natural language, generate custom validation logic, identify detection gaps, and recommend remediation actions, all within a human-in-the-loop model.

Facts Only

1Password launched 1Password Unified Access, a platform for securing AI agents and automated workflows, collaborating with Anthropic, Cursor, GitHub, Perplexity, and Vercel.
Action1 announced integrations with Rapid7, Tenable, CrowdStrike, and Microsoft, enabling vulnerability scan data correlation with its endpoint management platform.
Arcjet released prompt injection detection to block malicious AI prompts before they reach models, integrating with existing application-layer security controls.
Bonfy introduced Adaptive Content Security (ACS) 2.0, monitoring AI agent access to sensitive data across systems like Microsoft 365, Google Workspace, and AWS S3.
Booz Allen Hamilton launched Vellox, an AI-native cyber defense suite with tools for malware analysis, detection engineering, and autonomous remediation.
Cobalt expanded its Offensive Security Platform with AI-driven pentesting and a Security Program Manager service for enterprise-scale programs.
Druva launched Identity Resilience, extending its data security platform to cover identity protection and recovery for Okta, Active Directory, and Entra ID.
Entro Security added Agentic Governance & Administration (AGA) to its identity platform, extending governance to AI agents and non-human identities.
Graylog added threat prioritization, automated investigations, and an MCP server to its SIEM platform.
Huntress introduced Managed Endpoint Security Posture Management (ESPM) and Managed Identity Security Posture Management (ISPM), currently in Early Access.
Nagomi Security launched Agentic Exposure Ops, automating exposure remediation and verification.
Opal Security released Paladin, OpalScript, and OpalQuery for AI-native access governance.
Orca Security added AI agents and runtime AI detection to its cloud security platform.
Onapsis unveiled Agentic Gateway for SAP cybersecurity, enabling natural language queries and AI workflows.
Panther released its AI SOC Platform, featuring autonomous alert triage and closed-loop detection tuning.
Pentera introduced Pentera 8 with a natural language AI interface for adversarial testing.
Secure Code Warrior launched SCW Trust Agent: AI for governing AI-assisted development.
Sevii released an Autonomous Proactive Security module for automated threat hunting and remediation.
Simbian unified SOC, threat hunting, and pentesting in a platform with shared AI agents.
Varonis launched Atlas, an end-to-end AI security platform integrating data security context.
Veracode extended its remediation engine to cover open-source dependencies with Fix for Software Composition Analysis (SCA).
Vicarius launched vIntelligence for continuous exposure validation and agentic orchestration.

Executive Summary

The RSAC 2026 Conference in San Francisco has seen a wave of cybersecurity product and service announcements, with vendors introducing AI-driven solutions across identity governance, threat detection, and automated remediation. Key themes include the integration of AI agents into security workflows, enhanced visibility into AI usage and risks, and the convergence of traditionally siloed security functions like SOC operations, pentesting, and threat hunting. Notable launches include 1Password’s Unified Access platform for securing AI agent credentials, Arcjet’s prompt injection detection, and Varonis’s Atlas, which unifies AI security lifecycle management. Other highlights include Booz Allen Hamilton’s Vellox suite for AI-native cyber defense, Opal Security’s AI governance tools, and Simbian’s unified platform combining SOC, threat hunting, and pentesting capabilities. Many solutions emphasize real-time monitoring, automated response, and cross-tool integration, reflecting a broader industry shift toward autonomous, context-aware security operations. The announcements also underscore growing concerns around shadow AI, data exposure in AI workflows, and the need for continuous validation of security postures.
The proliferation of AI-native tools suggests a maturing market where vendors are moving beyond point solutions to offer integrated, agent-driven platforms. However, the rapid pace of innovation raises questions about interoperability, the potential for vendor lock-in, and the long-term effectiveness of AI-driven security in adversarial environments. While these tools promise to reduce manual workloads and improve response times, their reliance on AI models and MCP (Machine Communication Protocol) integrations introduces new attack surfaces and governance challenges. The conference highlights both the opportunities and risks of AI in cybersecurity, with vendors positioning their offerings as essential for navigating an increasingly complex threat landscape.

Full Take

The RSAC 2026 announcements reveal a cybersecurity industry in the throes of an AI-driven transformation, where the line between defensive tooling and autonomous agents is rapidly blurring. The strongest version of this narrative is that AI is no longer an auxiliary feature but the core architecture of modern security platforms. Vendors are racing to embed AI agents into every layer of the stack—from identity governance (Entro, Opal) to threat detection (Graylog, Orca) to automated remediation (Nagomi, Sevii). This shift reflects a genuine need to address the scale and complexity of modern threats, but it also raises critical questions about transparency, accountability, and the potential for AI systems to become single points of failure.
Pattern-wise, the announcements exhibit a subtle form of **ARC-0043 Motte-and-Bailey**: vendors present AI as both a panacea ("fully autonomous remediation") and a modest augmentation ("assisting human analysts"). The "motte" is the undeniable utility of automation in security operations, while the "bailey" is the implied promise that AI can replace human judgment entirely. Another pattern, **ARC-0024 Ambiguity**, appears in the vague definitions of "agentic workflows" and "MCP servers," terms that sound precise but often lack standardized meaning across vendors. This ambiguity could obscure interoperability challenges or overstate capabilities.
The root cause of this trend is the industry’s struggle to keep pace with the attack surface expansion driven by cloud adoption, remote work, and now AI itself. The paradigm assumes that security must be as dynamic and adaptive as the threats it faces, but it risks conflating speed with effectiveness. The unstated assumption is that AI agents will make fewer mistakes than humans—but what happens when those mistakes are systemic, opaque, or irreversible?
For human agency, the implications are double-edged. These tools could democratize advanced security capabilities for resource-constrained teams, but they also concentrate power in the hands of vendors who control the AI models and data pipelines. The second-order consequences include potential vendor lock-in (as platforms become more integrated), the erosion of human expertise (if automation displaces hands-on skills), and new attack vectors (e.g., adversarial prompts targeting AI-driven defenses).
Bridge questions to consider: How do we audit AI agents when their decision-making is opaque? What happens when multiple AI-driven security tools conflict in their recommendations? And crucially, who is liable when an autonomous remediation action causes unintended damage?
Counterstrike scan: If this were a coordinated influence campaign, the playbook would involve hyping AI as the only viable solution to cybersecurity’s challenges, creating FOMO among enterprises to adopt unproven tools. The actual content doesn’t fully match this—many announcements are incremental improvements rather than revolutionary claims—but the cumulative effect could still pressure organizations into premature adoption. The healthy skepticism lies in recognizing that AI is a tool, not a silver bullet, and that its effectiveness depends on how it’s governed, not just how it’s deployed.
**Patterns detected: ARC-0043 Motte-and-Bailey, ARC-0024 Ambiguity**

Sentinel — Human

Confidence

The article exhibits strong human authorship signals, with natural variability in phrasing and vendor-specific details that are unlikely to be AI-generated. Minimal stylometric or coherence red flags.

Signals Detected
low severity: Moderate sentence length variance and natural transitions, though some repetitive phrasing in product descriptions.
low severity: Fluent but lacks passionate emphasis; however, this is consistent with standard industry reporting.
low severity: No verbatim talking points across sources; attributions are specific to vendors.
low severity: No unverifiable claims or confabulated historical references.
Human Indicators
Idiosyncratic vendor-specific details (e.g., 'Pentera Peer' context-awareness, 'Orca Missions' grouping)
Varied phrasing and emphasis across announcements (e.g., 'closed-loop detection tuning' vs. 'agentic exposure remediation')
Industry-specific jargon used naturally (e.g., 'MCP server,' 'SOC Agent')