The New Year still feels pretty new, but the 2026 conference season is already in full swing. Next week, RSAC and KubeCon will happen at the same time, and while the two shows have very different core audiences (Security professionals and Platform Engineers, respectively), we're seeing an awful lot of overlap in topic this year.
Agents everywhere
Surprising precisely no one, AI is a huge topic, and agentic AI is a huge part of that, but what strikes me is how quickly both conferences have focused on authorization as a key driver of AI—and, particularly, agents.
It makes sense. According to Omdia's "Market Landscape: Why 90% of Enterprise AI Projects Fail," security and data privacy issues are the biggest barrier to AI adoption, followed closely by compliance and regulatory concerns. Your AI project may do great things, but if it might cause a breach or get you sued, it's never seeing the light of day. But there's a lot of value (and sunk costs) in those projects, so figuring out authorization is critical to not just project success, but business success. In 2026, we know AI is essential and we've put real resources behind it, but now we're hitting walls with very dangerous consequences if we get it wrong.
Sessions to watch
With more than 1000 sessions across both conferences, it's hard to pick favorites, but here are a few I'm adding to my agenda at RSAC:
- Inside AI Governance: Early Patterns from Security, Risk, and IT Leaders: AI is moving so quickly that we're still scrambling to define best practices for securing it. If you're in charge of implementing those best practices, it's hard to know how far ahead of or behind you might be. I'm looking forward to getting a real-world snapshot.
- AEGIS: Guardrails for Securing Agentic AI in the Enterprise: Last summer, Forrester introduced Agentic AI Guardrails For Information Security (AEGIS) as an overarching framework to help enterprises manage agentic security. We're looking forward to seeing what's new and how their clients have reacted.
- Securing MCP: Mitigating New Threats in Agentic AI Deployments: MCP makes it simple (or at least straightforward) to integrate your AI portfolio, but it's not even remotely secure (you can read our take on MCP security here). Figuring out authentication and authorization for MCP is going to be essential if we ever want the protocol to succeed.
Come say hi!
As much as I love swag and parties, the best part of any conference is connecting with your community. If you're coming to either show next week, we'd love to say hi. If you're at RSAC and you'd like to chat, please get in touch! I'll be attending with our co-founder, Jimmy Zelinskie, and we'd love to hear what's on your mind. If you're lucky enough to be in Amsterdam for Kubecon, please reach out to our Lead Developer Advocate, Sohan Maheshwar.
See you on the show floor!