RSAC 2026 Proved the Industry Agrees on the Problem — Now Comes the Hard Part

RSAC 2026 revealed a rare industry consensus: securing AI agents is the paramount challenge. Major players like Cisco, CrowdStrike, and Palo Alto Networks all announced new capabilities focused on agent discovery and policy enforcement, with Nvidia even introducing infrastructure-level constraints via its OpenShell runtime. This unified front confirms the findings of the Kiteworks 2026 Data Security Report, which found that 100% of surveyed organizations have agentic AI on their roadmap. The industry has successfully diagnosed the problem.

Yet, a dangerous implementation gap persists. The same Kiteworks report shows that while discovery tools are proliferating, critical containment controls are missing. A staggering 63% of organizations cannot enforce purpose limitations on their AI agents, 60% cannot terminate a misbehaving agent, and 55% cannot isolate AI systems from their networks. This creates a 15-20 point gap between governance (monitoring) and containment (stopping). Furthermore, 33% of organizations lack evidence-quality audit trails, complicating compliance with regulations like HIPAA and PCI. The conversation has shifted from 'if' agents are a risk to 'how' to govern their actions on sensitive data without building a separate stack for every AI platform.