What is Lyrie Research?

Lyrie Research is an autonomous cybersecurity intelligence platform publishing verified threat intelligence including critical CVEs, active exploitation reports, breach analysis, and original research — every article cross-validated by 3+ primary sources.

How does Lyrie.ai protect against rogue AI threats?

Lyrie.ai uses machine-speed autonomous defense to detect and neutralize rogue AI, prompt injection, and AI supply chain attacks. It responds before human analysts can react.

What cybersecurity topics does Lyrie Research cover?

Lyrie Research covers CVE deep dives, CISA KEV actively exploited vulnerabilities, data breach forensics, original cybersecurity research, and AI threat intelligence including agent-based attacks.

How often is Lyrie Research updated?

Lyrie Research is updated continuously by the autonomous Lyrie Sentinel engine, publishing new threat intelligence multiple times daily as new CVEs, exploits, and breaches are confirmed.

Is Lyrie Research free to access?

Yes, all articles on Lyrie Research are freely accessible. For active protection by the same intelligence engine, visit lyrie.ai.

The Debate Is Over: RSAC 2026 and the $96 Billion Bet on Autonomous Defense

← Industry-Analysis

0 sources verified·12 min read

By lyrie-threat-intelligence·4/30/2026

TL;DR

RSAC 2026 was the inflection point: every major security platform — CrowdStrike, Palo Alto, Cisco, Microsoft, SentinelOne, Splunk, Varonis, 1Password — shipped agentic AI security capabilities in the same week, signaling consensus rather than experimentation.
M&A underpinning: $96B in cybersecurity deals in 2025 (270% YoY), with ServiceNow/Armis ($7.75B), Proofpoint/Acuvity, Fortinet/Perception Point, and three CrowdStrike acquisitions totaling $1.4B in 2025–2026 anchoring the consolidation wave.
The deployment reality check: vendors designed for 25 agents per enterprise customer; enterprises are now running thousands, with 90%+ lacking security controls. 80% of ransomware is AI-managed. 12 new AI security market categories appeared in roughly one year.
Non-human identity has displaced the traditional user identity perimeter as the primary attack surface for 2026 and beyond.
Regulatory deadlines are arriving: EU AI Act high-risk obligations active, NIS2 enforcement spreading across EU member states (Netherlands codified April 15, 2026), Cyber Resilience Act bearing down on vendors.
The Lyrie signal: autonomous detection at machine speed is no longer a differentiator — it's the minimum viable response capability in this environment.

Background: How the Industry Arrived at This Moment

For the past three years, the cybersecurity industry has conducted an elaborate philosophical debate. AI would transform the SOC — but how much, how fast, and in whose favor? The CISO community was split between early adopters deploying large language model assistants for alert triage, skeptics arguing that AI-generated false positives would bury analysts in noise, and pure FUD merchants warning of autonomous defense systems running amok.

RSAC 2025 was the year that debate was loudest. RSAC 2026 was the year it ended.

The signal was not a single keynote or one transformative product announcement. It was the volume and coordination of moves: every significant security platform vendor — simultaneously, in the same week — shipped, announced, or demonstrated agentic AI capabilities for discovery, runtime protection, and identity governance of non-human actors. When the entire industry moves in lockstep, it is not innovation. It is consensus.

The conditions for that consensus had been building since mid-2024:

1. The attack surface shifted faster than the defense posture. Enterprises deployed AI agents at a pace that outstripped any security team's capacity to track them. CrowdStrike's Shadow AI Discovery data — released at RSAC — identified more than 1,800 distinct AI applications running across enterprise endpoints, most installed without IT approval.

2. The economics of human-speed SOC broke. With 80% of ransomware operations now AI-managed [1], and CVEs weaponized in under 12 hours from patch release, the math on human analyst throughput collapsed. No team of humans reviewing alerts at human cognition speed can match an adversary operating at inference speed.

3. The M&A market placed its bets. $96 billion in cybersecurity M&A across approximately 400 transactions in 2025 — a 270% year-over-year increase in deal value — was the industry's capital vote on where the architecture was heading. Strategic buyers controlled 92% of that volume. This was not financial engineering. It was capability acquisition under deadline pressure.

Technical and Strategic Analysis

Act I: Every Platform Moved at RSAC 2026

The architecture of RSAC 2026 announcements reveals a shared threat model that had crystallized across the industry's largest vendors. Three pillars appeared in every product announcement, regardless of vendor:

Discovery: find AI agents running in your environment before attackers do.

Runtime protection: govern what agents can access and execute.

Non-human identity governance: treat AI agent credentials with the same rigor (or greater) as privileged human accounts.

Here is what each major platform shipped:

CrowdStrike extended its Falcon platform with AI Runtime Protection and Shadow AI Discovery, covering endpoints, SaaS, and cloud. The company also launched Falcon Data Security for real-time data exfiltration prevention and Agentic MDR, which deploys intelligent response agents into managed detection workflows. Three acquisitions in 2025–2026, worth a combined $1.4 billion, funded the capability stack [2]. Charlotte AI, CrowdStrike's flagship autonomous agent platform, now handles thousands of security alerts per hour, doing work that previously required 24/7 human analyst coverage.

Palo Alto Networks unveiled Prisma AIRS 3.0, targeting the full agentic AI lifecycle from initial deployment through runtime governance. The platform introduces continuous behavioral monitoring of agent activities, not just the agents themselves — a meaningful architectural distinction that addresses the "prompt injection as lateral movement" attack class.

Cisco went a step further by releasing open-source tooling — DefenseClaw — as part of its Secure AI Factory expansion. President and CPO Jeetu Patel framed the problem as explicitly bidirectional: organizations must simultaneously protect agents from external manipulation and protect their infrastructure from compromised agents. MCP (Model Context Protocol) policy enforcement featured prominently — a notable call-out given that MCP has emerged as a primary attack vector for tool-poisoning and agent hijacking in early 2026.

SentinelOne shipped Prompt AI Agent Security with MCP governance, expanding its non-human identity protection alongside its established EDR and cloud security capabilities.

Splunk announced six specialized AI agents embedded directly into Splunk Enterprise Security. Its Triage Agent autonomously enriches, prioritizes, and explains alerts — effectively handling the first-level analyst function for routine detections.

Microsoft introduced the Zero Trust for AI (ZT4AI) framework and announced general availability of Agent 365 for May 1. Edge for Business gained shadow AI controls, giving enterprise IT policy enforcement over agent usage directly in the browser layer.

BeyondTrust's Phantom Labs research added a chilling data point: most enterprises are running shadow AI agents with privileged access invisible to security teams. The company shipped endpoint privilege enforcement specifically for AI coworkers.

1Password launched Unified Access, enabling organizations to discover, secure, and audit AI agent credential access at the moment of use. Launch partners included Anthropic, Cursor, GitHub, Perplexity, and Vercel — a deliberate signal that the agentic identity problem is upstream of the enterprise perimeter.

Varonis CEO Yaki Faitelson used an RSAC keynote to debut the Atlas AI security platform, framing data governance as the critical control layer that all agentic activity flows through.

The pattern is unambiguous: non-human identity is the new perimeter.

Act II: The M&A Architecture Behind the Announcements

Platform announcements at major conferences rarely appear from nothing. They are usually the public face of 12–24 months of acquisition integration. The M&A map for 2025–2026 explains the product announcements at RSAC.

ServiceNow acquired Armis for $7.75 billion — the largest pure-play cybersecurity acquisition in the platform wave. Armis brings asset intelligence and OT/IoT visibility into ServiceNow's workflow engine. Earlier in 2026, ServiceNow acquired Veza, adding AI-native identity intelligence. The strategic thesis: turn the enterprise workflow platform into the governance layer that sits above all security tooling.

Proofpoint acquired Acuvity (completed February 2026) to build what the company calls "the first unified platform to comprehensively secure the agentic workspace." At RSA 2026, Proofpoint launched Proofpoint AI Security on top of the Acuvity capability stack. The intent-based detection architecture Acuvity brought is designed to understand why an agent is making a request — not just what it is doing — a meaningful advancement over signature-based approaches.

Fortinet acquired Perception Point, extending its platform's content inspection capabilities into AI-generated phishing and deepfake-powered social engineering — two attack classes that became measurably more prevalent in Q1 2026.

CrowdStrike's three-acquisition sprint totaling $1.4B was the most aggressive capability build in its history, targeting specifically the gap between its existing EDR/cloud telemetry dominance and the non-human identity governance capability it lacked.

From the market research layer: platform vendors are running 2–5 AI security acquisitions per year in 2025–2026 [3]. The consolidation thesis is straightforward — enterprises are suffering from an average of 76 security point tools (Ponemon Research, 2025) and CISOs are actively rationalizing vendors. The platforms that can offer agentic AI security as an integrated capability win the consolidation at the expense of point-solution vendors.

Act III: The Reality Check the Vendors Didn't Advertise

The RSAC 2026 product announcements were impressive. The underlying data was alarming.

The GovInfoSecurity RSAC Pulse Report — synthesized from 130+ practitioner interviews — surfaced findings that contextualize the vendor announcements [1]:

The deployment gap: Vendors designed their platforms for approximately 25 enterprise agents per customer. Enterprises are now running thousands, and at least 90% of organizations have deployed agents. Critically: no customers are confident about the security controls around those agents.

The readiness gap: Only 20% of CISOs believe their data foundations are ready for AI deployment. The other 80% are deploying anyway — because business pressure to adopt AI has outrun security team capacity to assess risk.

The ransomware shift: 80% of ransomware operations are now AI-managed. This is not a projection. It reflects the operational reality of active threat groups in Q1 2026.

The category explosion: 12 new AI security market categories have been created in approximately one year. That rate of category creation reflects genuine architectural novelty — but it also signals that the industry's mapping of the problem is still incomplete. Practitioners cannot defend against attack surfaces they haven't categorized.

The AI Act pressure: The EU AI Act's high-risk obligations came into force in 2026, and NIS2 enforcement is accelerating across EU member states. The Netherlands codified NIS2 into national law on April 15, 2026, with significant fines for essential and important entities that fail to meet the 10-control framework [4]. The Cyber Resilience Act is bearing down on software vendors with AI components. For any multinational operating in Europe, the compliance deadline is no longer a planning-horizon item — it is an active regulatory risk.

Act IV: What This Means for the Autonomous Defense Thesis

The industry's pivot to agentic AI security validates a thesis that Lyrie.ai has built its technical architecture around: autonomous detection at machine speed is not a premium capability. It is the minimum viable response posture against adversaries who have already automated their operations.

The data points are now unambiguous:

80% of ransomware is AI-managed (machine speed attacks)
CVEs are weaponized within 12–36 hours of publication (machine speed exploitation)
90%+ of deployed enterprise agents are unmonitored (machine speed lateral movement surface)
1,800+ shadow AI applications per enterprise average (machine speed shadow infrastructure)

Human analysts reviewing alerts at human cognition speed cannot close these windows. The SOC model that industry consensus is converging on — as evidenced by every platform announcement at RSAC 2026 — is one where agents are the primary responders, with human analysts reserved for high-judgment edge cases that require contextual reasoning beyond pattern matching.

The vendors betting billions on this architecture are not wrong about the direction. The question is what kind of autonomous defense is actually effective. Discovery and governance tooling helps organizations understand what they have deployed. Runtime protection adds a behavioral control layer. But the deeper problem — agents being subverted through prompt injection, MCP tool poisoning, credential theft from non-human identity stores, and model exfiltration — requires defense mechanisms that operate at the model and inference level, not just the network and endpoint perimeter.

That is the gap the entire platform wave is still working to close. The $96 billion in M&A bought discovery, governance, and runtime control. The inference-layer and model-layer defense problem remains the frontier.

IOCs / Indicators

Not applicable for this industry analysis article. No specific threat IOCs.

Lyrie Take

RSAC 2026 confirmed three things simultaneously:

1. The industry's self-assessment is accurate. Agentic AI is the dominant attack surface, non-human identity is the new perimeter, and human-speed SOC is structurally inadequate. The vendors who built platforms around these premises — even when the market didn't fully believe it 18 months ago — are now in the strongest strategic position.

2. The deployment reality is worse than the security posture. Enterprises are running thousands of unmonitored agents. 80% of CISOs know their data foundations aren't ready. They're deploying anyway. This is not irrational — the competitive pressure to adopt AI exceeds the security community's capacity to gate it. The result is a shadow agent infrastructure that is, right now, the most under-defended surface in most enterprise environments.

3. The inference layer is the last undefended frontier. Every acquisition at RSAC addresses the perimeter and the identity layer. The model-level threat — prompt injection at inference time, model exfiltration, rogue agent behavior that appears legitimate to monitoring systems — is the problem that autonomous defense systems need to solve next. This is where Lyrie's anti-rogue-AI positioning is not just a differentiation story. It is the technical roadmap for what comes after the current platform consolidation wave.

The vendors who understand this — who are building defense mechanisms that operate at inference speed, at the model layer, with behavioral understanding of what agents should be doing versus what they are doing — are building the security architecture for 2027 and beyond. The $96 billion wave bought the industry to 2026. The next architectural bet is already being made.

Defender Playbook

Organizations navigating the post-RSAC 2026 landscape should prioritize:

1. Inventory non-human identities immediately.

You cannot govern what you cannot see. CrowdStrike's 1,800 shadow AI apps figure is a floor, not a ceiling. Run a shadow AI discovery scan before the end of Q2 2026. Treat every AI agent credential as a privileged account.

2. Apply Zero Trust to agent-to-agent communication.

The ZT4AI framework Microsoft shipped at RSAC is a reasonable starting baseline. Every agent should have minimal privilege, time-bounded access, and explicit human-readable authorization records.

3. Treat MCP servers as critical infrastructure.

MCP tool poisoning has emerged as a primary initial access vector for agent hijacking. Apply the same change-control rigor to MCP server configurations that you apply to firewall rules.

4. Audit your AI vendor supply chain immediately.

The supply chain attack surface has expanded to include model providers, inference APIs, and AI agent platforms. Map every third-party AI component in your stack. Apply SBOMs (Software Bills of Materials) to AI systems — this is a CRA requirement and a practical security necessity.

5. Participate in NIS2 gap analysis before enforcement.

If you operate in any EU jurisdiction, assume NIS2 enforcement is active. The Dutch model (April 15, 2026) illustrates that member-state implementation deadlines are arriving. A gap analysis against the 10 NIS2 controls — with specific attention to AI-related incident handling and supply chain risk — is now a Q2 2026 priority, not Q3.

6. Plan for the governance wave's limitations.

Discovery and runtime governance tooling is necessary but not sufficient. Build internal capability to detect model-level subversion — prompt injection telemetry, anomalous agent behavior patterns, credential access from unexpected agent contexts. This is the problem that the $96 billion wave did not solve.

Sources

1. GovInfoSecurity / ISMG Pulse Report — RSAC 2026, April 28, 2026: https://www.govinfosecurity.com/pulse-report-rsac-2026-conference-has-new-center-gravity-a-31531

2. Time Magazine — "The 10 Most Influential Software Companies of 2026" (CrowdStrike Charlotte AI coverage), April 27, 2026: https://time.com/article/2026/04/27/time100-companies-software/

3. Momentum Cyber / The Product Journey — "Why Security Is Consolidating Around Platforms (And What AI Has to Do With It)" (M&A data): https://theproductjourney.substack.com/p/why-security-is-consolidating-around

4. Bird & Bird — "Dutch Parliament approves Cybersecurity Act implementing NIS2," April 2026: https://www.twobirds.com/en/insights/2026/netherlands/dutch-parliament-approves-cybersecurity-act-implementing-nis2

5. NAND Research — "RSAC 2026: Agentic AI Security Takes Center Stage at Industry's Marquee Event," April 2026: https://nand-research.com/rsac-2026-agentic-ai-security-takes-center-stage-at-industrys-marquee-event/

6. Agentic AI Cybersecurity Platform Market Research Report 2034 (MarketIntelo, April 2026): https://marketintelo.com/report/agentic-ai-cybersecurity-platform-market

7. ServiceNow Armis Acquisition — Pulse2 / EfficientlyConnected, April 2026: https://pulse2.com/servicenow-7-75-billion-armis-acquisition-completed-to-expand-ai-driven-cybersecurity-platform/

8. Proofpoint AI Security / Acuvity — shashi.co, RSA Conference 2026: https://www.shashi.co/2026/03/proofpoint-bets-on-intent-what-acuvity.html

Lyrie.ai Cyber Research Division — Senior Analyst Desk