Act Fast: RSA 2026

Next week, the cybersecurity industry gathers in San Francisco for the RSA Conference. While the scale of the event is always a spectacle, its true value lies in how it nurtures the realignment in our collective understanding of risk.

This year, that understanding must undergo a fast and fundamental shift because the systems we are trying to secure no longer behave like bounded systems. They behave as networks of decisions which carry risk in every direction. 

From Static Systems to Dynamic Supply Chains

Enterprise security once relied on a comfortable assumption: systems were bounded and knowable. AI has rendered that assumption obsolete.

A single interaction with an AI assistant can trigger a cascade of activity across external models, APIs, and autonomous agents. Data leaves, transforms, and returns. Decisions are delegated across components that often lack a unified security posture. We are no longer just managing applications; we are overseeing AI supply chains.

Risk in these environments is not confined to a single breach point. It emerges from the relationships between components. Our research at ThreatLabz confirms the fragility of this new architecture: in controlled testing, 100% of enterprise AI systems analyzed exhibited exploitable vulnerabilities. Often, a full compromise required nothing more than a single interaction.

We have also spent years optimizing detection and response, a model that assumes we have time to act. In the age of AI, that time has further evaporated to nothing.

Findings from the ThreatLabz 2026 AI Security Report show that AI systems can fail in as little as one second, with a median time to compromise measured in mere minutes. There is no meaningful dwell time in this scenario. There is only the interaction.
This implies a hard truth: security cannot be an afterthought. It must exist within the flow of transactions everywhere.

Extending Zero Trust to the Interaction

The shift from bounded systems to distributed networks requires a fundamental evolution of our security principles. Zero Trust has traditionally focused on verifying users, devices, and networks. In the age of AI, we must extend this to the interaction.

• Continuous Evaluation: Trust cannot be granted at the point of entry and assumed thereafter. It must be reassessed at every step of the decision chain.
• Visibility Beyond the Edge: Security must be able to follow the data and context as they move across models and third-party services.
• Inline Control: Policies must operate at the point of interaction, where decisions are made, rather than after an outcome is produced.

The gap in security today isn't a lack of tools, but a mismatch of models. The traditional perimeter has not just dissolved; it has been replaced by a complex web of AI supply chains and model interactions. While we have focused on securing the edges of environments that are no longer bounded, the true risk has moved to the interaction layer. Understanding and governing the AI supply chain is the only way to close that gap. At RSA, we need to move past the hype and discuss the practical architecture required to secure these dynamic high-velocity workflows. 

Complexity is a Gift to the Adversary

One of the biggest challenges I regularly hear from CISOs is the exhaustion caused by tool sprawl. Over the last decade, organizations have layered point product upon point product. While each was intended to solve a specific problem, the collective result is a fragmented mess that creates fatal blind spots.

Amongst the many other challenges, every siloed tool is an opportunity for a threat actor. This is why the industry is increasingly shifting toward platform-based security architectures that unify visibility across users, devices, applications, data, and now AI interactions.

You will hear a lot of noise about end-to-end solutions next week. However, there is a fundamental difference between a suite of products stitched together and a platform built from the ground up to share intelligence. A cloud-native AI security platform doesn’t just reduce costs; it provides the inline context and automation needed to solve complexity and outpace threats. In a world of high-velocity attacks, simplification is a strategic imperative.

Alignment at RSA

The industry does not lack awareness; it lacks alignment between how systems are built and how they are secured. At RSA, we will demonstrate how the Zscaler AI Security Platform applies Zero Trust to this new reality—securing the interactions that now define enterprise risk.

We invite you to visit us at Booth #N-5269 and connect with the Zscaler team to discuss how to discover your AI supply chain, reduce risk fast, and stay secure.

I look forward to seeing many of you in San Francisco.