It felt as though every single conversation, booth, and presentation at RSAC 2026 mentioned AI. But beyond the sheer volume of messaging around this topic, it is clear to us that a more important shift is taking place in the SaaS security sphere. Security teams are now moving beyond AI experimentation and asking harder questions. Everyone wants to know not only how to secure AI within SaaS environments, but also how AI improves security outcomes.
Across our conversations with global enterprises, one theme came up repeatedly: AI is accelerating everything, but it’s also exposing gaps that security teams can no longer ignore. Visibility alone isn’t enough. Automation without context creates noise. And applying AI without a clear foundation introduces more risk than it removes.
At the same time, SaaS continues to sit at the center of the enterprise. It holds critical data, connects teams, and drives productivity. But it also introduces complexity across identities, configurations, and third-party integrations that most organizations are still struggling to manage consistently. The attack surface has never been more sophisticated and sprawling, and security professionals are struggling to keep up. If this plight sounds familiar to you, you are not alone.
TL;DR: Key takeaways from RSAC 2026
Here’s what stood out at RSAC this year:
AI is everywhere, but outcomes matter more than features
GenAI is not a shortcut; it requires strong data and context
AI agents and non-human identities (NHIs) must be governed like human identities
SaaS security is shifting from audits to continuous monitoring
Security teams want clarity, not more alerts
The organizations seeing the most value are not the ones adopting AI the fastest. They are the ones applying it thoughtfully, grounded in security fundamentals.
Team AppOmni at RSAC 2026
Trends and common themes from RSAC
AI dominated RSAC again, but the conversations have matured compared to past years
Every RSAC has a defining trend. This year and last year, it was AI. From SecOps and threat intelligence to identity, governance, and SaaS, AI is now embedded everywhere across every layer of the security stack.
But the tone shifted this year. The conversations were no longer about whether or not to adopt AI. Instead, everyone talked about how to apply it responsibly and where it actually delivers value.
This year, security leaders asked more practical questions:
Where does AI meaningfully improve security outcomes?
What security risks does AI introduce?
How do we control AI within our SaaS environments?
This shift signals a more mature phase of AI adoption and readiness from last year.
Generative AI is not a silver bullet nor a shortcut for security teams
One of the most consistent themes, both in sessions and conversations, was the misconception that Generative AI (GenAI) can solve complex security problems on its own.
Although we wish there were a silver bullet, it’s just not reality. It can’t do all of that.
Effective AI requires a layered approach. Structured data, statistical models, and machine learning all come before GenAI. Skipping those steps leads to inconsistent outputs and unnecessary risk.
This aligns directly with how SaaS security needs to operate. It’s not about adding AI on top. It’s about using AI to enhance visibility, context, and decision-making across identities, configurations, and activity.
AI agents introduce more risk
AI agents act as users, interact across SaaS applications, and often operate with broad access to sensitive data. This introduces a new challenge where security teams must start treating AI and NHIs similarly to human identities.
That means applying the same principles security teams already rely on:
Least privilege
Continuous monitoring
Zero Trust
AI is no longer separate from SaaS security; it’s now interwoven with the very fabric of SaaS environments.
SaaS supply chain risk is now a primary attack vector
From the increased supply chain attacks over the last year and a half, a new pattern has emerged. Attackers aren’t just targeting a single application; instead, they attack identity, integrations, and interconnected SaaS environments to move faster and access more data.
This is what makes SaaS risk so different. It doesn’t sit in one place. It spreads across users, configurations, and SaaS-to-SaaS connections, often outside the visibility of traditional tools. In response, many organizations are refocusing on fundamentals. Before layering on new technology, they’re reinforcing core security hygiene:
Enforce phishing-resistant multi-factor authentication across all critical SaaS applications
Ensure single sign-on is consistently enabled and cannot be bypassed
Apply least privilege access and continuously review entitlements
Identify and disable stale credentials and inactive accounts
Screen passwords against known compromised lists and block weak patterns
Re-screen user identities against public breach datasets and rotate reused credentials
These aren’t new practices, but recent breaches have shown how often they’re inconsistently applied in SaaS environments.
Most organizations have some level of monitoring in place, but not all monitoring is equal. Legacy approaches like CASB and CSPM focus on network access or cloud infrastructure layers. They were not designed to provide deep visibility into SaaS configurations, identity activity, or third-party integrations. That gap is exactly where modern attacks are happening.
“We’ve held off on implementing a SaaS security program for so long. We can’t ignore it anymore.”
– A security leader of a Fortune Global 500 Company
The shift we’re seeing is not just toward more monitoring, but toward the right kind of monitoring. Security teams need continuous visibility and validation across the SaaS layer itself, including identities, configurations, and connected applications. In today’s environment, the risk isn’t just in accessing SaaS. It’s in how SaaS is configured, connected, and used.
This year, we spent quality time with security leaders across industries who are all facing the same core problems: SaaS environments are growing, AI is accelerating change, and existing tools are not providing the depth needed to manage risk effectively. Teams want to simplify SaaS security and reduce noise so they can focus on what actually matters.
A quick thank you to everyone who visited us at our booth and talked with our team. Whether it was a deep dive into SaaS risk, a conversation about AI, or a quick catch-up, we appreciate the time and perspective you shared.
These conversations are what shape how we think about our product and the problems we’re solving.
AppOmni and Cribl present at RSAC 2026
We also want to say thank you to our friends at Cribl. In our joint session, the focus shifted from theory to application. The discussion centered on how AI should be used to investigate, prioritize, and act on SaaS risks, not just surface them. Everything should be intentional. Not everything should be an agent. Not every workflow needs automation. The goal is to proactively investigate what matters and provide clear guidance to security teams. This reflects a broader need in the market. Security teams are overwhelmed with data but lack direction. AI should reduce that complexity, not add to it.
RSA Conference FAQs
How do we secure AI?
Treat AI like any other SaaS app and identity. It makes decisions, accesses sensitive data, and often gets added without IT visibility. One misconfigured prompt can expose customer data, and you can’t claw back what AI already saw.
We already have CSPM. Why do we need a SaaS security platform?
Last summer, more than 700 organizations were breached not through infrastructure failures but through exploited SaaS app connections and compromised OAuth tokens. Snowflake’s 2024 breach? Attackers walked in through stolen credentials, bypassed MFA, and exploited SSO that was never enforced. CSPM never saw any of it.
CSPM secures your cloud. SaaS security posture management (SSPM) secures your SaaS, where cybercrime groups (ShinyHunters, Lapsus$, Scattered Spider, etc.) continue to expose SaaS supply chain vulnerabilities. You need both CSPM and SSPM.
How do we incorporate GenAI in SaaS security?
Throwing GenAI at problems without domain expertise, proper data vetting, and solid ML/stats infrastructure wastes money and won’t deliver results.
“It’s not a silver bullet.”
— Melissa Ruzzi, Director of AI at AppOmni
GenAI isn’t a silver bullet for security. It relies on a strong foundation of structured data, statistical models, and machine learning, and skipping those layers leads to inconsistent results and added risk. In SaaS environments, AI is most effective when it enhances visibility, context, and decision-making—not when it’s treated as a standalone solution.
Final takeaways from RSAC
RSAC 2026 reinforced that AI will shape the future of security, but success will come from how it is applied.
For SaaS security, that means focusing on what actually reduces risk:
Continuous monitoring instead of point-in-time checks
Identity-centric security across users and AI
Context-driven prioritization, not alert overload
A unified approach across configurations, identities, and data
SaaS environments are dynamic, and AI is accelerating that expansion and evolution. The combination of this growth increases both opportunity and risk. This is an exciting, yet challenging time to be in the SaaS security world.
The organizations that succeed will be the ones that bring clarity to that complexity. They will use AI to enhance decision-making, not replace it. They will treat AI as part of the environment, not separate from it. And they will focus on outcomes instead of activity.
That’s how you move from AI hype to real SaaS security outcomes.
Learn more about growing supply chain attack patterns from threat actors
