RSAC 2026: AI Sets the Tempo for Cybersecurity

AI was not a side conversation at RSA Conference 2026. Instead, it became the condition every other security discussion had to operate within.

According to CSO Online’s RSA 2026 recap, David Gee estimated that roughly 40% of the agenda was AI-weighted across cybersecurity domains. After the event, that prediction held. Nearly every major discussion circled back to AI — from investment and product strategy to identity, offensive capability, governance, and the evolving shape of the SOC.

That does not mean every AI pitch deserves applause. Vendors can still turn a toaster into an “AI-native risk platform” if the booth budget is large enough. However, the more important shift is structural: AI is changing the tempo of security operations. Attack cycles are compressing, defensive expectations are rising, and evidence that once arrived slowly now has to support decisions in minutes.

The Tempo Problem

The sharpest takeaway from RSA was not that AI makes security smarter. Instead, it makes security faster — whether teams are ready or not.

In the CSO recap, Kevin Mandia argued that AI-assisted defense could reduce response cycles from five days to five minutes. At the same time, Frontier Labs’ Brian Singer described AI attackers operating at up to 1,000 times human speed. These are conference observations, not universal benchmarks. Still, the direction is clear: both offense and defense are accelerating toward machine-speed operations.

As a result, slow security assumptions break down. A workflow that depends on an analyst reviewing a ticket the next morning cannot support a five-minute response window. Likewise, a database alert that takes hours to enrich cannot drive automated containment. Even quarterly access reviews fail when AI agents and service accounts can shift behavior between board meetings.

Automation Without Evidence Is Just Faster Uncertainty

AI-assisted triage can help overwhelmed teams by summarizing signals, correlating events, prioritizing risks, and recommending actions. However, an automated system is only as reliable as the evidence behind it.

If the system cannot identify which database query triggered an alert, which identity executed it, whether that identity was human or non-human, what sensitive fields were accessed, and whether the behavior matched a baseline, then it is not truly responding faster. Instead, it is guessing faster — which is not modernization, just panic with better branding.

Consider a simple scenario. An AI response workflow detects unusual data access and recommends blocking a service account. That decision might be correct. Alternatively, it could disrupt a legitimate month-end process. Worse, it might miss the real issue if the exposure occurred earlier — for example, when an AI retrieval service pulled regulated data into a prompt pipeline. Without runtime evidence, speed quickly turns into risk.

The Data Layer Becomes the Control Plane

As AI spreads, data-layer security becomes more critical, not less. AI now appears in browsers, collaboration tools, development pipelines, security platforms, analytics systems, and internal applications. As a result, the traditional boundary around “AI systems” disappears. What remains measurable is data access.

For example, which identities query sensitive tables? Which applications access customer records? Which new service accounts appear after an AI rollout? Which data sources feed retrieval workflows? Which queries deviate from baseline behavior? And which data gets returned before an automated action triggers?

These are not abstract ethical questions. Instead, they are operational control points. Without this context, an AI-assisted defense system cannot reliably decide whether to alert, block, mask, quarantine, revoke access, or escalate an incident.

Five Minutes Requires Preparation Before the Incident

The five-minute response idea sounds like a future-state capability, but the work that makes it possible has to happen before the incident.

Sensitive data must be discovered and classified. Database activity must be logged. Normal access patterns must be understood. Non-human identities must be mapped to the systems they actually use. Audit trails must preserve enough detail to explain what happened. Masking and firewall policies must already exist before AI-adjacent workflows start moving regulated data around the enterprise.

This preparation is not glamorous. It rarely gets the keynote slot. It is also what separates safe automation from a very expensive incident-response hallucination. If a team does not know where sensitive data lives, AI cannot reliably protect it. If an organization cannot see database behavior, AI cannot reconstruct it after the fact. If an agent has excessive access, faster triage does not fix the exposure.

What Security Teams Can Do Now

• Map sensitive data before AI-assisted workflows depend on it.
• Monitor database activity continuously, not only during investigations.
• Connect alerts to identity context, including service accounts and AI agents.
• Baseline normal query behavior so automated systems can detect meaningful drift.
• Use masking and policy controls to reduce exposure before data enters AI workflows.
• Keep audit trails strong enough to support both incident response and compliance review.

The point is not to buy every AI security feature with a shiny dashboard and a founder in fleece. The point is to build the evidence base that AI-powered security will depend on.

Where DataSunrise Fits

DataSunrise is relevant because AI-speed defense needs data-layer evidence. DataSunrise Activity Monitoring helps security teams observe database operations, user behavior, queries, and access patterns across on-premises and cloud environments. Data Audit supports the audit trails needed to reconstruct activity and prove what happened. Sensitive Data Discovery helps identify the regulated and high-value data that AI workflows may touch, while Dynamic Data Masking can reduce exposure when users, applications, or AI-adjacent services do not need raw values. In an AI-saturated security environment, those controls are not side features. They are the data-layer foundation that makes faster response safer.