CrowdStrike CEO George Kurtz was a key speaker at the RSA Conference 2026, where he highlighted the alarming decrease in the fastest recorded adversary breakout time to just 27 seconds. This significant drop from the previous average of 48 minutes in 2024 underscores the urgency for defenders to act swiftly in response to threats.
In a recent keynote, Kurtz emphasized that CrowdStrike sensors now detect over 1,800 distinct AI applications running on enterprise endpoints, totaling nearly 160 million unique application instances. Each of these applications generates detection events, identity events, and data access logs that flow into SIEM systems designed for human-paced workflows.
According to a study by Cisco, 85% of enterprise customers surveyed have ongoing AI agent pilots, but only 5% have successfully transitioned these agents into production. The primary reason for this 80-point gap, as explained by Cisco President and Chief Product Officer Jeetu Patel, is the challenge faced by security teams in managing and overseeing the actions of these agents effectively.
Etay Maor, VP of Threat Intelligence at Cato Networks, expressed concerns about the increasing security complexity associated with the adoption of multiple point solutions for AI. He emphasized the need for a more streamlined approach to AI security to avoid adding unnecessary layers of complexity to existing systems.
One of the critical challenges highlighted during the RSA Conference 2026 is the difficulty in differentiating between agent-initiated and human-initiated activities in security logs. Elia Zaitsev, CTO of CrowdStrike, explained that without a comprehensive endpoint visibility strategy, compromised agents could execute actions with valid credentials without triggering any alerts, making it challenging to detect potential threats.
During his keynote, Kurtz also discussed ClawHavoc, a supply chain attack targeting an AI agent ecosystem, which highlighted the vulnerabilities within AI platforms. The attack exposed over a thousand compromised packages, including backdoors, reverse shells, and credential harvesters, posing a significant threat to organizations utilizing AI agents.
Two distinct approaches to agentic SOC architectures were presented at the conference. Approach A involves integrating AI agents within the SIEM platform, offering specialized tools for detection, triage, and response. In contrast, Approach B focuses on upstream pipeline detection, where real-time analytics and enrichment are performed before events reach the analyst’s queue.
To address the evolving landscape of AI security, CrowdStrike introduced Falcon Data Security for the Agentic Enterprise, which applies cross-domain data loss prevention to monitor data access by agents in real-time. The platform also offers machine-speed managed detection and response capabilities for organizations that lack internal resources to build such capabilities.
In response to the growing demand for custom security agents, CrowdStrike launched Charlotte AI AgentWorks, enabling customers to develop personalized security agents using frontier AI models. The platform has garnered support from industry leaders like Accenture, AWS, and Salesforce, signaling a shift towards more tailored and adaptable security solutions.
Other key players in the AI security space, such as Palo Alto Networks and Intel, have also introduced innovative solutions to enhance AI security. Palo Alto Networks unveiled Prisma AIRS 3.0, incorporating artifact scanning and agent red teaming to bolster endpoint security. Intel is optimizing CrowdStrike’s Falcon platform for Intel-powered AI PCs, leveraging advanced telemetry and detection capabilities to combat emerging threats.
Despite the advancements in AI security technologies, a critical gap identified during the conference is the lack of an established agent behavioral baseline. This deficiency poses a significant challenge for security teams in identifying and responding to anomalous agent behavior effectively.
In conclusion, the RSA Conference 2026 shed light on the evolving landscape of AI security and the pressing need for organizations to adopt more sophisticated and proactive approaches to protect their systems. The recommendations presented at the conference emphasize the importance of inventorying agents, establishing behavioral baselines, and pressure-testing the agent supply chain to mitigate potential risks effectively. As the threat landscape continues to evolve, security leaders must remain vigilant and proactive in safeguarding their organizations against emerging threats.