MY TAKE: As RSAC 2026 opens, AI has bifurcated cybersecurity into two wars—the clock is running
MY TAKE: As RSAC 2026 opens, AI has bifurcated cybersecurity into two wars—the clock is running
Publish Date: 2026-03-21 07:48:00
Source Domain: securityboulevard.com
By Byron V. Acohido
SAN FRANCISCO — RSAC 2026 opens here Monday at Moscone Center, with upwards of 40,000 cybersecurity professionals, executives, and policy leaders, myself among them, filing in to take stock of an industry under acute pressure.
Related: RSAC 2026’s full agenda
The dominant undercurrent is already unmistakable: AI hasn’t just arrived in cybersecurity. It has split the field in two.
For the past year, the industry has been simultaneously fighting two wars. One is about using AI to transform defense — rebuilding threat detection, threat response, and security operations from the ground up with AI at the center.
The other war is newer and in some ways more disorienting: figuring out how to secure AI systems themselves — even as attackers are learning to turn those same systems against the companies racing to deploy them.
These two wars demand entirely new weapons and fundamentally different thinking. They are both accelerating — and as the conference opens, it is far from clear that defenders are keeping pace with either.
The shot heard round the SOC
In mid-September 2025, something happened that the industry had long theorized but never quite confronted head-on. Anthropic detected and disrupted what it subsequently documented as the first large-scale cyberattack executed without substantial human intervention.
A Chinese state-sponsored group had manipulated Anthropic’s Claude Code tool into attempting infiltration of roughly 30 global targets — financial institutions, technology companies, chemical manufacturers, government agencies. The AI did 80 to 90 percent of the work: scanning infrastructure, writing exploit code, harvesting credentials, organizing stolen data. Human operators showed up only at a handful of strategic decision points per attack cycle.
Anthropic was candid about what the incident meant. “The barriers to performing sophisticated cyberattacks have dropped substantially,” the company wrote, “and we…
