RSAC draws more than 40,000 people to San Francisco every March. After a week on that floor, you develop a feel for where the industry's attention is and where it isn't.
This year, the attention was on agentic AI. It was on every booth banner, in every session abstract, in every conversation on the expo floor. The underlying idea matters. AI systems that can investigate threats and remediate without a human in the loop represent a genuine shift in how security gets done. The industry isn't wrong to be paying attention.
But the conversation was happening at the wrong altitude, aimed at organizations with dedicated security teams, budgets, and the capacity to act on what they learn at a conference like this. Meanwhile, the most exposed population in the threat landscape was barely mentioned: the consumer. AI doesn't reduce the need for security. It multiplies it. And the consumer endpoint is where that multiplication is going to be felt most.
AI isn't just changing how we defend — it's changing how we get attacked
Fraud and scams dominated the conversations I had at RSAC, and not just from consumer-facing companies. Enterprise players are watching the same threats blur the line between work and personal life. The device someone uses for work email is the same one receiving a convincing AI-generated phishing message designed to look like it came from their bank.
Social engineering, always effective and always underestimated, is now faster, smarter, and cheaper to execute than ever before. AI lets bad actors generate personalized, contextually believable attacks at scale. What used to require a skilled human running a targeted operation can now be automated and deployed against millions of users simultaneously. The barrier to a sophisticated attack has collapsed.
The agentic AI conversation at RSAC was also notably one-sided. Everyone was talking about AI agents as a security solution. Far fewer people were talking about AI agents as a security problem: autonomous systems that can probe, adapt, and exploit faster than any human-driven attack campaign. That conversation needs to happen now, before a major incident forces it.
On vibe coding: not everything that makes noise is a threat
Not every trend at RSAC deserves equal weight, and part of what's valuable about spending a week on that floor is developing the ability to tell the difference.
Vibe coding made a lot of noise this year. It's an AI-assisted approach to software development that's generating real excitement in developer communities. And while it raises legitimate questions about code quality and security review processes, it's not a meaningful threat to the cybersecurity industry. It's a development workflow story, not a threat vector story. The industry has a habit of chasing the shiny thing, and the threats that actually deserve our attention, including fraud, social engineering, and AI-powered attacks on consumers who have no idea they're being targeted, are more than enough to keep us busy.
AI moved to the desktop. Security didn't follow.
Platforms like ChatGPT and other AI tools have fundamentally changed what happens at the device level. Processing that used to happen in the cloud is now hitting endpoints directly. Users are running AI workloads, generating locally, storing more sensitive data on-device than at any point in the history of personal computing. Every AI workload running on a consumer device is a new attack surface. We're adding millions of them a day.
Security models built around the network perimeter were never designed for this environment. The perimeter is now the user's device and, increasingly, the user themselves. Most consumer security products still haven't caught up to that reality.
Reaching consumers who don't know they need help, and partners who want to reach them
The partners we spoke with at our booth this week are sitting on something valuable: an existing user base they're not fully monetizing. RealDefense gives them a way to change that by delivering something their customers genuinely need, whether those customers know it yet or not.
Most consumers don't know their device has a problem until something goes wrong. SmartScan embeds directly into a partner's existing product or customer experience, scans the user's device, and surfaces real issues: issues degrading performance, vulnerabilities left unaddressed, risks accumulating in the background. When a problem is detected, the user gets a clear, specific alert and a direct path to fixing it. That's the moment of truth, the point at which a user who had no idea they needed help is suddenly looking at exactly what's wrong and what to do about it.
Partners generate new revenue. Users get protection they wouldn't have sought out on their own. Given where the threat landscape is heading, the value of that second outcome is growing fast.
Why no single technology is going to solve this
There is no single technology that solves the threat landscape we're walking into. The answer is a combination of software, services, human intelligence, and AI working together. Software provides scale and speed. Services add depth and customization. Human intelligence catches what algorithms miss and supplies judgment that autonomous systems can't replicate. AI makes all of it faster and more responsive.
What makes RealDefense's position distinctive is that we have to make that case to two different audiences simultaneously. To partners, the value is a proven monetization model that generates meaningful revenue from an existing user base without adding complexity to their core business. To consumers, the value is protection from a threat environment that is moving faster than most people realize and that AI is about to make significantly worse. Serving one serves the other. The conversations we had in San Francisco confirmed that the appetite on both sides is real. If you'd like to continue the conversation, we'd like to hear from you.
RealDefense exhibited at RSAC 2026 at Booth N-5185, Moscone Center, San Francisco. To learn more about the RealDefense partner platform: Partners – RealDefense
Gary Guseinov is CEO of RealDefense, a cybersecurity and software monetization company helping partners build trusted, recurring revenue.
Find Gary Guseinov on LinkedIn.