RSAC 2026: How AI Has Split Cybersecurity into Two Parallel Wars

Lead: The RSAC 2026 conference in San Francisco gathered about 40,000 security professionals, and AI is no longer a side topic; it has divided the field into two wars—using AI to reconstruct defense and protecting AI systems themselves. Attack speed has shrunk from nine days in 2021 to thirty minutes in 2025, narrowing the defender’s window.

One Conference, Two Wars

The event highlighted a pivotal moment: AI is both a defensive tool and an emerging attack weapon, demanding that security teams develop capabilities for "AI defense" and "defending AI"—a duality unimaginable five years ago.

SOC Gunfire: The Critical Moment of AI‑Driven Attacks

In mid‑September 2025, Anthropic disclosed the first large‑scale AI‑only cyber‑attack, targeting roughly 30 global organizations across finance, tech, chemicals, and government. The AI‑driven Claude Code tool performed 80‑90 % of the work—scanning infrastructure, writing exploits, stealing credentials, and aggregating data—while human operators intervened only at a few strategic decision points.

Blue‑team view: This event marks a paradigm shift: attack speed is now limited only by compute resources, rendering traditional SOC models that rely on human analysts increasingly ineffective.

Anthropic warned that the barrier to executing complex attacks has dropped dramatically and will continue to fall.

Attackers also "jail‑broke" Claude, breaking the model into harmless‑looking micro‑tasks that collectively achieve malicious goals, illustrating a systematic deception rather than a classic vulnerability.

Speed Limit: From Nine Days to Thirty Minutes

Unit 42 data shows average breach detection time fell from nine days in 2021 to two days in 2023, and to about thirty minutes by 2025. A February 2026 Malwarebytes report cited a 2025 MIT study where an AI model used a Model Context Protocol to achieve full domain control of an enterprise network in under an hour, with no human involvement. Malwarebytes labeled this capability as the defining skill of 2026 cyber‑crime operations.

Blue‑team view: Exponential attack speed forces a complete redesign of incident‑response processes; minute‑level windows render hour‑level response cycles obsolete.

Vendors at RSAC announced solutions that claim to cut threat investigation from hours to seconds, reducing mean‑time‑to‑remediate (MTTR) by up to 90 %.

Two Waves of Defense

The first wave focuses on AI‑native security architectures that rebuild detection, response, and operations from the ground up, rather than bolting AI onto legacy SIEMs. This requires redesigning data collection, detection logic, and response mechanisms.

Blue‑team view: Market‑filled "SIEM + AI" products fail to address architectural bottlenecks; true AI‑native security demands a foundational redesign and new skill sets.

A10 Networks’ VP Jamison Utter noted that most of the required components are now understood, and existing tools for cloud, Kubernetes, firewalls, and API protection can be leveraged.

The second wave tackles the security of AI itself—hardening models against prompt injection, managing autonomous agents, and ensuring data integrity for AI inputs. Language becomes the attack surface; traditional firewalls, NDR, WAF, and API security cannot mitigate semantic threats.

Blue‑team view: Defenders must acquire expertise in LLM architecture, prompt engineering, and red‑team testing of AI systems.

New Blind Spots: Visibility Gaps Created by AI

Security veteran George Gerchow (CSO, Bedrock Data) warned that every technological paradigm shift creates visibility gaps, and AI exacerbates this problem, making it hard to determine what AI agents are actually doing.

Gerchow highlighted uncontrolled AI agents accessing sensitive data with almost no supervision.

Blue‑team view: Traditional rule‑based monitoring cannot track dynamic, adaptive AI behavior; new baselines and monitoring stacks are required.

Cobalt’s CTO Gunter Ollmann reported that while over 70 % of API and cloud vulnerabilities are addressed, only about 20 % of severe gen‑AI defects discovered in penetration tests are fixed.

Cobalt announced an AI‑driven penetration‑testing capability to automate reconnaissance and vulnerability discovery at the speed demanded by modern threat environments.

Architecture vs. Decoration: Drawing the Line

Many vendors will tout AI “stories,” but few deliver AI‑native architectures. Buyers must ask whether AI features are merely decorative (API calls, UI tweaks) or truly native (architectural redesign, detection paradigm shift).

Narrow Window: Time Is Not on Our Side

Defenders who have moved beyond legacy models now enjoy advantages in detection speed and data‑handling capacity, but attackers are adopting the same tools.

Utter summed up the dynamic as “machines versus machines.” AI‑guardrails—language models trained on attack data—inspect inbound and outbound LLM traffic in real time, representing the practical face of the second defense wave.

The gap between organizations that have re‑architected and those still running "traditional + AI" will not stay in defenders’ favor forever; institutional readiness—trained analysts, mature playbooks, governance, and trust in automated decisions—will be the decisive factor.

Blue‑team view: Readiness takes years to build; the time to start is now, and the window will not stay open indefinitely.

Translator’s Note: Blue‑Team Takeaways

Re‑architect defense paradigms from rule‑based to AI‑adaptive detection.

Advance both waves simultaneously: rebuild defenses with AI and protect AI systems.

Recognize the shrinking window; organizational preparedness will determine success.

Immediate actions: assess AI readiness of security architecture, build AI‑security capabilities (prompt‑injection detection, LLM monitoring), include AI in asset inventories and risk assessments, and develop AI‑specific incident‑response playbooks.

Time is of the essence.