The era of AI agents: a new paradigm in cybersecurity arrives

The emergence of AI agents is ushering the corporate cybersecurity field into a new era of chaos. These autonomous AI agents are dismantling traditional identity and access control models, demanding new approaches to trust and management. On the fourth day of RSAC 2026, these topics became the main focus of discussion.

According to Zeus Kerravala, founder and principal analyst at ZK Research, this shift is unprecedented in the security industry, and security vendors are facing serious challenges. Because AI agents create their own derivative systems and reshape traditional identity management and access methods, the traditional attack surface has now become completely chaotic.

The AI-based security clipping theory proposes the concept that AI must protect AI itself. Kerravala emphasized that security teams without AI will risk falling behind rapidly, and achieving security transformation through AI is inevitable. Data security remains at the core; improperly protected or poorly managed data will continue to face exposure risks.

Christophe Bertrand explained that the meaning of data security itself may change significantly in the age of agents. From asset management and recoverability to identity management, various security concepts need to be redefined. This not only opens up financial opportunities but also reputation opportunities, as AI offers the possibility for security teams to no longer be seen as obstacles to business but as accelerators. Kerravala stated, “The security industry is at a turning point to reshape its image—from a ‘say no’ department to a driver of enterprise growth.”