Agentic AI security at RSA 2026: what practitioners should watch

TL;DR: EMA’s 2026 Vendor Vision report highlights ten vendors at RSAC, with the selection explicitly calling out solutions for agentic AI and autonomous enterprise security, reflecting how machine-speed threats are reshaping conference attention according to Enterprise Management Associates. The pattern matters because identity teams now need to decide which controls can govern non-human and autonomous actors before the market settles on a default model.

NHIMG editorial — based on content published by Acalvio: EMA's 2026 Vendor Vision report ahead of RSAC 2026

By the numbers:

• With over 600 vendors and tens of thousands of cybersecurity professionals expected to attend, the report provides a curated roadmap to the most innovative solutions featured at the conference.
• 92% of organisations expose NHIs to third parties, raising concerns about supply chain security.
• 80% of identity breaches involved compromised non-human identities such as service accounts and API keys.

Questions worth separating out

Q: How should security teams govern AI agents and machine identities together?

A: Security teams should govern them together only at the policy boundary, not by assuming they behave the same way.

Q: Why do machine-speed threats expose gaps in identity governance?

A: Machine-speed threats expose gaps because many identity programmes still depend on review cycles, manual certification, and delayed revocation.

Q: What do security teams get wrong about autonomous enterprise controls?

A: They often treat autonomy as a branding term rather than an identity behaviour change.

Practitioner guidance

• Map autonomous decision points separately from NHI inventory Identify where systems can choose actions, tools, or timing without a human approval gate.
• Harden runtime delegation boundaries Define which identities may invoke tools, combine privileges, and hand off actions to other systems.
• Shorten the gap between detection and containment Pair identity monitoring with automatic containment rules so risky behaviour can be interrupted before it compounds.

What's in the full analysis

Acalvio's full post covers the conference-specific context this analysis intentionally leaves out:

• The exact list of EMA Vendor Vision winners and how they were selected for RSAC 2026.
• The conference framing around agentic AI solutions and autonomous enterprise security.
• The event logistics and vendor participation details that help attendees navigate the show floor.
• The original press-release language and announcement context behind the report.

👉 Read Acalvio's coverage of EMA's 2026 Vendor Vision report →

Agentic AI security at RSA 2026: what practitioners should watch?

Explore further

View Full Forum →  |  NHI Foundation Course →