From Secrets to Signals as CISOs Face 2026 Challenges

Insights from vendor conversations at RSAC 2026 in San Francisco

At RSAC 2026 in San Francisco, a simple shift in questioning revealed something deeper about the state of cybersecurity. 

Instead of asking vendors what their products do, they were asked to lead with the CISO challenge they are solving. The result was a far more revealing set of conversations, one that cut through positioning and exposed where security leaders are struggling. 

Across every discussion, a clear pattern emerged. Challenges may appear different on the surface, but they are converging around a single reality. Data is at the center of everything, and its movement, misuse, and exposure are accelerating faster than traditional controls can keep up. 

Artificial intelligence is not creating entirely new problems. It is amplifying existing ones. It is increasing the volume of code, the speed of attacks, the complexity of environments, and the ways data can leave the organization. 

At the same time, CISOs are being pulled into areas they did not historically own including operational technology, AI governance and brand protection. The result is an expanded scope of responsibility, often without a corresponding increase in clarity. 

What follows is a vendor-by-vendor view of the most pressing challenges emerging from those conversations.

Vendors featured in the article are:

Human Behavior Turns Insider Risk Into a Constant Security Variable

Above Security: Tricia Howard, Head of Marketing

One of the most persistent challenges is also one of the hardest to solve cleanly: insider risk. 

That does not just mean malicious insiders. More often, it means well-intentioned employees who are moving too fast, using the wrong tools, or creating exposure without realizing it. This is going to be even more apparent as we move into the agentic era - AI agents are insiders in everything but name. In modern environments, that can look like a marketer using a shadow AI tool to convert a file under deadline pressure, an employee routing sensitive work through a personal application, or a team member creating exceptions because business needs move faster than policy. 

That is what makes insider risk so difficult. It is not purely technical, and it is not purely malicious. It is deeply human. 

Tricia Howard of Above Security framed the issue as a long-standing gap between human behavior and security tooling. The industry has attempted to solve a behavioral problem with reactive controls, but those controls often miss the context behind decisions. 

AI and shadow IT have widened that gap. Employees now have more ways than ever to unintentionally create risk, often outside traditional visibility. The challenge is no longer just detecting incidents after they occur, but understanding behavior early enough to intervene meaningfully. 

Above Security’s approach focuses on aligning security visibility with real-world user behavior. Rather than relying solely on static controls, the emphasis is on identifying patterns of risky activity, improving awareness, and helping organizations close the gap between how employees actually work and how security policies are enforced.

AI Governance and Data Risk Expansion

BigID: Chris Hoesly, Field CTO 

The long-standing directive has been to know your data. That directive still holds, but its scope has expanded dramatically - and every conversation needs to include AI. The challenge is no longer just discovering and classifying data - although that remains the foundation. It is understanding how that data is being used, where it is going, and how it is being introduced into AI systems.  It's about understanding AI risk - from the data perspective, access perspective, and controls perspective. 

Chris Hoesly, Field CTO at BigID, described this as a shift from static data security to dynamic governance. Organizations are not just storing sensitive data. They are training models on it, feeding it into AI tools, and enabling employees to interact with it in entirely new ways.  On top of that, organizations need to govern AI risk, which starts with the data. 

As Hoesly explained, the focus has moved to “discovering, classifying, and understanding risk across all data and AI, regardless of where it sits, and especially as it makes its way into AI use cases.” That creates a layered challenge. Data used to build AI introduces one risk profile. Data entered into AI tools during everyday workflows introduces another. Many organizations are dealing with both simultaneously. 

Data security is no longer just about protection at rest. It is about governing how data is used in motion. BigID addresses this by providing visibility and control across data and AI environments, enabling organizations to understand what risk they have, how data is being used, and how it interacts with AI systems. The goal is to extend governance beyond visibility into control, helping teams apply guardrails around both data and AI workflows.

Turning Exposure Into Actionable Business Risk

CYE: Reuven “Rubi” Aronashvili, Founder and CEO 

One of the most practical frustrations in security today is not a lack of data. It is the opposite. 

Security teams are inundated with alerts, vulnerabilities, and findings, yet still struggle to answer the questions that matter most to the business. What is the likelihood of a material breach? What is the financial impact? Where should investment be focused? 

Rubi Aronashvili, Founder and CEO of CYE, framed this challenge as one of translation. Technical data does not naturally convert into business insight. The issue becomes more pronounced when volume is mistaken for risk. A list of thousands of vulnerabilities does not provide clarity. It creates noise without direction. 

Context is what changes that. Connecting vulnerabilities to exploitability, attack paths, and business impact allows organizations to distinguish theoretical risk from practical exposure. 

Not all critical risks are equal. A high-impact scenario with major financial or reputational consequences should not be treated the same as a lower-impact issue simply because both are labeled severe. 

Quantification, in this sense, becomes a tool for decision-making, not just reporting. 

CYE approaches this challenge by focusing on risk contextualization and quantification, helping organizations map technical findings to real-world business impact. By prioritizing risks based on exploitability and potential outcomes, the platform enables more informed decision-making and clearer communication with executive stakeholders. 

Urgency, Execution, and Impact: As threat actors weaponize AI, time to exploit is shrinking from days to minutes and even seconds, creating an urgent need to execute intelligently rather than simply work through lists of vulnerabilities. 

Three guiding questions should lead security teams: What vulnerabilities disrupt my business most? How do I fix them as fast as possible? And how do I know I’ve reduced organizational exposure? 

This is where CYE steps in, driving speed of execution while translating risk into financial impact that business leaders can clearly understand.

Reconstructing the Story Behind Security Incidents

Corelight: Bernard Brantley, CISO 

Many organizations are capable of investigating individual alerts. Far fewer can understand the broader pattern across incidents. 

Bernard Brantley, CISO at Corelight, highlighted this gap. Teams may successfully resolve isolated events but still miss the systemic issues connecting them. An alert tied to a misconfigured WAF and another tied to endpoint behavior may appear unrelated, yet both could stem from the same operational weakness. 

Without the ability to reconstruct the full sequence of activity, these patterns remain hidden. High-quality network evidence becomes critical in this context. It provides the visibility needed to understand not just what happened, but how and why. 

This becomes even more important as organizations begin exploring AI-driven workflows. The effectiveness of those systems depends heavily on the quality of the underlying data. Poor context leads to poor decisions, regardless of whether they are made by humans or machines. The issue is not simply detecting incidents, it is understanding them well enough to prevent recurrence. 

By providing deep network visibility and evidence that allows teams to reconstruct activity across environments Corelight addresses this. It enables security teams to connect events and identify patterns resulting in the focus shifting from isolated response to systemic understanding and improvement.

Secret Sprawl and Non-Human Identity Risk

GitGuardian: Carole Winqwist, CMO 

As software development accelerates, so does the exposure of secrets. 

Carole Winqwist, CMO at GitGuardian, described a rapidly expanding problem driven by both scale and speed. More people are producing more code than ever before, often embedding sensitive credentials in the process. 

These secrets, including API keys and tokens, are frequently exposed across repositories and collaboration tools. “As soon as it’s visible, it’s compromised.” Public repositories present the most immediate threat. Exposed credentials can be exploited within minutes. Internal systems are also vulnerable when secrets are hard-coded, reused, or over-permissioned. 

AI is amplifying both sides of the issue. It increases the volume of code being generated while also enabling attackers to exploit credentials more efficiently. This creates a prioritization challenge and not all secrets carry equal risk, but some require immediate remediation. 

The problem also extends into non-human identities. Machine credentials are often long-lived and over-permissioned, increasing the attack surface. Exposure, not just governance, becomes the starting point. 

Winqwist shared that GitGuardian focuses on detecting exposed secrets across environments, prioritizing the most critical risks, and enabling rapid remediation. By surfacing what is actively exposed and exploitable, the approach helps teams focus on immediate threats rather than being overwhelmed by volume.

Why Traditional DLP Breaks in a Modern Environment

Jazz: Jake Turetsky, Chief AI Officer; Yonatan Zohar, CTO; Noam Issachar, Chief Business Officer 

Data loss prevention has been a persistent challenge for over two decades. Despite continued investment, it remains one of the most unresolved areas in cybersecurity. Traditional DLP systems rely on static rules and pattern matching. This approach struggles in environments where data flows are dynamic and user behavior is unpredictable. 

Security teams are forced into a trade-off. Tight rules reduce coverage and broad rules create noise. The result is a system that rarely delivers both precision and completeness. 

The rise of AI has exposed these limitations further. Employees can interact with AI tools through personal accounts, bypassing traditional controls and introducing new pathways for data exposure. The core issue is not detection, it is context. 

Understanding what a user is trying to do, whether the action aligns with their role, and what surrounding activity looks like provides a far more accurate signal than static rules alone. The gap between expectation and reality in DLP remains one of the largest in the industry. 

Jazz shifts away from static rules toward context-driven analysis of user behavior. By evaluating activity in real time and understanding intent, the approach reduces noise while improving accuracy, allowing teams to identify true risk without relying on rigid policies.

Operational Technology Becomes a Core CISO Responsibility

Nozomi Networks: Markus Mueller, Field CISO 

Operational technology is no longer outside the CISO’s scope. Markus Mueller, Field CISO at Nozomi Networks, described how responsibility for OT is increasingly landing with security leaders, often driven by incidents or board-level awareness. The reason is clear, OT environments directly impact revenue and operations. 

As Mueller explained, “the operational technology side of the business is actually where you make money for the rest of the business.” 

This creates a shift in how risk is understood. It is no longer limited to data breaches. It includes operational disruption and business continuity. The challenge is that many CISOs do not come from an OT background and they are being asked to secure environments that operate differently from traditional IT systems. 

There is also a communication gap. Operational teams and executive leadership frequently speak different languages, and CISOs sit between them. The need is not just for visibility, but for context that can translate complex operational data into actionable insight. 

By providing deep visibility into OT environments and translating complex operational data into understandable insights is where  Nozomi Networks steps in . By making OT risk more accessible and actionable, the approach helps bridge the gap between technical teams and executive stakeholders.

The Brand Has Become an Attack Surface

Bolster AI: Rod Schultz, CEO 

Attackers are no longer focused solely on infrastructure. Increasingly, they are targeting perception. 

Rod Schultz, CEO of Bolster AI, described how impersonation has become a primary attack vector. Fake websites, spoofed communications, and fraudulent digital experiences allow attackers to exploit trust rather than technical vulnerabilities. Unlike internal systems, a company’s brand is public by design. That makes it harder to defend. 

AI has accelerated this trend; creating convincing impersonations is faster, cheaper, and more scalable than ever before. The attack surface now extends beyond systems an organization owns and includes how the organization is represented externally. 

Security programs that focus only on internal controls risk missing this entirely. 

Bolster AI detects and mitigates brand impersonation and fraud across external digital channels. By identifying threats that exist outside traditional infrastructure, the approach expands visibility to include how organizations are represented and targeted in the public domain.

A Converging Set of Challenges

Across these conversations, the themes were consistent. Data sits at the center of every challenge. It is being created faster, moving more freely, and used in more ways than ever before. AI is accelerating both risk and response. It increases exposure while also enabling new forms of detection and analysis. 

At the same time, traditional boundaries are collapsing. Insider risk, data protection, identity, OT, and brand security are no longer separate domains and security is no longer about protecting isolated systems. It is about understanding and managing interconnected risk across an increasingly complex ecosystem.