{"id":197948,"date":"2026-03-21T07:30:00","date_gmt":"2026-03-21T11:30:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/21\/my-take-as-rsac-2026-opens-ai-has-bifurcated-cybersecurity-into-two-wars-the-clock-is-running\/"},"modified":"2026-03-21T07:45:11","modified_gmt":"2026-03-21T11:45:11","slug":"my-take-as-rsac-2026-opens-ai-has-bifurcated-cybersecurity-into-two-wars-the-clock-is-running","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/21\/my-take-as-rsac-2026-opens-ai-has-bifurcated-cybersecurity-into-two-wars-the-clock-is-running\/","title":{"rendered":"MY TAKE: As RSAC 2026 opens, AI has bifurcated cybersecurity into two wars\u2014the clock is running"},"content":{"rendered":"

MY TAKE: As RSAC 2026 opens, AI has bifurcated cybersecurity into two wars\u2014the clock is running<\/a><\/p>\n

https:\/\/securityboulevard.com\/2026\/03\/my-take-as-rsac-2026-opens-ai-has-bifurcated-cybersecurity-into-two-wars-the-clock-is-running\/<\/a><\/p>\n

Publish Date: 2026-03-21 07:30:00<\/a><\/p>\n

Source Domain: securityboulevard.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points.
\nBy Byron V. Acohido
\nSAN FRANCISCO \u2014 RSAC 2026 opens here Monday at Moscone Center, with upwards of 40,000 cybersecurity professionals, executives, and policy leaders, myself among them, filing in to take stock of an industry under acute pressure.
\nRelated: RSAC 2026\u2019s full agenda
\nThe dominant undercurrent is already unmistakable: AI hasn\u2019t just arrived in cybersecurity. It has split the field in two.
\nFor the past year, the industry has been simultaneously fighting two wars. One is about using AI to transform defense \u2014 rebuilding threat detection, threat response, and security operations from the ground up with AI at the center.
\nThe other war is newer and in some ways more disorienting: figuring out how to secure AI systems themselves \u2014 even as attackers are learning to turn those same systems against the companies racing to deploy them.
\nThese two wars demand entirely new weapons and fundamentally different thinking. They are both accelerating \u2014 and as the conference opens, it is far from clear that defenders are keeping pace with either.
\nThe shot heard round the SOC
\nIn mid-September 2025, something happened that the industry had long theorized but never quite confronted head-on. Anthropic detected and disrupted what it subsequently documented as the first large-scale cyberattack executed without substantial human intervention.
\nA Chinese state-sponsored group had manipulated Anthropic\u2019s Claude Code tool into attempting infiltration of roughly 30 global targets \u2014 financial institutions, technology companies, chemical manufacturers, government agencies. The AI did 80 to 90 percent of the work: scanning infrastructure, writing exploit code, harvesting credentials, organizing stolen data. Human operators showed up only at a handful of strategic decision points per attack cycle.
\nAnthropic was candid about what the incident meant. \u201cThe barriers to performing sophisticated cyberattacks have dropped substantially,\u201d the company wrote, \u201cand we predict that they\u2019ll continue to do so.\u201d
\nLess noticed but equally significant: the attackers had gained access by jailbreaking Claude, breaking it into small, seemingly innocent subtasks so that the model executed malicious operations without ever being shown the full picture. The AI wasn\u2019t compromised by a vulnerability in the traditional sense. It was deceived \u2014 systematically, at scale, at machine speed.
\nSpeed that no human team can match
\nThe September incident wasn\u2019t an outlier. It was a confirmation.
\nUnit 42 has tracked mean time to exfiltrate data collapsing from nine days in 2021 to two days in 2023 to roughly 30 minutes by 2025. A February 2026 Malwarebytes report cited a 2025 MIT study in which an AI model using the Model Context Protocol achieved full domain dominance on a corporate network in under an hour \u2014 with no human intervention \u2014 evading endpoint detection in real time by adapting its tactics on the fly. Malwarebytes called MCP-based attack frameworks a \u201cdefining capability\u201d of criminal operations in 2026.
\nThe defense side is being forced to match that pace. Several vendors announcing at RSAC this week are targeting exactly this problem \u2014 reducing threat investigations that once took analysts hours down to seconds, cutting mean-time-to-resolution by as much as 90 percent.
\nThat is the operational reality walking through Moscone Center\u2019s doors this week. Attacks are no longer constrained by how fast a human attacker can think, pivot, or type. They are constrained only by compute.
\nWave 1 and Wave 2
\nAnd yet, this is precisely why the other battle \u2014 using AI to transform defense \u2014 carries genuine urgency. For three decades, defenders were structurally outmatched. The attack surface expanded faster than human-scale teams could ever respond. The SOC analyst could only work so many hours, parse so many alerts, correlate so many data points. The asymmetry was baked in.
\nAI-native security architecture offers the first credible counter to that asymmetry. Not AI features bolted onto platforms built a decade ago, but systems designed from the ground up around continuous, autonomous detection and response \u2014 systems that can operate at the same speed and scale as the threat. Call it Wave 1: AI deployed to rebuild the defensive stack.
\nThere is good news on Wave 1. \u201cA large portion of what is required is understood today,\u201d said Jamison Utter, vice president at A10 Networks, in a conversation last week.
\nCloud security, Kubernetes security, network firewalling, API protection \u2014 the tools exist to secure the known infrastructure layer, and the industry knows how to use them. The blocking and tackling, Utter said, is manageable.
\nTraditional SIEMs are leaving enterprises increasingly exposed as queues keep growing, investigations take longer to correlate and enrich context, and security talent shortages compound the pressure.
\nWave 2 is harder and less settled. It is the security of AI itself \u2014 hardening models against prompt injection, governing the behavior of autonomous agents, building data-integrity controls that ensure what\u2019s feeding enterprise AI can actually be trusted.
\nWhat makes Wave 2 structurally different from anything the industry has faced before is not complexity or scale. It is the nature of the attack surface itself. \u201cNever before was language itself an attack surface,\u201d Utter said. The semantic and non-deterministic character of large language models means adversaries no longer need to craft a malformed packet or inject a SQL string. They can probe an AI system through metaphor, through images, by switching languages mid-conversation \u2014 exploiting the very flexibility that makes these systems valuable.
\nThe existing defensive stack wasn\u2019t designed for any of that. \u201cEvery other tool we have today \u2014 firewalls, NDRs, WAFs, API securities \u2014 none of them solve the semantic problem,\u201d Utter said, \u201cbecause that\u2019s not what they were designed to do.\u201d The companies working the Wave 2 front are younger, smaller, and moving fast. Most enterprises haven\u2019t caught up to what they\u2019re solving.
\nGeorge Gerchow, a security veteran who has watched successive architectural shifts leave visibility gaps in their wake, frames the pattern plainly.
\n Gerchow
\n\u201cAnytime there\u2019s a paradigm shift in technology, it always starts with visibility, or at least it should,\u201d he said. \u201cAI has just exacerbated the problem \u2014 it\u2019s really hard to tell what\u2019s going on in that world right now.\u201d
\nGerchow, CSO at Bedrock Data, pointed to the specific threat vector driving that gap \u2014 rogue AI agents calling on resources and accessing sensitive data with no meaningful oversight. \u201cHaving visibility into what they\u2019re truly going to do, what sensitive data they\u2019re going to access, has become nearly impossible,\u201d he said.
\nGunter Ollmann, CTO of Cobalt and a three-decade practitioner of offensive security, puts a number on that gap. Cobalt\u2019s own pentesting data shows that organizations are resolving API and cloud vulnerabilities at rates above 70 percent \u2014 but when it comes to serious genAI flaws identified during testing, only about one in five gets fixed.
\n Ollmann
\nThe pace of AI deployment, Ollmann has observed, is outrunning the security discipline needed to validate it. At RSA this week, Cobalt is announcing new AI-driven pentesting capabilities designed to automate reconnaissance and vulnerability discovery at the speed the threat environment now demands.
\nThat distinction \u2014 architectural versus cosmetic \u2014 is the line I\u2019ll be drawing all week. A lot of vendors on this floor will have an AI story. Fewer will have an AI-native architecture. Fewer still will be able to explain precisely why the legacy model cannot get from here to there \u2014 not as a diplomatic talking point, but as a technical and economic reality.
\nA narrow window
\nThere is one other thing I am carrying into this week. The window matters.
\nDefenders who move first and farthest from the legacy model have a real advantage right now \u2014 in detection speed, in response capability, in the ability to process the kind of data volumes that modern environments generate. But attackers are adopting the same tools. The offensive use of agentic AI is not a future concern. It is a current operational fact, documented and published by the company that built the model that was turned against it.
\nUtter put the core dynamic in four words: \u201cIt\u2019s machines fighting machines.\u201d AI guardrail systems \u2014 purpose-built language models trained on attack data \u2014 inspecting inbound and outbound LLM traffic in real time, at carrier scale. That is what Wave 2 defense looks like in practice. The race is already on.
\nThe gap between those who have made the architectural shift and those still running legacy-with-AI-features will not widen indefinitely in defenders\u2019 favor. At some point, the tools equalize. What does not equalize is institutional readiness \u2014 the trained analysts, the mature playbooks, the governance frameworks, the hard-won organizational trust in automated systems making real-time decisions.
\nThat institutional readiness takes years to build. Which means the time to start is now, and the window is not permanently open.
\nThis week at RSAC, I will be looking for the practitioners and founders who understand both sides of the split \u2014 who can name what is broken in the old model specifically, who have made an actual bet on the new one, and who are clear-eyed about how much time is left to make it matter.
\nStay tuned. I\u2019ll keep watch \u2014 and keep reporting.<\/p>\n

Acohido
\nPulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.
\n(Editor\u2019s note: I used Claude and ChatGPT to assist with research compilation, source discovery, and early draft structuring. All interviews, analysis, fact-checking, and final writing are my own. I remain responsible for every claim and conclusion.)<\/p>\n

March 21st, 2026 | My Take | Top Stories
\n\u00a0
<\/p>\n","protected":false},"excerpt":{"rendered":"

MY TAKE: As RSAC 2026 opens, AI has bifurcated cybersecurity into two wars\u2014the clock is…<\/p>\n","protected":false},"author":1,"featured_media":197949,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.lastwatchdog.com\/wp\/wp-content\/uploads\/rsac-logo.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,31,17,27],"class_list":["post-197948","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-exploit","tag-llm","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/197948"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=197948"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/197948\/revisions"}],"predecessor-version":[{"id":197950,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/197948\/revisions\/197950"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/197949"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=197948"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=197948"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=197948"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}