RSAC 2026 Recap: Agents, tool sprawl, & chess
At RSAC 2026, three themes dominated security conversations: the rise of agentic SOC tools without clear adoption paths, growing demand for platform consolidation over point solutions, and widespread frustration with ingestion-based SIEM pricing.
RSAC 2026 Recap
RSAC 2026 is a wrap, and it was a big one for us. This was RunReveal's first time ever exhibiting at the conference, and we did it in style: we brought a chess grandmaster to play anyone who walked up to our booth. It was a blast, and honestly a pretty good metaphor for what we're building. Security is a thinking game, and the best security practitioners think several moves ahead.
Beyond the chess matches, we spent the week walking the show floor, hosting conversations at our booth, and connecting with security teams and CISOs at events throughout the week. We came away with three clear takeaways:
- Agents and agentic SOC are everywhere, but we’re still trying to figure all that out as an industry
- People are tired of tool sprawl
- Ingestion-based pricing is killing security teams
Agents and agentic SOC are everywhere, but nobody really quite knows what that means yet
Every vendor at RSAC had an AI story. Most of them had an agentic AI story. And yet, behind closed doors, CISOs are still asking each other what actually changes and when.
This felt like the most charged RSA I've been a part of, and I think it's because we're in that uncomfortable in-between moment where the industry knows something big is coming but hasn't landed on what it looks like. On the show floor, vendors have all the answers. In private conversations, there's a lot more humility about the uncertainty, whether that's around offensive AI capabilities, how defenders will actually use these tools, or what the SOC looks like in two years.
My honest read: security is changing, but it's changing slower than the hype cycle suggests. There are more questions than answers right now, and that's fine. What I do believe is that the SOC is genuinely ready for AI. The workflows are painful enough, the alert volumes are high enough, and the talent gap is wide enough that teams are actively looking for relief. The improvements AI brings to this set of problems is real, and we’re just figuring out the shape of how most teams adopt AI in their SOC.
Security teams want fewer tools, not more
This one was consistent across almost every conversation we had. Teams are exhausted from managing five or more vendors just to cover the basics. The pitch of "just add one more tool" is landing worse and worse. CISOs and practitioners alike are actively looking to consolidate, and they want the tools they already trust to do more for them. Breadth without complexity is a real competitive advantage right now, and the vendors who figure that out will win.
Ingestion-based pricing is quietly crushing security teams
This came up over and over, and it reinforced something we already believed pretty strongly. Security teams want complete visibility into their environment. They know there are threats lurking in log sources they can not afford to collect. That is not a tooling problem or a knowledge problem. It is a pricing problem.
The ingestion-based model that legacy SIEMs are built on was never designed with modern data volumes in mind. It creates perverse incentives where teams have to choose between coverage and cost, and it consistently punishes growth. The teams we talked to know this. They are not confused about the tradeoff. They are just stuck with it because the alternatives have not been obvious enough.
That is the problem RunReveal exists to solve, and after a week at RSAC, we feel more confident than ever that the timing is right.
Thanks to everyone who stopped by the booth, played a round of chess, or grabbed time with our team throughout the week. We will see you next year, and hopefully you will be running on RunReveal by then.