RSAC 2026 runs March 23-26 at the Moscone Center in San Francisco, drawing upwards of 40,000 cybersecurity professionals, executives and policy leaders. Yet the gathering of industry's largest annual event carries an unusual silence: three major federal cyber agencies were absent from RSA Conference 2026 in San Francisco, raising alarms about the future of public-private security coordination.
CISA, the FBI and the NSA were absent from RSA Conference 2026, marking a departure from decades of federal engagement. For more than a decade, federal presence at RSAC has served as a visible marker of the government's commitment to working alongside private industry on shared threats. FBI cyber officials share threat intelligence. NSA cryptographers unveil research. CISA coordinates with critical infrastructure defenders. This year, that pattern ended. The absence extends beyond symbolic matters. These are precisely the categories where federal law enforcement and intelligence agencies have investigative visibility that private-sector defenders lack, as threats evolve.
Meanwhile, agentic artificial intelligence has become the conference's defining theme. One of the most prominent themes heading into RSAC 2026 is the growing influence of AI — especially agentic AI — on both sides of the cybersecurity equation. Organizations are rapidly adopting AI agents to automate workflows, but these same systems introduce new attack surfaces and identity challenges.
The concern is substantive. Nearly half (48%) of respondents believe agentic AI will represent the top attack vector for cybercriminals and nation-state threats by the end of 2026. Part of this reflects the speed at which the technology is spreading: 77% of organizations are already running generative AI or large language models somewhere in their cybersecurity stack. Agentic AI — where systems take autonomous or semi-autonomous action — is in use at 67% of organizations.
Yet deployment has outpaced governance. Only 37% have a formal AI policy. The gap between deployment speed and protective oversight widened year over year. For security leaders, the challenge is immediate. Traditional identity and access management (IAM) models are not built for nonhuman identities operating at scale. Security leaders will need to rethink governance, authentication and monitoring strategies to account for AI-driven activity.
Defence against AI-powered attacks is also accelerating. Unit 42 has tracked mean time to exfiltrate data collapsing from nine days in 2021 to two days in 2023 to roughly 30 minutes by 2025. A February 2026 Malwarebytes report cited a 2025 MIT study in which an AI model using the Model Context Protocol achieved full domain dominance on a corporate network in under an hour — with no human intervention — evading endpoint detection in real time by adapting its tactics on the fly.
The conference's agenda reflects this urgency. RSAC is widely regarded as the security industry's premier event, and it brings together CISOs, CIOs, government leaders and researchers to examine the evolving threat landscape and the technologies reshaping defence strategies. But government participation this year is limited to retired officials and international representatives, leaving the domestic federal cybersecurity community's absence conspicuous.
RSA Conference organisers did not issue a public statement addressing the absences before the event opened. Whether sessions previously led or co-led by federal participants were cancelled, reassigned to other speakers, or quietly removed from the programme was not immediately clear. The longer-term implications cut deeper. Public-private partnerships on cyber threat intelligence depend on the kind of continuous dialogue that conferences enable. Without federal participation, that channel narrows.