Top 3 Themes to Lookout for at RSAC 2026

TL;DR

The cybersecurity world will be converging on RSAC 2026 this year to discuss the “Power of Community.” It has never been more relevant when considering the imperative of collective defense. Today’s adversaries target networks and industries. By utilizing united cyber risk intelligence, agentic AI, and hub-and-spoke threat intelligence sharing models, our “communities” can stand together against powerful emerging threats. Discover why these three themes will be the topics of conversation at the Moscone this month. This year’s RSA Conference theme is “Power of Community.” It couldn’t be more fitting given industry undercurrents towards threat intelligence sharing and collective defense. As we meet together at the Moscone Center in sunny San Francisco this year, three themes will be top of mind for the global cybersecurity industry at large:

• Unifying cyber risk intelligence to drive holistic cyber risk decisions

• Leveraging agentic AI to bolster unified cyber risk intelligence and unburden SOCs

• Accumulating threat intel from everywhere—no blind spots or gaps

Book your slot to meet the Cyware team!

In the past year, we’ve seen threat intelligence go from experimental to mission critical. Companies that only collected it are now striving to make good on that investment and operationalize it, understanding that it’s only as useful as it is actionable. Against this backdrop, we see AI, collaboration and risk prioritization converge to create a decision layer for cyber risk—one that uses optimized threat intelligence to inform strategy in all areas of the business, not just the SOC.

1. Unified Cyber Risk Intelligence (UCRI) Becomes the North Star

In their recent report, The Evolution of Threat Intelligence is Unified Threat Intelligence Management, Gartner states that “Many organizations are still making critical decisions based on incomplete or underrefined threat data...which is inherently limiting and insufficient for complex decisions.” Current threat intelligence programs typically rely on some data sources, but not all. This leaves critical gaps and makes hope a strategy. As the report explains, “UCRI aims to remove hope from the equation” by presenting the full gamut of external threat intelligence, combined with internal telemetry and logs, for an all-encompassing view of risk. Unified cyber risk intelligence gives teams the full scope of internal and external risk sources, like: Internal

• Exposure data

• Alerts from security tools

• Network traffic and anomalies

• Threat detection trends

• Incident response patterns

External

• Geopolitical and physical intel

• Public and private intelligence sharing (ISACs, private feeds)

• Dark web data

• Social media data

• Traditional external threat intelligence

This presents the whole picture, so executives understand the risk priorities based on a complete view of the landscape, not a limited one. UCRI shows what’s most important to the business at any given time, and what’s at stake.

Agentic AI for Unified Cyber Risk Intelligence

However, these results don’t populate themselves. Even humans are hard-pressed to analyze so many disparate sources and come up with a clear source of truth. That is why another top trend at RSA Conference this year will be the use of agentic AI to make proactive risk intelligence a reality. The industry is transitioning (quickly) from AI copilots that assist, to autonomous agent workflows that decide. That means that agentic AI is orchestrating:

• Ingestion

• Enrichment

• Correlation

• Prioritization

• Response

All with little to no human intervention. Analyst oversight is still maintained (to whatever degree desired) but in time, the agents learn from successes and failures and improve accuracy and customization over time. These agents take on the complexity and time-consuming work of making sense of big data, especially as it is gleaned from wide-ranging sources like threat intelligence platforms, exposure management tools, and SOARs. The result is something Gartner calls intelligence data fabric, or an underlying layer that informs not only SOC decisions, but risk prioritization across the board and all the way up to the executive level.

Threat Intelligence Sharing Inside Enterprise Networks (Going Beyond ISACs)

So, what is needed to provide AI agents with the information they need to succeed? Unified cyber threat intelligence depends on having all the pieces in place, which means moving beyond ISACs and other traditional threat intelligence sources to find needed intel from everywhere. We need to move beyond acting (or not acting at all) in isolation and stand united against high-powered threats at scale. Something that one entity knows could help another, protecting the whole. This is known as collective defense, and it depends on the ability to share threat intelligence inside enterprise networks, just like several major league sports associations.

Using Cyware, the associations and their teams were able to facilitate bidirectional threat intelligence sharing via a Hub-and-Spoke model. Now, teams could get real-time threat advisories and crisis notifications, preemptive threat management, and automated analysis and remediation for proactive response.

Attackers target organizations within the same industry; sharing intelligence between subsidiaries, business units, regional SOCs and partner ecosystems spreads tribal knowledge and strengthens the collective resilience of the whole.

Conclusion

This year’s RSA Conference conversations won’t be about security in a vacuum. Leading out on the “Power of Community,” we can expect to see more talks around how those communities can use today’s advancements – agentic AI, automated orchestration, threat intelligence sharing networks – to do what none of us can do on our own.

Come expand the dialogue around collective defense. Visit us in Booth #3329 at the Moscone Center and we’ll carry on the conversation together.

Frequently Asked Questions (FAQs) about Cyber Threat Intelligence

1. What is unified cyber threat intelligence (UCRI)?

Gartner defines UCRI as “the fusion of all relevant threat signals across diverse internal (telemetry, logs) and external (shared and commercial databases) sources into specialized analytical engines (machine learning, predictive modeling).”

In layman’s terms, it is the ability to collect all applicable threat intelligence from anywhere and use it to proactively predict and prevent threats through automation, orchestration and AI. UCRI report follows Cyware’s Unified Threat Intelligence Management position.

2. What part does agentic AI play in collective defense?

Being able to share threat intelligence in real-time and at scale is key to achieving collective defense. Agentic AI empowers related entities and networks to ingest, normalize, correlate, and disseminate massive amounts of threat intelligence and internal telemetry among themselves at a rate impossible by manual methods or even automation alone.

3. Why does threat intelligence sharing need to extend beyond ISACs and ISAOs?

ISACs and ISAOs are external-to-internal risk communicators, but a vast amount of threat intelligence resides within enterprise communities and networks (like within food service supply chains); this information must be shared via Hub-and-Spoke model to maximize independent collective defense, strengthen compliance, and speed response.