❌

Normal view

My Really Fun RSA 2026 Presentations!

9 March 2026 at 23:28

This blog is perhaps a little bit more like an ad, so if you don’t want to check the ads, consider not readingΒ it.

a very cyber imageΒ (Gemini)

But this year at RSA 2026, I’m speaking on three topics: securing AI, using AI for SOC, and sharing lessons about how Google applies AI and other technologies toΒ D&R.

Here are these 3 funΒ things!

First, I’m doing a presentation on governing shadow AI agents. Believe it or not, this presentation was created mostly before OpenClaw became a thing (but updated for it!). So you may be surprised how well the content aged (think wine!) Attend this if you are struggling with shadow AI, specifically shadow agents atΒ work.

Shadow Agents: A Pragmatist’s Guide to Governing Unsanctioned AIβ€Šβ€”β€Š[STR-W08]

  • Wednesday, Mar 25 1:15 PMβ€Šβ€”β€Š2:05 PMΒ PDT

It is not the APT! The new threat is the β€œshadow AI agents” employees already use for work, leaking data and making decisions. Banning them is a losing game. This session will offer a better way: turn this organic behavior into a catalyst for secure progress. Learn to discover, assess, and channel unsanctioned agents into a formal strategy that empowers a team rather than force it underground.

The second is probably the most detailed discussion about how we use AI for detection and response at Google. You probably read our blogs and listen to our talks (especially this), but this time we are revealing a lot more interesting details about the machinery and also how we arrived at the state we’re in. I promise you this will be fun! And detailedΒ too.

This Is How We Do It: Building AI Agents for Cybersecurity and Defenseβ€Šβ€”β€Š[PART3-M07]

  • Monday, Mar 23 2:20 PMβ€Šβ€”β€Š3:10 PMΒ PDT

Presenters will share the playbook for building and scaling AI agents in cybersecurity. Attendees will learn four core lessons: Building trust with the team, prioritizing real problems, measuring value, and establishing solid governance foundations for the agenticΒ SOC.

Finally, the third isn’t a presentation but a discussion that would help you understand the real state of AI in security operations / SOC. This would not be about the slides, but about sharing lessons on what works and whatΒ doesn’t.

AI in SecOps: Sharing Lessons Learned for Adoption Maturityβ€Šβ€”β€Š[CXN-R05]

  • Thursday, Mar 26 12:20 PMβ€Šβ€”β€Š1:10 PMΒ PDT

Attendees in this peer-led discussion will share stories from the AI-powered SOC trenches. Explore real adoption journeys from manual processes to autonomous agents. Share practical use cases on analyst retraining, workflow auditing, malware analysis, remediation automation, RAG pipelines and more. Trade notes on what’s working, what’s breaking, trust gaps, AI hallucinations, and career redesign.

All in all, join me for securing AI and Shadow Agents, learning from Google about detection and response, and comparing the state of practice of AI in theΒ SOC.

See youΒ there!

P.S. Yes, we will also be podcasting from theΒ show.

Related:

RSA 2025: AI’s Promise vs. Security’s Pastβ€Šβ€”β€ŠA Reality Check”


My Really Fun RSA 2026 Presentations! was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.

Stone, parchment or laser-written glass? Scientists find new way to preserve data

Hard disks and magnetic tape have a limited lifespan, but glass storage developed by Microsoft could last millennia

Some cultures used stone, others used parchment. Some even, for a time, used floppy disks. Now scientists have come up with a new way to keep archived data safe that, they say, could endure for millennia: laser-writing in glass.

From personal photos that are kept for a lifetime to business documents, medical information, data for scientific research, national records and heritage data, there is no shortage of information that needs to be preserved for very long periods of time.

Continue reading...

Β© Photograph: Tetra Images/Erik Isakson/Getty Images

Β© Photograph: Tetra Images/Erik Isakson/Getty Images

Β© Photograph: Tetra Images/Erik Isakson/Getty Images

What 5 Million Apps Revealed About Secrets in JavaScript

17 February 2026 at 15:40
Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder's research team built a new secrets detection method and scanned 5 million applications specifically looking for secrets hidden in JavaScript bundles. Here's what we learned. [...]

Passwords to passkeys: Staying ISO 27001 compliant in a passwordless era

16 February 2026 at 16:02
Password-based authentication is increasingly risky as organizations adopt passkeys to strengthen security and meet ISO/IEC 27001 requirements. Passwork explains how to align passwordless adoption with Annex A controls, risk assessments, and secure implementation practices. [...]
❌