Three AI security assumptions that will break in 2026

AI has become a dominant topic at the RSAC show, with discussions often focusing more on tools than the deeper structural risks it poses. The Chief Strategy and Trust Officer at Bugcrowd highlights how enterprises need to reassess their assumptions about AI's impact on security, development pipelines, and decision-making. Contrary to the belief that AI simplifies security decisions, it often complicates them by accelerating change management beyond human governance capabilities. While many hope AI will reduce vulnerabilities, it initially seems to increase them as AI-generated code and attacker automation outpace security teams' abilities to manage risks. Additionally, AI threats are not limited to advanced targets; they could impact less prepared systems like ICS/SCADA and legacy workflows. The conversation at RSAC should pivot to understanding AI's broader implications on enterprise security and how to regain control before vulnerabilities are exploited.