RSAC 2026: AppSec Existentialism

At the recent RSA Conference, significant attention was given to the transformative impact of AI on application security (AppSec) and the ongoing efforts to adapt to this rapid change. The event highlighted a notable disconnect between the confidence of vendors and the uncertainty of security practitioners, as AI-driven development accelerates code generation faster than it can be reviewed, necessitating a rethinking of security programs. Discussions emphasized the importance of bridging the gap between code analysis and real-world application behavior, with runtime testing emerging as a crucial strategy for identifying exploitable vulnerabilities. Despite the challenges, there was a collective willingness among attendees to collaborate on evolving AppSec practices, focusing on shared responsibility, education, and the development of new frameworks like the AI-driven development lifecycle (AI-DLC). The conference underscored the need for an operational shift in security approaches, as the rapid adoption of AI tools by both developers and attackers alters the dynamics of threat landscapes and vulnerability management.