Like Glinda the Good with the people of the Land of Oz, agentic security was more popular than ever at RSAC 2026.

During the annual conference, which took place at the Moscone Center in San Francisco, current and emerging AI and agentic security risks dominated the conversation as security professionals did their best to wrap their heads around cybercriminals using the technology for their latest schemes.

Not-so-subtle foreshadowing. An underlying theme of the conference this year: the worst is yet to come.

Security professionals spent a great deal of time forecasting threats. During a March 24 Illumio panel at San Francisco’s Hyatt Regency, for example, Microsoft GM of Global Threat Intelligence Sherrod DeGrippo predicted a new type of threat actor that could soon pose a risk to organizations.

“We will see the advent very soon of the ‘unicorn threat actor,’ which is an apex-level threat actor that has incredible capability, incredible reach, incredible automation, and persistence,” DeGrippo said, adding that these will be socially motivated entities who engage in acts of hacktivism.

Conference time.—BM

Should companies slow their adoption of code-generating AI? A series of high-profile outages has highlighted the potential issues of allowing LLMs to build ever-larger portions of an organization’s codebase. However, experts say some of these concerns can be mitigated with a few key steps.

In the news…According to recent reporting from the Financial Times and CNBC, Amazon recently held an internal meeting to discuss several service outages. A briefing note viewed by the Financial Times stated that one of the “contributing factors” was GenAI usage “for which best practices and safeguards are not yet fully established.”

When contacted by IT Brew, Amazon spokesperson Maxine Tagay wrote in an email that only one outage was related to AI and none of the incidents involved AI-generated code. Additionally, Tagay shared that Amazon Web Services was not involved in the incidents.

Here’s what we know.—CN

A lot can change in a year. A bad haircut can grow out, a fitness goal can become reality, or cyberattackers can realize the different ways to take advantage of employee digital twins (EDTs). One company believes the lattermost example isn’t hypothetical.

According to a new TrendAI report unveiled at RSAC on Wednesday, companies should expect malicious actors to compromise and abuse EDTs within the next 12 to 18 months. The kicker? Such attacks are expected to be worse than credential theft by the end of 2027 because unlike credentials, EDTs cannot be reset.

Like an onion. EDTs differ from AI assistants in that they are typically composed of four different components, which TrendAI describes as “layers”:

• Knowledge. The layer of an EDT that has access to an employee’s expertise, processes, and skills.
• Personality. The layer that understands an employee’s communication style and unique mannerisms.
• Mindset. The layer that helps EDTs that emulate decision-making skills and logic of their owners.
• Trust. The layer that shapes EDT relationships and interactions (e.g., knowing “whose ‘urgent request’ gets immediate action”).

Twinning!—BM

CollabWORK connects you to the hidden job market through IT Brew and other trusted channels. Browse roles curated specifically for this community by clicking through to the job board.

• Systems Computer & Storage Engineer VP at Morgan Stanley
• Senior, IT Auditor at American Tower
• IT Business Operations and Procurement Specialist at Stream Realty
• Senior Cyber Security Engineer at Tradeweb
• Chief Information Security Officer at Graebel