TL;DR: At RSAC 2026, the media wants substance. Conversations are shifting from AI hype to proof. Security reporters are looking for real-world deployments, measurable outcomes, clear explanations of AI’s role in security operations and practical guidance on emerging risks like AI tech debt and quantum threats.
Every year, hundreds of cybersecurity brands converge upon RSAC, all with news to share. Few break through.
The ones that stand out know what reporters are chasing, and they show up with exactly that. They tailor product launches, research and thought leadership to the themes and storylines shaping journalists’ agendas heading into the show.
To help organizations refine their RSAC 2026 strategy, we went straight to the source. We asked leading security reporters from Forbes, Dark Reading and CSO Online what they’re most focused on at this year’s RSA Conference, and we built practical, actionable communications guidance around their answers. Here’s what they told us.
The AI Conversation Is Entering Its Proof Phase
No one is questioning whether AI will dominate RSAC 2026. The real question is whether the industry is ready to treat AI as operational reality rather than marketing momentum.
As Becky Bracken of Dark Reading puts it, “AI will continue to dominate the conversation, but I am hoping to hear more about substantive use cases this year.”
That shift from promise to proof is where the story is heading. Reporters and practitioners alike are looking for real-world deployments, measurable outcomes and hard-earned lessons, not just roadmap vision.
At the same time, AI is reshaping the cybersecurity workforce itself, automating work once handled by early-career professionals and disrupting the traditional talent pipeline. CISOs are being asked to deploy AI defensively, while defending against it offensively, all while managing risk, budgets and board expectations. The pace of change is intense, and many leaders are quietly questioning what sustainable adoption truly looks like.
These are the tougher, more nuanced conversations that will define RSAC this year and the ones we’ll be digging into throughout the conference.
Tony Bradley, a contributor for Forbes, shares a similar expanded view.
“What I’m most looking forward to at RSAC this year, and simultaneously what I’m most dreading, is the messaging from cybersecurity vendors around AI,” he says. “On one hand, we’re in the middle of a genuinely transformative shift. AI, agentic workflows, automation and data-driven security operations have the potential to meaningfully change how we defend organizations. That’s exciting.
“On the other hand, I don’t envy anyone who isn’t deeply technical or steeped in cybersecurity trying to walk the expo floor and make sense of it all. When every booth promises AI-powered, AI-driven, or AI-native security, the signal-to-noise ratio plummets fast. The real difference will come down to substance. Who can clearly articulate what their AI actually does, how it improves outcomes, and where it fits in the broader security architecture, versus who is simply slapping an AI label on the same old story.”
John Mello Jr., another freelancer for several outlets including CSO Online and TechNewsWorld, expects a similar shift.
“The industry is moving beyond experimentation to confronting real world consequences, for better and for worse,” John says. He points to agentic AI as a flashpoint and calls it “a real can of worms,” because it pushes machines into roles that used to require human decision-making and action. He also believes that humans need to remain in the loop, saying, “If machines are autonomously mitigating vulnerabilities or responding to persistent threats without oversight, you’re inviting trouble.”
Broader media coverage is also shifting to discuss how much autonomy AI gets, what guardrails exist and what happens when it is wrong. The strongest AI narratives will explain use cases and challenges in plain language and show tangible outcomes.
AI Tech Debt is Stacking Up, Lead with Evidence
Alongside AI enthusiasm, people are questioning the IT complexity that rapid AI adoption is creating at scale.
Becky noted this tension directly. “Enthusiasm over novel AI business opportunities is going to wind up introducing more vulnerabilities than it provides real value and leave security teams with a mess of AI tech debt to clean up later.”
This is a real opening for brands that can show they have thought beyond the AI demo. If you have AI governance, controls and evidence (e.g., research, telemetry, or customer validation), this is the year to lead with it.
Quantum May Feel Urgent, Not Hypothetical
AI will be the headline, but quantum is likely to gain more visibility this year as the risk becomes closer to reality.
Beyond AI, John expects quantum computing to gain renewed urgency at RSAC.
“For years, quantum was treated as a distant concern,” he says. “But recent advancements are compressing the timeline. Organizations are beginning to realize they can’t afford to treat this as theoretical anymore.”
He also notes that infrastructure and operational resilience remain major quantum blind spots.
“We’ve been talking for years about adversaries embedded in critical infrastructure — water systems, telecommunications — and too often the response has been muted. The warnings are clear, but meaningful action hasn’t always followed.”
He also points to uneven collaboration between government and enterprise as an ongoing challenge.
“Public-private cooperation is essential, but it’s inconsistent,” he says. “As threats accelerate, whether from AI-driven attackers or future quantum capabilities, that coordination gap becomes harder to ignore, and it’s essential to have a cohesive partnership.”
A smart communications strategy will be to provide practical clarity on what quantum readiness looks like, what matters now versus later for protection, and what steps security leaders should take.
How to Win Mindshare at RSAC 2026
As RSAC 2026 conversations shift from hype to showing proof, communications strategies should do the same. An integrated communications approach still matters, but it must be grounded in relevance. That means connecting on-the-ground activations with earned storytelling that reflects the issues reporters are tracking, amplifying those narratives through social and paid channels, and sustaining momentum after the conference ends.
That starts with having a clear narrative that maps to what reporters are actively covering (real use cases, measurable outcomes and the practical realities CISOs face). That narrative should be easy to grasp and consistent across onsite activations, media and analyst outreach, owned content, and social.
Earned storytelling should lead with proof: credible research, customer examples, measurable outcomes and clear differentiation. Paid amplification can then extend reach in the channels shaping RSAC conversations, including paid interview opportunities with outlets like Dark Reading, SC Media or the ISMG Network.
If you’re building out your RSAC media mix, dig deeper on how to build a paid media strategy that complements earned and owned efforts here.
Let’s Build Your RSAC Communications Strategy
RSAC 2026 will reward brands that connect onsite presence, storytelling proof and amplification into a coherent program. For organizations looking to pressure-test an RSAC narrative, sharpen proof points, or build an integrated plan across earned, owned and paid, RH Strategic can help.
Heading to the show? Come find me and my colleague Brendan Hughes, we’d be thrilled to say hello and talk strategy. To connect ahead of time or discuss how to prepare your PR and marketing program for next year, please reach out at hw**@*********ic.com or bh*****@*********ic.com.
***
RH Strategic is a Seattle and D.C.-based PR agency with a nationwide presence and additional global reach via membership in the Worldcom Public Relations Group. We provide strategic public relations for innovators in the technology, government, healthcare, and social and environmental impact markets.
