RSA Conference 2026 ran March 23 to 26 at the Moscone Center in San Francisco, the 35th edition of the show. If you wanted a single read on where the security industry thinks the money and the risk are headed, the Innovation Sandbox gave it to you in one sentence: every one of the ten finalists built artificial intelligence into the core of its product, and the company that won did it by securing the AI itself.
That is worth sitting with. The Innovation Sandbox is the part of RSAC where ten early-stage companies get three minutes each on stage in front of a judging panel, and the winners have a real track record of becoming the next generation of security platforms. When the entire finalist slate converges on one theme, it is not a coincidence — it is the industry placing its bets in public.
Geordie AI Took the Crown by Securing the Agents
Geordie AI was named "Most Innovative Startup" at the RSAC 2026 Innovation Sandbox. Its pitch was squarely on the problem that defined the week: agentic AI security. According to RSAC, Geordie's platform gives enterprises real-time visibility into their AI agent footprint, monitors agent behavior and posture, and works to identify and mitigate risk so organizations can scale agentic deployments without flying blind.
The framing matters. A year ago, "AI security" at RSAC mostly meant detecting prompt injection or scanning models for poisoning. In 2026 the winning thesis was about the agents themselves — the autonomous systems that take actions, call tools, and touch production. As enterprises wire AI agents into real workflows, they are discovering they have no inventory of what those agents can reach, and no continuous check on whether an agent's behavior has drifted into something dangerous. Geordie's win is a recognition that the agent is now an asset class of its own, and it needs the same discovery, monitoring, and risk scoring we already apply to servers, identities, and code.
The Finalist Slate: All-In on AI
The ten finalists, listed alphabetically, were Charm Security, Clearly AI, Crash Override, Fig Security, Geordie AI, Glide Identity, Humanix, Realm Labs, Token Security, and ZeroPath. By all accounts every finalist integrated AI into its product, and the Innovation Sandbox cohort has in recent years come with a substantial investment commitment attached to the Top 10 to fuel their growth.
A few of these names are worth tracking. ZeroPath plays in AI-driven code vulnerability discovery, which is the territory where the line between research demo and production tool is thinnest. Token Security and Glide Identity both circle the non-human and machine-identity problem — which, not by accident, is exactly the layer that agentic AI explodes in scale. Crash Override has been associated with open-source and supply-chain risk. Clearly AI and Charm Security lean toward AI governance and protecting users from AI-enabled fraud.
The healthy skepticism here: a finalist slate where AI is universal is also a slate where "AI" risks becoming a checkbox rather than a differentiator. The interesting question for each of these companies is not whether they use AI — they all do — but whether the AI is doing load-bearing work or decorating a feature list. The ones that last will be the ones whose architecture solves a problem that genuinely could not be solved without the model.
Launch Pad: Three Bets, Shark-Tank Style
RSAC's Launch Pad runs alongside the Sandbox for even earlier companies — incorporated two years or less — pitching bold ideas in a Shark Tank format to a panel of well-known security-focused venture investors.
Launch Pad is the more speculative end of the funnel, and it is useful precisely because it is less polished. These are ideas with the rough edges still on. They tell you what investors are willing to fund a year or two before it shows up as a category in the Sandbox. If you want a leading indicator of where the market is going, the Launch Pad room is often where you find it.
The Cryptographers' Panel: Less Optimism, More Warning
The Cryptographers' Panel is the intellectual counterweight to the contest floor, and this year it was notably sober. The 2026 panel — moderated by independent researcher Paul Kocher, reflecting on 25 years of the cryptography track — included Adi Shamir (the "S" in RSA), Harvard's Cynthia Dwork (a co-inventor of differential privacy), and UC Berkeley's Dawn Song.
Two threads dominated. First, agentic AI as a defensive and offensive force: panelists have increasingly warned that AI agents are getting good at finding bugs and vulnerabilities in large-scale open-source software. Reporting from the panel suggested the tone was unusually alarmed about the rapid proliferation of agents — a striking posture from people who helped build modern public-key cryptography. A useful corrective to the hype also surfaced: despite the excitement, there has not yet been a widely recognized cryptographic breakthrough produced by AI.
Second, post-quantum cryptography. The panel returned to the unglamorous, unavoidable work of key management for a quantum future and pressed organizations to actually build a post-quantum migration plan rather than treat the 2030-era timelines as someone else's problem. Crypto-agility — the ability to swap algorithms without re-architecting everything — is the practical takeaway, and it is still under-invested almost everywhere.
The contrast between the contest hall and the panel stage is the real story of RSAC 2026. Downstairs, a room full of founders is racing to ship AI faster. Upstairs, the people who understand the math best are saying, in effect, slow down and prove it works. Both things are true at once, and a serious security program has to hold both.
What the Signal Actually Means
Strip away the show floor and three durable signals remain. Agentic AI is now the center of gravity for security innovation, not a side track. The discovery and risk-scoring problem for AI agents is real enough that it won the top prize. And post-quantum readiness, while it did not win any pitch contest, is the slow-moving obligation the experts will not let the industry ignore.
The trap is treating "we use AI" as the answer when it is only the premise. The agents the industry is racing to deploy can find zero-days — which means they can be turned against you, and which means an unverified AI finding is a liability, not an asset. The hard engineering is not in the model. It is in the layer above it that verifies what the model says, traces it across your real environment, and decides what is worth acting on.
How Safeguard Helps
Safeguard sits in exactly that verification-and-orchestration layer above the model. Our Multi-Agent TAOR Deep Think AI Engine is model-agnostic by design — you bring your own model, whether that is a frontier model from a major provider or something you fine-tuned yourself, and our agents cross-check each other to cut false positives and turn raw findings into verified ones. For the agentic-AI footprint RSAC spent the week worrying about, we tie findings back to provenance, AIBOM and ML-BOM inventory, and policy gates so an AI agent is governed like any other production asset. We measure value in cost-per-verified-finding, not raw alert volume. If you want to see how that holds up against your own environment, reach out.