Two of the year's biggest security gatherings have now wrapped. RSAC returned to the Moscone Center in San Francisco this spring; Infosecurity Europe followed in early June at ExCeL London. If you only read the agendas, you would think someone copied and pasted: agentic AI everywhere, shadow AI as the anxiety du jour, post-quantum cryptography lurking at the edges of every keynote.
But the agendas hide the more interesting story. Both continents fixated on the same three problems. They did not talk about them the same way. The gap between how an American show and a European show frame identical technology is, this year, a reasonably good proxy for where the whole industry is heading, and where it is going to argue with itself.
Same headline, different center of gravity
RSAC 2026 was enormous, drawing tens of thousands of attendees and hundreds of exhibitors across Moscone, as it does every year. Infosecurity Europe is a different animal by design: a smaller, denser show at ExCeL, more regional, more conversational.
That size difference matters because it shapes the conversation. RSAC is where vendors announce. The center of gravity is the product roadmap, the launch, the category-defining demo. Infosecurity Europe leans more toward the practitioner and the policymaker, with the UK's National Cyber Security Centre and a national-strategy framing baked into the keynote lineup. So when both events picked up agentic AI, you got two different reflexes: in San Francisco, "here is what we built"; in London, "here is how we govern what you built."
Agentic AI: the agentic SOC versus the governed agent
Agentic AI was the unmistakable headline on both coasts. The framing diverged sharply.
At RSAC, the dominant narrative was the agentic SOC. The pitch, repeated across the show floor and in the analyst commentary that followed, was that AI agents are moving from copilots that suggest to agents that act: triaging alerts, running playbooks, touching production systems with limited human review. Much of the recap framing treated 2026 as the year agentic AI stopped being a demo and started being an operating-model question. The optimism was real, and so was the unease underneath it. The recurring worry was non-human identity: traditional IAM was never designed for fleets of agents authenticating and acting at machine speed, and the consensus was that identity, not the model, is the new perimeter.
Infosecurity Europe took the same technology and led with control rather than capability. Keynote slots touched on agentic AI defense, but the surrounding program leaned governance: visibility into where agents are running, oversight of the interactions between models, tools, and corporate systems, and accountability when an agent does something wrong. Less "deploy the agentic SOC," more "prove you can see and constrain the agents you already have." That is a regulatory instinct showing through, and given the EU AI Act timeline and the UK's posture, it is the correct instinct for that audience.
The honest read: these are not competing visions, they are two halves of the same problem stated by audiences with different incentives. American buyers are racing to capture automation gains. European buyers are being asked, often by their own regulators, to demonstrate they have not lost the plot. Both are right. Neither is complete on its own.
Shadow AI: the shadow developer comes into focus
Shadow AI graduated this year from a buzzword into a named, specific threat model, and the most concrete articulation came out of RSAC: the shadow developer. The idea is straightforward and uncomfortable. Developers are running local AI agents and coding assistants that touch source code, credentials, and internal systems, and that activity cannot be governed at the network layer because much of it never crosses a controllable boundary. It is identity-layer activity by an entity your IAM stack does not recognize.
Infosecurity Europe treated shadow AI through a slightly different lens, closer to classic data-governance and regulatory exposure: unsanctioned tools quietly moving regulated data into models nobody approved, with the compliance consequences that implies under European data law. Same phenomenon, again, with the American framing tilted toward operational and identity risk and the European framing tilted toward data protection and accountability.
What both shows agreed on, refreshingly, is that "ban it" is not a strategy. You cannot block your way out of shadow AI any more than you blocked your way out of shadow IT. Discovery and visibility came up repeatedly as the actual first step: you cannot govern, secure, or report on what you cannot see.
Post-quantum cryptography: loud in London, muted in San Francisco
This is where the two events genuinely parted ways, and it is the most useful contrast for planning purposes.
At RSAC, post-quantum cryptography was present but, by most accounts, muted, surfacing mainly through the PKI and certificate vendors rather than dominating the main stage. Some commentators argued the real takeaway of RSAC was not AI at all but post-quantum readiness, precisely because the topic was being underplayed relative to its importance. Worth noting alongside it: Google has publicly signaled that it is accelerating its own post-quantum transition ahead of many government and industry timelines.
Infosecurity Europe gave PQC a brighter spotlight, with keynote and track time devoted to the "wait and see" complacency that RSAC seemed to exhibit. The European framing emphasized crypto-fragile components, "harvest now, decrypt later" exposure, and practical steps to begin crypto-agility now rather than waiting for a standards-driven fire drill. The contrast is almost too neat: the market-led show downplayed the long-horizon, regulation-shaped risk, while the policy-adjacent show put it on the main stage.
If you take one planning signal from the pair of events, it is this: quantum readiness is not an emergency this quarter, but crypto-agility is an architecture decision you make years before you need it. London said so more loudly than San Francisco did.
So what should a security leader actually do with this?
The two events together describe a coherent year, even if neither alone does. Agentic AI is real and arriving in operations, so non-human identity and agent oversight need to be on your roadmap now, not after the first incident. Shadow AI is already inside your perimeter, so the move is discovery and visibility, not prohibition. And post-quantum is a slow-moving certainty, so the work to do today is building crypto-agility into how you procure and architect, not panic-buying quantum-safe everything.
The transatlantic split, capability-first in the US and governance-first in Europe, is not a flaw to resolve. It is a reminder that any AI security program has to do both: capture the automation upside and prove control of it. The organizations that struggle in 2027 will be the ones that picked only one.
How Safeguard Helps
Safeguard is built for exactly the gap these two conferences described: getting the upside of AI agents while proving you can see and constrain them. We generate AIBOM and ML-BOM inventories so the agents, models, and tools in your environment stop being shadow AI, and our policy gates and vendor policy registry turn governance from a slide into an enforced control in CI/CD and procurement. Because we are model-agnostic, whichever foundation models you run plug in as interchangeable parts, while reliability lives in the verification and orchestration layer above the model, where our Multi-Agent TAOR Deep Think AI Engine and Griffin AI cut false positives through cross-checking rather than trust. If you want to map your agent and supply-chain exposure before the next conference cycle, reach out.