Key Takeaways:

1. AI security dominates submissions - Prompt injection, agentic AI, and LLM vulnerabilities are top concerns. 

2. Cloud attacks are increasing- Adversaries target persistence through tokens, hybrid clouds, and workload authentication. 

3. High submission quality reflects innovation- Competition was fierce, demonstrating strong cybersecurity advancement and creativity.

Having been on the Program Committee for the Hackers and Threats track for many years, I occasionally wonder if I’m getting a little jaded. Still, I see the Hackers and Threats track of RSAC Conference as an opportunity to plan for the year ahead. It highlights so many of the innovations occurring in cybersecurity. Technology continues to change at such an eyewatering pace, it’s impossible not to get drawn into all the exciting new things. Sadly, there’s equal appeal for criminal groups. This blog will discuss AI security, cloud attacks, and emerging threats that dominated RSAC 2026 Conference submissions, showcasing cybersecurity innovation and evolving challenges.

It’s little surprise that AI LLMs (Large Language Models) and agentic AI were at the top of many companies’ agenda. This year’s submissions explored how to find, validate, and understand the intricacies of security risks while also looking at how to secure them. Many proposed ideas on how to use these tools to help improve their own cybersecurity while others ideated on what it means as they become part of their supply chains, whether through autonomous processes or more simply the layers of software vendor complexity.

We had so many submissions this year, which is great (but if you submitted and didn’t get selected on these topics understand the caliber to get in was really high). Themes in the submissions spanned from general overviews to really in-depth analysis, including some of these specifics:

• Prompt injection and indirect prompt injection: These were covered last year and the year before, but that doesn’t stop the ever more creative ideas to break the AI security models.
• Agentic and browser-based AI: Submitters offered guidance on how to build capabilities securely using for example AI IDE (Integrated Development Environment). Many also covered topics related to account/credential protection and management.
• Compromising: No surprise many methods outlined here from credential token theft, synthetic and other agent based user attacks, data theft, command and control (C2), compromising differing instances such as Gemini Nano, attacking the tools and CI/CD pipelines around AI, and using exploits like MCP (Model Context Protocol) or other parts of the ecosystem that makes up AI.
• Using AI for good: There were submissions on how LLMs could be used to spot attacks (for example: in-memory) and using LLMs to understand the patch differentials in software updates.

However, there were many amazing submissions also beyond the realm of AI that included great deep dives into specific attack campaigns, (check out the agenda to see which of these we picked), but we always focus on the current and impactful attacks. Over recent years there seems to have been an uptick in Operational Technology (OT) attacks, some nation state actors often linked to geopolitical conflicts.  There has also been an uptick in both espionage and attacks against corporations.  

We always get some submissions that in many ways sit between fun to attend—hacking EV cars and their chargers, remote code execution on security cameras, bypassing the facial recognition and biometrics on devices and the security risks of brain implants—but still have very significant impact, but we must temper how usable this knowledge will be to attendees after they leave Conference.   

There were a significant number of sessions this year on cloud attacks. As regulation is increasingly challenging where businesses put their data in the cloud, adversaries are figuring out how they remain persistent. These submissions explored a variety of attacks in the cloud, including living of the land, attacking hybrid clouds, compromising cloud tokens, compromising workload authentication identities, and many other ideas.  At the same time, we also had sessions around better securing the cloud by reducing false positives, achieving better detection and automation of vulnerabilities, managing vulnerabilities in supporting software tools such as GitHub, and of course potential exploits in the hardware sitting behind the cloud and AI instances.

Of course we continue to read submissions on ransomware, with some looking to highlight new methods of trying to access data vaults or use group policy objects to gain access, but ransomware has been overshadowed by the world’s focus on AI.

But there are some themes that stood out as trends, for example token abuse in Azure and passkey Google Cloud authentication vulnerabilities, vulnerabilities in database systems such as OCI, SAP, and SFDC, misconfigurations across environments from RPC’s and WAF’s to log files and misconfigured sandboxes.

There were so many other amazing topics. To all those that submitted but didn’t get selected, take solace in the fact the caliber of submissions was so high—and do try again next year. 

As for next year, I can’t wait to see all the creative ideas you submit. It’s such an honor to get to read all the submissions. Despite having been in the industry now for over 35 years, the innovation fuels my passion.  What I can guarantee is if you are able to attend RSAC2026Conference, you will be in for some great Hackers and Threats sessions. Regardless of where you are in your career,you’lldefinitely come back better educated and prepared to secure your work environments in 2026 and beyond.