As both attackers and defenders rush to deploy agentic AI, enterprise cybersecurity leaders face a critical dilemma: how to move fast without sacrificing control.
That tension dominated discussions at the RSAC 2026 Conference, where analysts Jon Oltsik and Christophe Bertrand delivered a sobering closing analysis. "The attack surface is going to grow like a weed," Oltsik warned. "You have to anticipate that-and get your arms around it."
They described the current landscape as the "wild, wild west" of AI-driven security-but stressed that governance is the essential first step. "Get all stakeholders in place," Oltsik advised. "If you don’t have strong governance, build it."
Bertrand pointed to ServiceNow Inc. as an example where controlled environments enable real ROI from agentic AI-thanks to structured data processes and built-in guardrails. Yet even there, enterprises are effectively "building the plane while flying it," a risky but increasingly unavoidable reality.
The message was clear: without proactive governance, agentic AI could amplify threats faster than defenses can respond.