Security must move beyond monitoring

RSAC 2026 ran March 23–26 at the Moscone Center in San Francisco, where "agentic AI" and protocol-level controls dominated vendor keynotes and floor demos. (rsaconference.com) Cisco unveiled DefenseClaw, an open‑source framework that it says will scan and sandbox every agent skill and verify Model Context Protocol (MCP) servers before deployment. (newsroom.cisco.com) Microsoft described Agent 365 as a control plane for agents, with a planned general availability date of May 1 and inclusion in Microsoft 365 E7 to give enterprises centralized governance and runtime controls. (microsoft.com) Splunk framed the operational shift as an "Agentic SOC," announcing Enterprise Security updates that prioritize automated outcomes, unified telemetry, and agent-driven triage to reduce manual SOC load. (splunk.com) Industry working groups and papers at RSAC flagged MCP-specific attacks—identity spoofing, context tampering, and poisoned tool metadata—as distinct threat classes requiring model‑level guardrails. (coalitionforsecureai.org, arxiv.org) Recent supply‑chain incidents underscore the risk: researchers traced 335 malicious agent skills in the "ClawHavoc" campaign and reported the campaign impacted some 300,000 users, while independent scans have found double‑digit percentages of community skills containing exploitable flaws. (repello.ai, dev.to) Standards and tooling responses proliferated at the show, from OWASP’s Agentic Skills Top 10 to multiple open scanners and services like SkillScan and ClawMoat that report thousands of scanned skills and pattern‑based detections to block malicious SKILL.md artifacts. (github.com, skillscan.chitacloud.dev, clawmoat.com)