RSA 2026 – AI Oozing Out of Every Pore
None
<p>Here at RSA, the hype is on “high”, including dune buggies driving the streets wrapped in high-tech banners claiming to have solved all things AI. Even before you get downtown you are greeted at the airport with big budget AI splashed all over the walls with outsized claims.</p><p>But what is real? </p><p>We here at SecureIQLab are trying to bring some of those claims back down to earth, in the form of neutral third party tools and reports to give normal businesses and organizations a way to sort through the fluff and get to what real information you can use.</p><p>Here are a few ways to cut the clutter and get to what you can trust about AI.</p><ol class="wp-block-list"> <li><strong>Show me the failure cases, not the demo</strong> – Right now everyone’s talking about fantastic capabilities, but what happens in the first contact with adversarial attack traffic? What happened under heavy load, not just a few test prompts? How does a vendor tune their systems against false positives and false negatives? If they don’t know – that’s not a good sign.</li> <li><strong>Map claims to specific attack classes</strong> – A vendor claiming to “stop AI threats” is vague, at best. Best to ask “Which of the OWASP LLM Top 10 do you actually stop—and how do you prove it?” For example: <ol class="wp-block-list"> <li>Prompt Injection – How did you test it?</li> <li>Data exfiltration – Did you monitor, or block it?</li> <li>Model extraction – How did you measure it? </li> </ol> </li> <li><strong>Separate detection from prevention</strong> – Right now, many AI “security” tools are little more than telemetry engines. Better ask “is your tool blocking, or just monitoring”, and “how many attacks are automatically blocked”. </li> <li><strong>Ask for an independent assessment</strong> – Right now, many vendors are basically grading their own papers – and producing “surprisingly” good results. But self-testing is an awful lot like not testing, and just as likely to survive when faced with real adversarial traffic. If there’s no third-party validation, assume you’re still looking at a demo.</li> </ol><p>At RSA, AI is everywhere, but clarity is not. It’s a good time to gather information, with a healthy dose of skepticism, and ask some specific, pointed questions. Solid, tested vendors won’t just show you their successes, but also failures, where they’re learning, and how they’re evolving their products to face real-world threats.</p><p>If you’re at RSAC 2026, book a meeting with me to see our SOCx + AI validation demo or to learn more about our AI Security CyberRisk Validation Methodology v1.0–releasing this week.</p><style> .custom-btn { display:inline-block; background:#f4b400; color:#000 !important; font-weight:600; font-size:16px; padding:12px 20px; text-decoration:none; border-radius:2px; font-family:Arial, sans-serif; transition:0.3s; } .custom-btn:hover { background:#e0a800; } </style><p><a href="https://secureiqlab.com/go/rsa-live?utm_content=livedays_blog1" class="custom-btn"><br> Meet Me at RSAC 2026 »<br> </a></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/rsa-2026-ai-oozing-out-of-every-pore/" data-a2a-title="RSA 2026 – AI Oozing Out of Every Pore"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Frsa-2026-ai-oozing-out-of-every-pore%2F&linkname=RSA%202026%20%E2%80%93%20AI%20Oozing%20Out%20of%20Every%20Pore" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Frsa-2026-ai-oozing-out-of-every-pore%2F&linkname=RSA%202026%20%E2%80%93%20AI%20Oozing%20Out%20of%20Every%20Pore" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Frsa-2026-ai-oozing-out-of-every-pore%2F&linkname=RSA%202026%20%E2%80%93%20AI%20Oozing%20Out%20of%20Every%20Pore" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Frsa-2026-ai-oozing-out-of-every-pore%2F&linkname=RSA%202026%20%E2%80%93%20AI%20Oozing%20Out%20of%20Every%20Pore" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Frsa-2026-ai-oozing-out-of-every-pore%2F&linkname=RSA%202026%20%E2%80%93%20AI%20Oozing%20Out%20of%20Every%20Pore" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://secureiqlab.com">SecureIQ Lab</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Cameron Camp">Cameron Camp</a>. Read the original post at: <a href="https://secureiqlab.com/rsa-2026-ai-oozing-out-of-every-pore/">https://secureiqlab.com/rsa-2026-ai-oozing-out-of-every-pore/</a> </p>