Everybody Was AI Fighting; RSA Went by as Fast as Lightning

Everybody Was AI Fighting; RSA Went by as Fast as Lightning
The RSA 2026 Astrix Booth in Full Swing

Originally published on LinkedIn: https://www.linkedin.com/pulse/everybody-ai-fighting-rsa-went-fast-lightning-jonathan-sander-pbh8c/


Three AI Agent Conversations that were a Little Bit Frightening

RSA is a yearly ritual for me that has become as much about seeing old friends as getting the security industry reset for the year. The weekend before the show is for friends. It went by way too fast. Every year around 7am on the first day, I take the booth staff badge I make sure I get assigned and walk the show floor all by myself. Walking those aisles lets me absorb the collective consciousness of security messaging. You’ll be absolutely shocked to learn that this year was overwhelmingly about AI Agent security. Everybody was AI fighting. That was also what everyone wanted to talk about in all the side meetings that took up the majority of my time during the show. Let’s go through three themes that came up again and again in those conversations.

When Will AI Agents be Fully Independent?

Agentic development, developers and others powered by tools like Claude Code and Cursor, seem to be the AI Agents everyone - Including Astrix - are focused on. There are definitely security concerns with the agentic developer pattern. But that’s still very human driven. Many were asking where the agents that will work autonomously are hiding. My response is: what do you think all those developers are building? That’s only slightly tongue in cheek. There are a lot of folks building autonomous agents coming to Astrix for identity security solutions, but it’s true that not many have turned them loose in production yet.

Those with autonomous agents all have two things in common in my experience. They are building those agents in a “walled garden”. That may be on Azure, Google, or AWS. Some are also doing this on Databricks or Snowflake. These agents tend to stay in those gardens. The other common quality is that they are very narrow. These agents have a very specific set of tasks, and the access they are granted is also very limited. They get the data and systems access they need and nothing more. That’s very different from the sprawling access we see agentic developers using. The footprint of these independent agents is small now, but it will sneak up on us very soon.

When is the Funeral for MCP?

It’s amazing what one tweet can do. I’ll leave this mostly as an “if you know you know” thing, but the number of folks who asked me about the untimely death of MCP was truly amazing. It all came because of a single tweet a few weeks ago. That was followed by the screams (for and against) of a million influencers. If you’re reading this, it’s likely you’ve also seen me posting about the MCP workshops I’ve been running. The ironic thing is that even the folks who showed up to these workshops which were over-registered and well attended still asked if MCP was really going to die soon.

A rare sighting of Sander in his native habitat - running a technical, hands-on workshop on MCP at RSA 2026

My answer about the untimely death of MCP is simple: no one really knows. The changes in the AI tech stack move as fast as lightning. So it’s entirely possible that MCP will be swept away. However, even as skills take a lot of the focus, many connections are being driven to use MCP in the name of standardization. We get a ton of inbounds about MCP security (outside the workshop registrations). I’ve talked to literally dozens of organizations who are building their own MCP Gateways to become the identity & security injection point for AI Agent access. For something that’s dying, there’s an awful lot of attention and effort being spent. So we’ll see.

Will Agents Really Take Over?

This is not people worrying about Skynet and the Terminator scenario. Many people in quiet moments asked if I thought all this AI Agent focus is pointing to some real future or if the hype machine is just super strong right now. This was easier to answer for some than others. If you’ve used Claude Code or Cursor to build stuff, I think you’ve gotten a glimpse of how this may actually work. While your agent is ruminating, noodling, marinating, or any of the other fun Claude Code words it may pick, you can watch it talking to itself about the task you’ve given it. But it doesn’t just talk to itself. There’s a bunch of subagents it may use while that’s happening. It’s talking amongst itself. You may never have even noticed, but you’ve got a little agent swarm at work for you when you use these tools.

I think that these swarms will become more and more common. Each tool for each task will build its own swarm. Those swarms will soon be able to talk to one another. Before we know it there will be hundreds of them swelling behind the scenes supporting us and each other as we move through even the most mundane tasks. Those of you who are opted in to the very latest in Google and Microsoft online email clients are already seeing the invisible swarms that offer spelling, grammar, and other writing help as you go. I think that is most like the model where agents take over. They will mostly be doing what we’ve always wanted tech to do - taking care of the boring details so we can free our minds. At least that’s what I see people trying to build in the B2B space right now. Maybe the T-800s are cleverly biding their time just out of view?