RSAC 2026: Five Cybersecurity Vendors Make Big AI Moves
CrowdStrike, Palo Alto Networks, SentinelOne, Proofpoint, and Arctic Wolf launched major AI security products at RSAC 2026. Here is what the announcements mean for WAF teams and web application security.
RSAC 2026 wrapped up with a clear message: AI agents are the new attack surface, and every major security vendor is racing to build controls around them. CRN profiled five companies that made the biggest AI moves at the conference. Here is what matters for web application security.
CrowdStrike bets on the endpoint again
CrowdStrike launched AI Detection and Response (AIDR), shadow AI governance, and a new Falcon Data Security offering. CEO George Kurtz framed it as the endpoint becoming the place where AI activity happens and needs to be governed. The company also launched Agentic MDR, using AI agents to handle detection and response workflows.
For WAF teams, the relevant move is Falcon Next-Gen SIEM now supporting Microsoft Defender for Endpoint. WAF logs from Cloudflare, Akamai, or Imperva are only useful when your SIEM can correlate them with endpoint data. CrowdStrike is making that correlation easier for Microsoft shops.
Palo Alto Networks targets AI agent traffic
Palo Alto debuted Prisma AIRS 3.0 with capabilities specifically aimed at agentic AI. The standout announcement is AI Agent Gateway, a forthcoming product that sits in the flow of agent-to-agent communication to inspect, secure, and inject identity into that traffic.
This directly overlaps with WAF territory. As AI agents increasingly make API calls that hit web application firewalls, the line between API gateway security and WAF enforcement blurs. Teams running Prisma Cloud WAAS will likely see this integrated into their stack. Palo Alto also launched Prisma Browser for Business, targeting SMBs with browser-level security that covers threats traditional WAFs cannot reach.
SentinelOne goes deep on AI visibility
SentinelOne focused on monitoring AI usage through its Singularity platform and Prompt Security offering. The key addition is on-premises AI protection for sovereign and air-gapped environments. CEO Tomer Weingarten emphasized that securing AI is less about technology and more about bringing visibility all the way to the human operator.
This matters for organizations running WAFs like F5 Advanced WAF or FortiWeb in environments where data cannot leave the premises. AI security tooling that works on-prem fills a gap that cloud-only solutions cannot address.
The agentic security pattern
Proofpoint and Arctic Wolf rounded out the list with AI-powered email security and an agentic SOC platform respectively. The common pattern: vendors are building AI agents to defend against AI agents. Arctic Wolf described hundreds of AI agents handling security operations workflows autonomously.
For WAF operators, this trend has practical implications. If your security operations center is deploying AI agents that interact with your AWS WAF or Cloudflare configuration APIs, those agents need the same access controls and audit trails as human operators.
WAFplanet take
RSAC 2026 confirmed what the past six months have been building toward: the security industry has moved from defending against AI to governing AI within its own stack. That is a meaningful shift.
The WAF implications are clear. AI agents will increasingly generate traffic that hits your WAF. They will also increasingly manage your WAF configuration. Both directions create risk. The vendors making the smartest moves are the ones building controls that work with existing infrastructure rather than requiring full platform replacement.
Palo Alto's AI Agent Gateway concept is the most WAF-relevant announcement here. If it ships as described, it could become a critical layer between AI agents and the web applications that Cloudflare, Akamai, Google Cloud Armor, and others protect. Worth watching.
