my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Every Major Security Vendor at RSAC Has an AI Agent Now. Here Is What Is Actually Real.

John Z Black Mar 30, 2026 AI Security #rsac-2026 #agentic-soc #ai-security #crowdstrike #wiz #proofpoint #arctic-wolf #greynoise #vendors

When every major security vendor launches the same category of product at the same conference in the same week, you stop calling it a trend. You call it a structural shift.

That’s what happened at RSAC 2026. CrowdStrike, Wiz, Proofpoint, Arctic Wolf, GreyNoise – all of them, agentic AI, all at once. Some of it is vaporware. Some of it isn’t. Here’s where things actually stand.

The urgency is real. M-Trends 2026 dropped the same week showing dwell time reversing and attackers handing off access in under 30 seconds. Humans alone can’t move fast enough anymore, and the vendors know it. Kevin Mandia put it plainly: “It’s a perfect storm for offense over the next year or two.”

CrowdStrike (Charlotte Agentic SOAR / AgentWorks): GA. Start here. This is the most production-ready of the week by a clear margin. Twelve out-of-the-box agents, 70% reduction in manual investigation workload, 40+ hours of team capacity restored per week, 98%+ decision accuracy. Real customer metrics from real deployments. If you’re already in the Falcon ecosystem, this is the gap to close first.

Wiz Green Agent: Preview. The Google Cloud acquisition is done, and this is the first real signal of what that combination looks like. Interesting architecture for cloud-native teams. No customer metrics yet. Worth tracking, not deploying broadly yet.

Proofpoint intent-based AI: Preview. Genuinely different framing for email security, but fresh off the announcement. Nothing to act on yet.

Arctic Wolf Aurora: Announced. Bold claims, unclear launch status. Check back in a few quarters.

GreyNoise integrations: GA. Quietly the most useful thing this week. No agentic SOC branding. Just real-time noise filtering built directly into CrowdStrike and Google SecOps. If your analysts are drowning in scanner alerts, this fixes a concrete problem today.

One thing nobody talked about enough at RSAC: the governance frameworks for running these agents safely don’t exist yet. Vendors are selling autonomy. Most security teams don’t have policies defining what an AI agent is actually allowed to do on their behalf. Work on that before the agent makes a call you didn’t expect.

Get the full RSAC 2026 agentic SOC scorecard with vendor-by-vendor analysis