RSAC 2026 Days 3-4 unleash a wave of product launches as vendors race to consolidate AI-native security platforms. OpenAI opens a dedicated bug bounty program for AI abuse and safety risks. Google sets 2029 as its hard deadline for quantum-safe migration. The Coruna iOS exploit kit resurfaces Operation Triangulation techniques with updated kernel exploits. Cisco patches multiple high-severity IOS vulnerabilities. CISA flags a critical PTC Windchill flaw that had German police physically warning organizations.
The third and fourth days of RSAC 2026 delivered a torrent of product announcements that collectively signal a fundamental shift in how the cybersecurity industry operates. Dozens of vendors used the conference to launch new platforms, capabilities, and integrations — with one overarching theme: AI-native security is no longer a roadmap item, it's shipping now.
The announcements cluster around several strategic themes that will define the security market for the next 12-18 months:
Major vendors are aggressively consolidating point solutions into unified platforms. The economics are straightforward: enterprises running 40-80 security tools face integration complexity that itself becomes a security risk. Vendors are responding by acquiring, building, and bundling capabilities to reduce tool sprawl.
Perhaps the most significant trend: multiple vendors announced autonomous Security Operations Center (SOC) capabilities — AI systems that can detect, triage, investigate, and respond to threats with minimal human intervention. These systems go beyond copilot-style assistance to full autonomous workflow execution:
Building on Gartner's Guardian Agents Market Guide released earlier this week, several vendors launched products specifically designed to secure AI agent deployments — monitoring agent behavior, enforcing guardrails, and detecting prompt injection attacks in production environments.
The explosion of autonomous security tools at RSAC 2026 validates KENSAI's core thesis: security that can't operate at machine speed is security that can't keep up. KENSAI's automated penetration testing was autonomous before autonomous was trendy — continuously scanning, testing, and validating security postures without waiting for human scheduling. As the industry catches up, our head start in AI-driven security testing becomes a deeper competitive moat.
OpenAI has launched a dedicated bug bounty program specifically targeting abuse and safety risks in its AI systems — a first-of-its-kind program that acknowledges a fundamental truth: AI security is not the same as traditional software security.
The new program goes beyond OpenAI's existing bug bounty (which focuses on traditional vulnerabilities like authentication bypass and data exposure) to cover design and implementation issues that could lead to material harm through AI misuse:
Traditional bug bounties ask: "Can you break into the system?" OpenAI's safety bounty asks: "Can you make the system do harmful things it's supposed to refuse?" This is a fundamentally different threat model that requires different expertise — red teamers who understand not just software exploitation, but also social dynamics, psychological manipulation, and the boundary between helpful AI and harmful AI.
The program signals OpenAI's recognition that AI safety is a continuous, adversarial process — not a one-time alignment exercise. As AI systems become more capable and are deployed in higher-stakes environments, the attack surface for misuse grows exponentially.
As AI agents become targets and tools in cybersecurity attacks, vulnerability assessment must expand beyond traditional software flaws. KENSAI's scanning capabilities are evolving to test for AI-specific attack vectors — including prompt injection testing for AI-powered web applications and API endpoints that interact with language models.
Google has publicly set 2029 as its target deadline for completing the migration of all its infrastructure to quantum-safe cryptographic standards — the most concrete timeline any major technology company has committed to for post-quantum readiness.
The announcement comes alongside the development of an anti-deepfake hardware chip that provides cryptographic attestation of media authenticity at the hardware level — addressing two of the most significant long-term threats to digital security simultaneously.
Cryptographic experts generally agree that cryptographically relevant quantum computers (CRQCs) capable of breaking RSA-2048 and elliptic curve cryptography could emerge between 2029 and 2035. Google's 2029 deadline positions the company at the aggressive end of preparedness:
The anti-deepfake chip provides hardware-level cryptographic signatures for photos and videos at the moment of capture. This creates an unbreakable chain of authenticity from camera sensor to viewer — making it computationally infeasible to create deepfakes that pass verification. Key capabilities include:
Organizations should begin their post-quantum migration planning now — not in 2029. KENSAI's infrastructure scanning identifies cryptographic implementations across your attack surface, flagging systems that rely on quantum-vulnerable algorithms. Starting an inventory of cryptographic dependencies today is the first step toward quantum readiness.
Security researchers have identified a new iOS exploit kit named "Coruna" that contains an updated version of the kernel exploit used in Operation Triangulation — the sophisticated zero-click attack disclosed by Kaspersky in 2023. Organizations with high-value iOS deployments should review their MDM configurations and ensure devices are running the latest iOS version.
The Coruna exploit kit represents the evolution of one of the most sophisticated mobile attack campaigns ever discovered. Operation Triangulation, originally disclosed by Kaspersky in June 2023, targeted iOS devices using a chain of four zero-day vulnerabilities — including exploitation of an undocumented hardware feature in Apple's A-series chips that even most Apple engineers didn't know existed.
Researchers now confirm that Coruna contains an updated version of the kernel exploit component, adapted for newer iOS versions and Apple Silicon hardware:
The resurfacing of Operation Triangulation techniques in a commercial exploit kit has serious implications:
Mobile device security is increasingly critical as enterprises rely on smartphones for multi-factor authentication, email access, and sensitive communications. KENSAI's attack surface scanning identifies exposed mobile-related infrastructure — MDM systems, corporate app stores, and mobile API endpoints — that could be leveraged as part of a broader mobile exploitation campaign.
Cisco has released patches for multiple high- and medium-severity vulnerabilities in IOS and IOS XE software. The flaws could lead to denial-of-service, secure boot bypass, information disclosure, and privilege escalation. Network administrators should prioritize patching, especially for internet-facing devices.
Cisco has shipped patches for a collection of vulnerabilities affecting its IOS and IOS XE software — the operating system running on the vast majority of enterprise routers, switches, and network infrastructure worldwide. The vulnerability batch includes:
Cisco network infrastructure is the backbone of enterprise and government networks globally. IOS vulnerabilities are particularly dangerous because:
Network infrastructure is frequently the most under-patched layer of the enterprise stack. KENSAI's automated scanning identifies Cisco devices running vulnerable IOS versions and flags them for immediate attention — ensuring network hardware gets the same security scrutiny as servers and endpoints.
CISA has flagged a critical vulnerability in PTC Windchill PLM software (CVE-2026-4681) that was severe enough to mobilize German police to physically warn affected organizations. Patch immediately. If running Windchill in any production environment, this is a top-priority action.
In a rare escalation, German police physically visited organizations to warn them about a critical vulnerability in PTC Windchill, a widely deployed Product Lifecycle Management (PLM) platform used by manufacturing, aerospace, defense, and automotive companies to manage product design data and intellectual property.
The vulnerability, tracked as CVE-2026-4681, is serious enough that CISA has added it to its Known Exploited Vulnerabilities (KEV) catalog, and German federal authorities took the extraordinary step of in-person notifications — typically reserved for active exploitation against critical infrastructure.
When German police start knocking on doors, the vulnerability is already being exploited. KENSAI's continuous scanning identifies exposed PLM systems and enterprise applications that traditional vulnerability scanners often miss because they fall outside standard IT asset inventories. Automated discovery of your full attack surface — including engineering and manufacturing systems — is the only way to ensure nothing is left unscanned.
The convergence of AI agents and Governance, Risk, and Compliance (GRC) is creating a new category: Agentic GRC. Rather than using AI to speed up existing GRC workflows, agentic GRC systems replace entire operational processes — evidence collection, control testing, audit preparation, and remediation tracking are handled autonomously by AI agents.
This shift has profound implications for how organizations manage compliance:
The most significant impact is on the GRC professionals themselves. When agents handle operational execution, the role shifts from compliance operator to risk strategist:
Agentic GRC and automated security scanning are natural partners. KENSAI's continuous penetration testing provides the real-time security evidence that agentic GRC systems need to validate controls and demonstrate compliance. Together, they create a closed loop: automated testing finds vulnerabilities, automated compliance tracks remediation, and continuous scanning verifies the fix — all without manual intervention.
| Development | Impact | Type | Action Required |
|---|---|---|---|
| RSAC 2026 Days 3-4 Product Launches | STRATEGIC | Industry | Evaluate platform consolidation options |
| OpenAI AI Safety Bug Bounty | STRATEGIC | Product Launch | Review AI security testing practices |
| Google 2029 Quantum-Safe Deadline | STRATEGIC | Research | Begin post-quantum migration planning |
| Coruna iOS Exploit Kit | HIGH | Research | Review enterprise mobile security posture |
| Cisco IOS Multiple Patches | HIGH | Patches | Patch all affected Cisco devices |
| PTC Windchill CVE-2026-4681 | CRITICAL | Vulnerability | Patch immediately — active exploitation |
| Agentic GRC Revolution | INFO | Industry Trend | Assess GRC automation readiness |
RSAC 2026 proved it: AI-native security is shipping everywhere. KENSAI's automated penetration testing was autonomous before it was a trend — continuously finding vulnerabilities while you focus on what matters.
Start Your Free Security Scan →Published by the KENSAI Research & Threat Intelligence Team
Research & Product Intelligence Roundup — March 28, 2026
Read more briefings →