← Back to Blog
Research 14 min read March 28, 2026

RSAC 2026 Product Blitz Reshapes Market, OpenAI Launches AI Safety Bug Bounty, Google Sets 2029 Quantum Deadline, Coruna iOS Exploit Updates Operation Triangulation, Cisco Ships IOS Patches

RSAC 2026 Days 3-4 unleash a wave of product launches as vendors race to consolidate AI-native security platforms. OpenAI opens a dedicated bug bounty program for AI abuse and safety risks. Google sets 2029 as its hard deadline for quantum-safe migration. The Coruna iOS exploit kit resurfaces Operation Triangulation techniques with updated kernel exploits. Cisco patches multiple high-severity IOS vulnerabilities. CISA flags a critical PTC Windchill flaw that had German police physically warning organizations.


1. RSAC 2026 Days 3-4 — Product Launches Reshape the Security Market

The third and fourth days of RSAC 2026 delivered a torrent of product announcements that collectively signal a fundamental shift in how the cybersecurity industry operates. Dozens of vendors used the conference to launch new platforms, capabilities, and integrations — with one overarching theme: AI-native security is no longer a roadmap item, it's shipping now.

The announcements cluster around several strategic themes that will define the security market for the next 12-18 months:

Platform Consolidation Accelerates

Major vendors are aggressively consolidating point solutions into unified platforms. The economics are straightforward: enterprises running 40-80 security tools face integration complexity that itself becomes a security risk. Vendors are responding by acquiring, building, and bundling capabilities to reduce tool sprawl.

Autonomous SOC Capabilities

Perhaps the most significant trend: multiple vendors announced autonomous Security Operations Center (SOC) capabilities — AI systems that can detect, triage, investigate, and respond to threats with minimal human intervention. These systems go beyond copilot-style assistance to full autonomous workflow execution:

AI Agent Security Emerges as a Category

Building on Gartner's Guardian Agents Market Guide released earlier this week, several vendors launched products specifically designed to secure AI agent deployments — monitoring agent behavior, enforcing guardrails, and detecting prompt injection attacks in production environments.

KENSAI Perspective

The explosion of autonomous security tools at RSAC 2026 validates KENSAI's core thesis: security that can't operate at machine speed is security that can't keep up. KENSAI's automated penetration testing was autonomous before autonomous was trendy — continuously scanning, testing, and validating security postures without waiting for human scheduling. As the industry catches up, our head start in AI-driven security testing becomes a deeper competitive moat.


2. OpenAI Launches Bug Bounty Program for AI Abuse and Safety Risks

OpenAI has launched a dedicated bug bounty program specifically targeting abuse and safety risks in its AI systems — a first-of-its-kind program that acknowledges a fundamental truth: AI security is not the same as traditional software security.

The new program goes beyond OpenAI's existing bug bounty (which focuses on traditional vulnerabilities like authentication bypass and data exposure) to cover design and implementation issues that could lead to material harm through AI misuse:

What's In Scope

Why This Matters

Traditional bug bounties ask: "Can you break into the system?" OpenAI's safety bounty asks: "Can you make the system do harmful things it's supposed to refuse?" This is a fundamentally different threat model that requires different expertise — red teamers who understand not just software exploitation, but also social dynamics, psychological manipulation, and the boundary between helpful AI and harmful AI.

The program signals OpenAI's recognition that AI safety is a continuous, adversarial process — not a one-time alignment exercise. As AI systems become more capable and are deployed in higher-stakes environments, the attack surface for misuse grows exponentially.

KENSAI Perspective

As AI agents become targets and tools in cybersecurity attacks, vulnerability assessment must expand beyond traditional software flaws. KENSAI's scanning capabilities are evolving to test for AI-specific attack vectors — including prompt injection testing for AI-powered web applications and API endpoints that interact with language models.


3. Google Sets 2029 as Quantum-Safe Migration Deadline

Google has publicly set 2029 as its target deadline for completing the migration of all its infrastructure to quantum-safe cryptographic standards — the most concrete timeline any major technology company has committed to for post-quantum readiness.

The announcement comes alongside the development of an anti-deepfake hardware chip that provides cryptographic attestation of media authenticity at the hardware level — addressing two of the most significant long-term threats to digital security simultaneously.

The Quantum Threat Timeline

Cryptographic experts generally agree that cryptographically relevant quantum computers (CRQCs) capable of breaking RSA-2048 and elliptic curve cryptography could emerge between 2029 and 2035. Google's 2029 deadline positions the company at the aggressive end of preparedness:

Anti-Deepfake Hardware Attestation

The anti-deepfake chip provides hardware-level cryptographic signatures for photos and videos at the moment of capture. This creates an unbreakable chain of authenticity from camera sensor to viewer — making it computationally infeasible to create deepfakes that pass verification. Key capabilities include:

KENSAI Perspective

Organizations should begin their post-quantum migration planning now — not in 2029. KENSAI's infrastructure scanning identifies cryptographic implementations across your attack surface, flagging systems that rely on quantum-vulnerable algorithms. Starting an inventory of cryptographic dependencies today is the first step toward quantum readiness.


4. Coruna iOS Exploit Kit — Operation Triangulation Returns

⚠️ HIGH — Coruna iOS Exploit Kit Contains Updated Operation Triangulation Kernel Exploit

Security researchers have identified a new iOS exploit kit named "Coruna" that contains an updated version of the kernel exploit used in Operation Triangulation — the sophisticated zero-click attack disclosed by Kaspersky in 2023. Organizations with high-value iOS deployments should review their MDM configurations and ensure devices are running the latest iOS version.

The Coruna exploit kit represents the evolution of one of the most sophisticated mobile attack campaigns ever discovered. Operation Triangulation, originally disclosed by Kaspersky in June 2023, targeted iOS devices using a chain of four zero-day vulnerabilities — including exploitation of an undocumented hardware feature in Apple's A-series chips that even most Apple engineers didn't know existed.

Researchers now confirm that Coruna contains an updated version of the kernel exploit component, adapted for newer iOS versions and Apple Silicon hardware:

What Changed Since Operation Triangulation

Implications for Enterprise Mobile Security

The resurfacing of Operation Triangulation techniques in a commercial exploit kit has serious implications:

KENSAI Perspective

Mobile device security is increasingly critical as enterprises rely on smartphones for multi-factor authentication, email access, and sensitive communications. KENSAI's attack surface scanning identifies exposed mobile-related infrastructure — MDM systems, corporate app stores, and mobile API endpoints — that could be leveraged as part of a broader mobile exploitation campaign.


5. Cisco Patches Multiple High-Severity IOS Vulnerabilities

⚠️ HIGH — Multiple Cisco IOS Vulnerabilities Patched (DoS, Secure Boot Bypass, Privilege Escalation)

Cisco has released patches for multiple high- and medium-severity vulnerabilities in IOS and IOS XE software. The flaws could lead to denial-of-service, secure boot bypass, information disclosure, and privilege escalation. Network administrators should prioritize patching, especially for internet-facing devices.

Cisco has shipped patches for a collection of vulnerabilities affecting its IOS and IOS XE software — the operating system running on the vast majority of enterprise routers, switches, and network infrastructure worldwide. The vulnerability batch includes:

Why Cisco IOS Patches Matter

Cisco network infrastructure is the backbone of enterprise and government networks globally. IOS vulnerabilities are particularly dangerous because:

KENSAI Perspective

Network infrastructure is frequently the most under-patched layer of the enterprise stack. KENSAI's automated scanning identifies Cisco devices running vulnerable IOS versions and flags them for immediate attention — ensuring network hardware gets the same security scrutiny as servers and endpoints.


6. CISA Flags Critical PTC Windchill Vulnerability — German Police Mobilized

⚠️ CRITICAL — PTC Windchill CVE-2026-4681 Triggers Physical Government Response

CISA has flagged a critical vulnerability in PTC Windchill PLM software (CVE-2026-4681) that was severe enough to mobilize German police to physically warn affected organizations. Patch immediately. If running Windchill in any production environment, this is a top-priority action.

In a rare escalation, German police physically visited organizations to warn them about a critical vulnerability in PTC Windchill, a widely deployed Product Lifecycle Management (PLM) platform used by manufacturing, aerospace, defense, and automotive companies to manage product design data and intellectual property.

The vulnerability, tracked as CVE-2026-4681, is serious enough that CISA has added it to its Known Exploited Vulnerabilities (KEV) catalog, and German federal authorities took the extraordinary step of in-person notifications — typically reserved for active exploitation against critical infrastructure.

Why PTC Windchill Is a High-Value Target

Immediate Actions

KENSAI Perspective

When German police start knocking on doors, the vulnerability is already being exploited. KENSAI's continuous scanning identifies exposed PLM systems and enterprise applications that traditional vulnerability scanners often miss because they fall outside standard IT asset inventories. Automated discovery of your full attack surface — including engineering and manufacturing systems — is the only way to ensure nothing is left unscanned.


7. Agentic GRC — The Compliance Automation Revolution

The convergence of AI agents and Governance, Risk, and Compliance (GRC) is creating a new category: Agentic GRC. Rather than using AI to speed up existing GRC workflows, agentic GRC systems replace entire operational processes — evidence collection, control testing, audit preparation, and remediation tracking are handled autonomously by AI agents.

This shift has profound implications for how organizations manage compliance:

From Periodic to Continuous

The Identity Shift for GRC Professionals

The most significant impact is on the GRC professionals themselves. When agents handle operational execution, the role shifts from compliance operator to risk strategist:

KENSAI Perspective

Agentic GRC and automated security scanning are natural partners. KENSAI's continuous penetration testing provides the real-time security evidence that agentic GRC systems need to validate controls and demonstrate compliance. Together, they create a closed loop: automated testing finds vulnerabilities, automated compliance tracks remediation, and continuous scanning verifies the fix — all without manual intervention.


Daily Research & Product Summary

DevelopmentImpactTypeAction Required
RSAC 2026 Days 3-4 Product LaunchesSTRATEGICIndustryEvaluate platform consolidation options
OpenAI AI Safety Bug BountySTRATEGICProduct LaunchReview AI security testing practices
Google 2029 Quantum-Safe DeadlineSTRATEGICResearchBegin post-quantum migration planning
Coruna iOS Exploit KitHIGHResearchReview enterprise mobile security posture
Cisco IOS Multiple PatchesHIGHPatchesPatch all affected Cisco devices
PTC Windchill CVE-2026-4681CRITICALVulnerabilityPatch immediately — active exploitation
Agentic GRC RevolutionINFOIndustry TrendAssess GRC automation readiness

The Industry Is Going Autonomous. Is Your Security Testing?

RSAC 2026 proved it: AI-native security is shipping everywhere. KENSAI's automated penetration testing was autonomous before it was a trend — continuously finding vulnerabilities while you focus on what matters.

Start Your Free Security Scan →

Published by the KENSAI Research & Threat Intelligence Team
Research & Product Intelligence Roundup — March 28, 2026
Read more briefings →

🛡️ Is your website secure?

Discover vulnerabilities before attackers do.

Scan your website for free →

Related Articles

تسريب برنامج التجسس DarkSword لنظام iOS على GitHub يهدد الملايين، VoidStealer يت Ruflo Launches Claude-Native Agent Orchestration at 28K Stars, SuperMemory AI Re Bypass de Autenticação CCTV...