45,000 Security Professionals, One Clear Signal: Intelligence Is Getting Collaborative
Summary
A wrap-up of RSAC 2026 from the Serify perspective: what we learned about the state of cyber threat intelligence, why the best connections were European, and where agentic AI actually stands.
Four days, 45,000 security professionals, 700+ exhibitors, and more conversations than I can count. RSAC 2026 is wrapping up today, and it delivered.
When I wrote last week about Europe showing up at RSA, it was an informed prediction. Now I can confirm: Europe did not just show up. It made an impression. But this post is not about Europe alone. It is about what RSAC 2026 revealed about where our industry is heading, and what that means for what we are building at Serify.
The Event Itself
There is a reason RSAC remains the cybersecurity event of the year. The sheer density of knowledge, product innovation, and most importantly, people is hard to replicate anywhere else. From the keynotes featuring ENISA leadership and EU policymakers to the vendor floor and the evening receptions, every hour offered something worth paying attention to.
As I mentioned in our earlier post on Cybernation Germany, BSI President Claudia Plattner’s push for systemic change is gaining traction. That momentum was visible throughout the week, in session topics and in booth conversations.
Networking That Compounds
I came to San Francisco with a list of people to meet and conversations to have. What I left with exceeded those plans significantly. The networking at RSAC is genuinely excellent, not because of the scale alone, but because the event attracts the right concentration of decision-makers, engineers, and researchers who are actively solving the same problems.
The German Pavilion at Booth 5469 was a natural hub for European conversations. But the best connections happened organically: between sessions, over coffee, at receptions. That is the real value of being here in person.
Beyond the professional value, it simply felt good to be surrounded by likeminded people. People who do not see security as a problem to manage, but as a foundation for building products that make the world a better and safer place. That energy is hard to find elsewhere, and it is what makes RSAC worth the trip every single year.
CTI in 2026: Telemetry Is the New Currency
If there was one theme that cut across every threat intelligence conversation I had this week, it is this: CTI is becoming fundamentally telemetry-driven, and the walls between vendors are coming down.
Platform after platform, booth after booth, the pattern was the same. Companies are pooling telemetry, sharing enrichment data, and building on each other’s outputs. The old model of proprietary intelligence silos is giving way to something more collaborative. Feed providers enrich and score. Platform vendors integrate broadly. Detection companies contribute telemetry back into the ecosystem.
This is a healthy shift. The threats we face, from state-sponsored campaigns to ransomware operations, are too complex and too fast-moving for any single vendor to cover alone. The industry seems to have internalized that, and it shows.
The Agentic AI Reality Check
“Agentic AI” was everywhere at RSAC 2026. In keynotes, on booth banners, in product demos. Almost every vendor had an agentic story to tell.
But walking the floor and asking pointed questions revealed a gap between the marketing and the substance. Many implementations that carry the “agentic” label are, in practice, orchestration chains: sequential tool calls wrapped in a language model interface. Think LangChain-style pipelines with a chatbot on top. Useful, certainly, but not what most practitioners would consider truly agentic, meaning systems that can reason, plan, adapt, and act autonomously across complex workflows.
This is not a criticism of any specific vendor. The technology is genuinely difficult, and the industry is still figuring out what “agentic” should mean in a security context. But it is worth noting the gap, because customers deserve clarity about what they are buying.
Two Connections That Stand Out
Among dozens of valuable conversations, two stood out as potentially the most impactful of the entire conference.
ticura, based in Kassel, is doing impressive work on CTI source optimization: aggregating over a thousand sources, scoring feed efficacy, and producing enriched, explainable intelligence. Their approach to making CTI quality measurable rather than assumed aligns closely with what we believe the market needs.
DCSO, backed by some of Germany’s largest enterprises, brings a trusted community intelligence model that serves European critical infrastructure. Their focus on collaborative, cross-organization intelligence sharing within a trust framework is exactly the kind of ecosystem thinking that makes European CTI stronger.
Both conversations opened doors to collaboration that could be meaningful for all sides. We are looking forward to exploring what is possible.
Where Serify Fits
Walking the expo floor and speaking with dozens of vendors this week sharpened something I already felt going in: Serify is not competing in a crowded market. We are addressing a gap that most platforms work around rather than solve.
The majority of platforms I encountered fall into two categories. They either aggregate structured feeds and present them as intelligence, or they take intelligence someone else produced and route it into operational workflows. Both are necessary. Neither solves the core problem: turning the vast, unstructured landscape of advisories, reports, regulatory filings, and vulnerability disclosures into contextual, correlated, actionable intelligence.
That is what Serify does. Our domain-adapted AI models process hundreds of thousands of sources. We correlate using graph-based analysis rather than flat aggregation, which surfaces relationships and patterns that feed stacking cannot reveal. And we do this with a European-first approach: full GDPR compliance, native EUVD integration, and a reporting pipeline designed for the CRA’s 24-hour vulnerability notification obligations starting September 2026.
The telemetry-sharing trend I described above makes this even more relevant. As the ecosystem becomes more collaborative, the ability to ingest, correlate, and reason across diverse data sources is not just a feature. It is the foundation.
Looking Ahead
RSAC 2026 confirmed that the cybersecurity industry is at an inflection point. Regulation is accelerating. Intelligence is getting collaborative. And the demand for tools that can actually make sense of the data flood is only growing.
I came to San Francisco to learn, connect, and validate the direction we are building toward. All three happened, and then some. The partnerships forming out of this week will shape our roadmap in the months ahead.
See you at RSAC 2027.