.gif){kind=logo}
RSA Conference 2026: A Defining Moment for Token Security and AI Agent Identity Security
.avif)
Itamar Apelblat
Coming into RSA Conference 2026, there was already a different kind of energy around Token Security.
Being named a Top 10 Innovation Sandbox Finalist is one of those milestones you dream about as a founder, but the reality of it hits differently. The weeks leading up to RSAC were a blur of preparation, refinement, and pressure. We weren’t just representing a product. We were representing a new category: Identity-first AI agent security.
And we knew the spotlight would be intense.
The Longest Three Minutes
If you’ve never stood backstage waiting to deliver a three-minute pitch at Innovation Sandbox, it’s hard to describe the mix of adrenaline and focus. You rehearse dozens of times, but in that moment, everything sharpens as you gaze out to a massive audience.
You have three minutes to define a market, prove urgency, and show why you matter. When I stepped on stage, the nerves were real, but so was the conviction.
We told a story that we deeply believe in: that autonomous AI agents and their identities are evolving rapidly and that traditional identity security models simply weren’t built for this shift. We highlighted intent-based permissioning for AI agents, not just as a feature, but as a fundamentally new way to control what AI agents are allowed to do, based on what they’re supposed to be doing and why they’re taking action, not just who they are.
We delivered the message we came to deliver. And while we weren’t ultimately selected as the 2026 Innovation Sandbox winner, something equally important happened.
The Signal Was Loud and Clear
After giving the pitch, the response was immediate and overwhelming.
Hundreds of people came up to us wanting to learn more. CISOs, practitioners, investors, and partners all asking the same underlying question: "How do we secure AI agents before they get out of control?"
The validation of being a 2026 RSAC Innovation Sandbox Finalist truly mattered.
RSAC 2026 made one thing unmistakably clear. AI agents are no longer theoretical. They are being rapidly deployed and security teams are scrambling to keep up. The conversations we had confirmed what we’ve believed from the beginning. This is not just an extension of identity security. It’s a new frontier that everyone is trying to figure out before it’s too late.
A Conference in Motion
Beyond the Innovation Sandbox event, RSAC itself was nonstop.
It felt like a constant sprint from one meeting to the next with prospects, customers, technology partners, and investors. Every conversation built on the last, reinforcing the theme that organizations are already facing critical security challenges with AI-driven identities and are looking for real solutions now.
Meanwhile, back at the booth, the energy never dipped.
Every time I stopped by, it was packed. The team was deep in demos, answering tough questions, and engaging in meaningful conversations. There’s nothing more rewarding as a founder than seeing your team operating at that level, as they were confident, sharp, and fully aligned with the mission. While seeing the crowds circling our booth was one thing, it was the quality engagement that was truly impressive.
The Market Is Here, Right Now
If there was a single takeaway from RSAC 2026, it’s this: We are in the right market, at exactly the right time, with the right solution.
AI agent identity security isn’t coming; it’s already here. Organizations are deploying autonomous workflows, integrating AI into core systems, and granting machines access to sensitive resources at scale.
But what we heard continuously from attendees was that their existing vendor solutions and controls are simply not ready for this explosion of AI agents and their identities. Static permissions, role-based access, and traditional IAM approaches break down when identities are dynamic, autonomous, and capable of chaining actions in ways humans don’t anticipate.
This is where intent-based permissioning for AI agents becomes critical and why Token Security is so well-positioned to lead this market. Security for AI agents needs to move beyond who an identity is and focus on what it’s trying to do and whether that intent is safe, expected, and authorized.
This approach resonated across every conversation we had.
A Proud Moment for the Team
RSAC is always a team effort, but this year felt especially meaningful. From Innovation Sandbox preparation to nonstop meetings, from booth engagement to deep technical discussions, every employee showed up and executed at an incredibly high level. I couldn’t be prouder of the Token Security team.
And, I want to call out one more defining moment: Ariel Simon’s session, “MCPwned: MCP RCE Vulnerability Leads to Azure Takeover.” Ariel’s research demonstrated, in very real terms, how vulnerabilities in emerging AI and control plane technologies can have a massive impact. He showcased his research on a real vulnerability and presented a practical, actionable, and powerful example of why this space needs attention now.
Seeing that level of research presented on the RSAC stage was a huge moment for us.
Looking Ahead
While we didn’t walk away with the Innovation Sandbox trophy, we did walk away with something more important: Clarity.
- Clarity that this problem is real
- Clarity that the market is accelerating
- Clarity that what we’re building matters
RSAC 2026 was a truly defining moment for Token Security. And, if this week was any indication, the conversation around AI agent identity security is just getting started.
If you missed us at RSAC 2026, we’d love to show you how we’re helping organizations solve their AI agent identity security challenges. Let’s schedule a demo.
