On May 1, 2026, six allied cyber agencies published joint guidance on the secure adoption of agentic AI. The recommendations map closely to non-human identity and GRC work that many programs are still building out.
Cisco’s AI Threat Research team showed how a single npm install can persistently poison Claude Code’s memory, turning a trusted coding assistant into a quiet source of insecure guidance. The technical details matter, and so do the governance gaps they expose.
Anthropic shipped Claude Opus 4.7 today as its most capable generally available model, but the cybersecurity story is bigger than the benchmarks. The model includes automated safeguards that block high-risk cyber requests, deliberately reduced offensive capabilities compared to Mythos Preview, and a new Cyber Verification Program that gates legitimate security use behind a formal application process. This is the first generally available model where Anthropic is actively testing the controls it needs before it can release Mythos-class capabilities to the public.
Anthropic launched Project Glasswing with 12 major tech companies, using its unreleased Claude Mythos Preview model to find and patch zero-day vulnerabilities at a scale and speed that didn’t exist six months ago. The implications for vulnerability management, patching cycles, and defensive security programs are enormous.
RSAC 2026 opens today at the Moscone Center in San Francisco. I’m not there in person this year, but I’ve spent the past week tracking every pre-conference announcement, keynote preview, and vendor press release. There’s a lot to take in, so here’s my attempt to highlight what’s most relevant for practitioners this week.
The conference covers a wide range of ground this year. Post-quantum cryptography, supply chain security, social engineering, cloud security, governance under the EU AI Act, workforce burnout, and even vibe coding as an emerging security risk all have dedicated sessions and tracks. RSAC themselves identified seven key trends from this year’s submissions: MCP, agentic AI, vibe coding, identity, governance, addressing burnout, and the power of partnerships.
NHIs are the privileged service account problem reborn at 100x scale. Same mistakes, same inertia, same excuses. Except now the service account can reason, make decisions, and talk to other service accounts autonomously.
AI agents are running in production right now, autonomously calling APIs, querying databases, and triggering workflows. Most organizations have no idea what access those agents have or who approved it. This is the identity governance problem nobody is ready for.
AI agents are no longer chatbots. They call APIs, execute code, and make decisions with real consequences. The OWASP Agentic Top 10 is the first industry framework built to address this new attack surface, and the numbers behind it should concern every security professional.