RSAC 2026 was full of flashy screens, marketing fluff, and very little technical depth. We showed a working agent security runtime. Most of the floor showed a dashboard. Here's what I actually saw.
It started as a laugh between colleagues. Walking the expo floor at RSAC 2026, we kept seeing the same thing. Booth after booth: dashboards. Beautiful, colorful, metric-laden dashboards. Graphs going up. Graphs going down. Pie charts. Heat maps, etc
So we started asking: "So you have a Dashboard?"
The answer, more often than not, was like well this is a tool, then jumps into explaining but really its still the flashy dashboard to get you to come and look. When you started to get into a deeper conversation and an actual implementation thats where it pretty much stopped.
"So you have a dashboard?"
It became the running joke of the week.
And then it stopped being funny.
Because when the biggest cybersecurity conference in the world is dominated by vendors whose primary demo is a pretty screen with a theoretical implementation behind it, that tells you something about the state of the industry. It tells you the gap between marketing agentic AI security and actually implementing it is enormous.
This is RSAC. The premier cybersecurity conference. Nearly 44,000 attendees descending on the Moscone Center in San Francisco. You expect deep technical content, live implementation demos, architecture walkthroughs, real threat modeling.
What I saw was a lot of high-level marketing. Polished slides. Buzzword-heavy pitches. Vendors that stayed firmly in the "what we could do" territory without ever crossing into "here's how it works." When someone got remotely technical, it was usually surface-level, the kind of overview you'd give a non-technical executive, not a room full of security engineers.
The Pattern
Ask a vendor to go one level deeper than their demo. Watch what happens. If the answer is "we can schedule a deeper dive later," you just found the boundary of their implementation. You're looking at a dashboard.
That said, the direction of the industry is unmistakable. Agentic AI was everywhere. Every other booth, every other session, every conversation on the floor came back to agents. How to build them, how to deploy them, and increasingly, how to secure them.
This tracks. The shift from AI that advises.... to AI that acts is the biggest inflection point in enterprise security since zero trust went mainstream. And just like zero trust, the early days are messy. Lots of vendors saying the right words. Fewer vendors doing the right things.
At the IBM booth, we didn't show a dashboard. We showed a working agent security runtime and observability. Using IBM Verify and implementing our Agentic Security Runtime solution, with HashiCorp vault. We showed agent discovery and secret observability.
I spent the week demonstrating our agentic AI security implementation to customers, prospects, security architects, and technical leaders. Not a slide deck. Not a concept video. A live, running system that discovers agentic AI agents, secures their identity lifecycle, monitors their behavior in real time, and enforces authorization policies continuously.
We showed the full stack: observability, knowing what agents exist and what they're doing. Security, ensuring they have cryptographic identity, scoped credentials, and no static secrets. Governance, enforcing who authorized the agent, what it's permitted to do, and revoking access the moment something goes wrong.
What We Demoed
IBM Verify using RAR, Token Exchange, Shared Signals to enforce guardrails, HashiCorp Vault and IBM Verify Identity Protection discovering agentic AI agents and exposed secrets across the environment, combined with the Agent Security Runtime enforcing zero-trust principles at every layer. Real implementation. Real code. Real security.
Here's what surprised me. A significant number of people who stopped at our booth did not have a clear understanding of what it actually means to secure agentic AI before they arrived. They knew agents were a thing. They knew there was risk. But the specifics, how to discover agents, how to govern their identity, how to enforce least-privilege at runtime, how to maintain continuous authorization, that was new to many of them.
And that's not a criticism of the attendees. It's a reflection of how early we are. The industry is still figuring this out. Most organizations are deploying agents faster than they're securing them, and the security tooling has been lagging behind the innovation.
They came in asking, "How would we do this?"
They left saying, "IBM can actually do this."
One thing I heard repeatedly, were vendors just making api calls to vendor endpoints like copilot and doing "agent discovery" and then classifying the agent they find via their methods, like endpoint or browser agents. Verify Identity Protection does not rely on these methods. VIP can discover and classify without having to ask the vendor what agents the customer has and the details of those agents.
No user browser agent. No endpoint agent. No lightweight collector running on every node. We can discover what's out there without adding another agent to the environment.
This matters because every organization I spoke to is already drowning in agents. Endpoint agents, monitoring agents, security agents, compliance agents. The last thing they need is another agent to find their agents. That's the kind of irony the security industry specializes in.
| Approach | What It Means |
|---|---|
| Traditional vendors | Deploy a browser agent, endpoint agent, or runtime collector to discover what's in your environment. More software, more surface area, more overhead. |
| IBM Verify Identity Protection | Discovers agentic AI agents and exposed secrets without deploying any agent. No endpoint footprint. No browser extension. No runtime instrumentation. |
Discovery is only the first step. Once you know what agents exist, the next question is obvious: where do they live in your identity fabric? How do you manage their lifecycle the same way you manage users?
Today, most organizations have no central registry for their agentic AI agents. Agents get spun up by developers, wired into systems, handed credentials, and nobody tracks them as first-class identity objects. There's no provisioning workflow, no deprovisioning trigger, no lifecycle governance. They exist in a shadow layer between human identity and machine identity, and the current tooling doesn't account for them.
This is where agentic agent registries become critical. Not just an inventory, a standards-based identity registry that treats every agent as a managed entity with attributes, entitlements, lifecycle state, and relationships to the humans and systems that authorized them.
Why SCIM Matters Here
The industry already has a protocol for cross-domain identity management: SCIM. It's how enterprises provision and deprovision users across SaaS platforms today. Extending that same model to agentic AI agents is the natural evolution, a SCIM-based agentic agent registry that gives you standardized provisioning, attribute management, and lifecycle governance for every agent in your environment.
Think about what this unlocks. When a developer spins up an agent, it gets registered with defined attributes and scoped entitlements. When a project is decommissioned, the agents associated with it get deprovisioned automatically. When an audit happens, you have a single source of truth for every agent that's ever existed, what it was authorized to do, and who authorized it.
Without a registry, you have discovery. With a registry, you have governance. That's the difference between knowing you have a problem and actually managing it.
Here's the takeaway I want to leave you with. Agentic AI is not coming. It's here. And just like zero trust before it, the organizations that move early will define the standard. The ones that wait will spend years trying to catch up.
The agents are already being built. They're already being deployed. They're already connecting to your CRMs, your knowledge bases, your HR systems, your financial platforms. And right now, most of them have no unique identity, no scoped authorization, no continuous evaluation, and no audit trail.
If you wait until agent sprawl is out of control, you can't look back. You can't retroactively impose identity governance on a thousand agents that were never designed for it. You have to build the security in from the start.
The Window
The time to secure your agentic AI is before the sprawl. Before the agents are building agents. Before the credentials are inherited and the delegation chains are invisible. IBM has the solution, today, not on a roadmap. IBM Verify, IBM Verify Identity Protection, implementing our Agent Security Runtime, and the full zero-trust identity stack behind it..we are READY!
Everybody had a dashboard.
We had an implementation.
That's the difference.