Nish Kawale (VP Sales Engineering) and Jim Alexander (VP Business Development), from Senetas Americas team spent the week at RSAC in San Francisco. Here’s what they brought back.
Walking Moscone this year, two themes were impossible to miss. Agentic AI has moved from keynote slideware into the tools attackers are using. And the quantum conversation has shifted from “someday” to “what are you doing about it now.” Neither is a surprise on its own. What struck us was how quickly both have stopped being future problems.
A few things we saw, and what we think they mean for the people we work with.
Agentic AI is changing the economics of attack
If there was a single word echoing through the show floor this year, it was “agents.” Not in the abstract — in the demos. We watched tooling that could scan for zero-days in open-source packages, generate working exploit code, and iterate on it without a human in the loop. Work that used to take a skilled red team a week now collapses into minutes.
The case study that stuck with us was the one several speakers referenced: attackers using deep-faked video of a CFO and colleagues to walk a finance staffer through a $25 million transfer over a live call. What’s unsettling isn’t the technology — it’s how ordinary the attack looked from the victim’s side of the screen.
For us, this reinforces something we’ve been saying to customers for a while: if your defence depends on detecting AI-speed activity in software, you’re already behind. Encryption at the transport layer, enforced in hardware at wire speed, takes the question off the table for data in motion. It’s one of the reasons the CN Series keeps showing up in conversations about AI-era network security — there’s no software surface for an agent to prompt-inject or socially engineer.
The quantum clock is louder than it was last year
Last RSAC, quantum risk was a track. This year it was in almost every cryptography session we walked into. The framing has changed too. The question is no longer “when will a cryptographically relevant quantum computer arrive?” — it’s “what have you already lost to Harvest Now, Decrypt Later?”
One panel put a number on the downside that got the room quiet: a single-day quantum attack on a major US bank’s payments infrastructure could cause $2–3 trillion in indirect economic fallout. Whether the exact figure holds up to scrutiny or not, the point landed. Adversaries are hoovering up encrypted traffic today on the assumption they’ll be able to read it in five to ten years.
The practical implication is simple. If the data you’re sending today needs to stay confidential into the 2030s, classical public-key crypto alone isn’t doing the job anymore. Hybrid encryption — pairing classical standards with NIST-finalised post-quantum algorithms — is the migration path most of our customers are already planning. Senetas has been shipping quantum-resistant encryption with crypto-agility built in, so the cryptographic suite can be updated in the field rather than on a forklift. That flexibility came up in more buyer conversations than we expected.
Integrity is having its moment
Bruce Schneier’s session was one of the better talks we caught. His argument — that we’re entering an “Age of Integrity” — is worth contemplating. As AI agents, autonomous vehicles, industrial controllers, and IoT devices start taking physical actions based on data they receive, the biggest risk stops being someone reading your data. It becomes someone changing it.
If a sensor reading is what tells a system to brake, dose, open a valve, or transfer funds, confidentiality alone doesn’t protect you. Authenticity and integrity do.
This lines up with something we heard all week: the industry is returning to prevention after years of over-indexing on detection and response. “Secure by design” isn’t a new phrase, but it’s being used more literally now — people want to stop breaches before they reach production, not chase them afterwards. Hardware-enforced authentication and per-packet integrity checks — the kind of thing our high-assurance encryptors have always done — suddenly feel very current.
Governments and carriers are becoming the perimeter
The other big theme was scale. Global data traffic is on track for roughly 148 exabytes a day by 2030, and at that volume the defensive perimeter stops being the enterprise edge and starts being the network itself — which is changing who’s expected to own security.
A few policy moments worth flagging:
- The EU’s Cyber Resilience Act is now enforcing “secure by design” obligations on products sold into the bloc.
- Australia is moving toward a “Six Shields” national cyber preparedness strategy.
- In the US, cyber commands are being woven more explicitly into military deterrence posture.
We heard this in a lot of conversations with customers over the week. Certifications — FIPS, Common Criteria, NATO — used to be a box-tick for government buyers. They’re increasingly table stakes for critical infrastructure, finance, and defence primes too. That’s been the focus of Senetas for 25 plus years, so it was a good week for us to be in those rooms.
What we’re returning with
Three things, mostly, from a week of sessions and hallway conversations:
- Attackers are using AI now. Not theoretically. Defences that assume human-speed adversaries need to be re-examined this year, not next.
- Post-quantum migration is a project with a real timeline. Crypto-agility is the feature that lets you start without committing to a final answer.
- Integrity is the quiet story. As more systems act on data without a human in the middle, being able to trust the data matters as much as protecting it.
Jim and Nish catching up with the Thales team at RSAC 2026. Thales is the global distributor partner of Senetas.
From L: Thales Bryan Rivera and Abilio Branco, Senetas Jim Alexander and Nish Kawale, Thales Patricio Jaca.
