RSAC 2026: Every Vendor Wants to Govern AI Agents. Here's What's Actually Shipping.

RSAC 2026 had a single dominant theme: AI agent security. From CrowdStrike's Falcon AI agent discovery to Microsoft's Purview inline protection to Cisco's DefenseClaw open-source framework, nearly every major vendor announced AI governance capabilities. The message was unanimous: agentic AI is the next security frontier, and everyone wants to own it.

The reality is more nuanced. After reviewing the announcements, reading the technical documentation, and separating what's generally available from what's "coming soon," here's our assessment of what security teams can actually use today — and what's still a conference slide.

Microsoft: Purview Inline Protection for AI Prompts

Microsoft expanded Edge for Business with inline data loss prevention powered by Purview. AI prompts and file uploads in Edge are now analyzed in real time, with sensitive data detected and blocked before it leaves the browser. When a prompt is blocked, users see a policy notification with a button redirecting them to Microsoft 365 Copilot — where enterprise data protection applies.

What's real: Inline DLP for AI prompts in Edge for Business is shipping. The Purview integration works for browser-based AI tools. Shadow AI detection and AI security dashboards are available through Microsoft Defender.

What's missing: Edge-only coverage means Chrome, Firefox, and desktop AI tools (Cursor, Claude Code, VS Code Copilot) are invisible. The redirect-to-Copilot strategy works for Microsoft shops but doesn't help organizations using Claude, Gemini, or open-source models. Agent 365 — Microsoft's agentic security framework — won't ship until May 1.

CrowdStrike: Falcon AI Agent Discovery

CrowdStrike launched AI Detection and Response (AIDR) with endpoint-level AI discovery, including the ability to detect AI applications, agents, LLM runtimes, and MCP servers running on managed devices — a direct response to incidents like the OpenClaw security crisis. Charlotte AI AgentWorks provides a no-code platform for building security agents with launch partners including Anthropic, OpenAI, and NVIDIA.

What's real: AIDR is generally available. Endpoint-level AI discovery can find tools like OpenClaw, local LLM runtimes, and MCP server processes running on devices with the Falcon agent. This is genuinely useful for incident response and AI asset inventory.

What's missing: Falcon is an endpoint agent — it sees processes and network connections, but can't inspect AI prompt content or enforce data-level policies. It tells you that someone is running Claude Code, not what data they're sending to it. For data protection, you still need a separate solution.

Cisco: DefenseClaw and AI Defense Explorer

Cisco took a dual approach: DefenseClaw is an open-source security framework for OpenClaw deployments specifically, scanning and sandboxing every agent skill. Cisco AI Defense: Explorer Edition is a self-service tool for building secure AI agents, including red teaming for agentic workflows and AI security insights.

What's real: DefenseClaw is open source and available now for organizations already running OpenClaw. It addresses the immediate ClawHub supply chain risk with skill scanning and sandboxing. Explorer Edition provides model testing and red teaming capabilities.

What's missing: DefenseClaw is OpenClaw-specific — it doesn't help with Claude, ChatGPT, or other AI tools. AI Defense Explorer Edition is focused on developers building agents, not security teams governing agent usage across the organization. Discovery of unauthorized AI tools isn't the primary use case.

What RSAC Announcements Tell Us About the Market

Three patterns emerged from RSAC 2026 that every security team should understand when evaluating AI governance tools.

Pattern 1: The Big Three are bolt-on, not built-for. Microsoft, CrowdStrike, and Cisco are adding AI governance to existing platforms (Edge, Falcon, SecureX). This means AI security is filtered through each vendor's existing architecture and blind spots. Edge only sees the browser. Falcon only sees the endpoint. None of them see the full picture.

Pattern 2: Agent security ≠ AI governance. Most RSAC announcements focused on securing AI agent development — red teaming, model testing, runtime protection. These matter for companies building agents. But 90% of enterprises' AI risk comes from employees using existing AI tools, not from in-house agent development.

Pattern 3: Discovery is table stakes, enforcement is the gap. Everyone announced discovery. Knowing that employees are using ChatGPT is useful but insufficient. The hard problem — intercepting sensitive data before it reaches an AI provider, enforcing policies at the point of interaction, coaching users in real time — had fewer concrete announcements.

What Mid-Market Security Teams Actually Need

If you're a 100-500 person company without a dedicated AI security team, here's what to prioritize from the RSAC noise.

• Cross-platform discovery that finds AI tools in browsers, on endpoints, and in developer environments — not just one of those.
• Content-level visibility that shows what data is flowing into AI tools, not just which tools are installed.
• Real-time policy enforcement that can block, redact, or coach before sensitive data leaves your environment.
• MCP server governance that monitors what tools AI coding assistants are connecting to and what permissions they have.
• A single audit trail across all AI interactions — browser-based, API-based, and agent-based — for compliance reporting.

No single RSAC announcement delivers all five. Most deliver one or two, locked into a specific vendor ecosystem. The gap between what was announced and what mid-market teams need remains wide. For a deeper dive into Microsoft's approach specifically, see our analysis of why Edge's shadow AI controls aren't enough.