At RSA Conference 2026, the security industry reached a consensus: agents are the future of enterprise infrastructure. The harder question nobody could answer was the same one that opened every panel: who is in control?
The numbers from Kiteworks' 2026 Data Security, Compliance and Risk Forecast, published in December and confirmed by conversations across the RSAC floor, sketch a gap between deployment ambition and operational containment that has no easy resolution. One hundred percent of organizations surveyed have agentic AI on their roadmap. Zero exceptions. But 63% cannot enforce purpose limitations on the agents they are already deploying. Sixty percent cannot terminate an agent that is misbehaving. Fifty-five percent cannot isolate AI systems from their broader networks.
Those are not edge cases. Those are the basic controls that determine whether an autonomous system stays within its authorized scope.
The deployment is already happening faster than the governance. Thirty-three percent of organizations are already building autonomous workflow agents that act without human approval. Another 24% are building decision-making agents that access sensitive data independently. That puts the majority of organizations deploying or building agents into a category the security industry classifies as high-risk: systems that can take consequential actions without a human in the loop, operating outside the boundaries that existing infrastructure was designed to enforce.
The RSAC floor reflected the tension. Cisco announced MCP policy enforcement and agent discovery. CrowdStrike launched AI agent discovery across endpoints, SaaS, and cloud. Palo Alto Networks introduced Prisma AIRS 3.0 to secure the full agentic AI lifecycle. BeyondTrust rolled out endpoint privilege enforcement for AI coworkers. The Cloud Security Alliance established a dedicated foundation, CSAI, with a stated mission of securing the agentic control plane. Nvidia's OpenShell runtime enforces constraints at the infrastructure level rather than the model layer.
The vendor ecosystem is responding to a real market signal. The question is whether the tooling arrives before or after the failure mode that justifies the purchase.
The RSAC conversations TechRepublic reported from the Kiteworks booth surfaced the gap in plain language: organizations can observe their agents, but they cannot reliably stop them. The Kiteworks data quantifies it as a 15-to-20 point gap between governance controls and the actual deployment state. Discovery tools exist. Containment tools are immature. The operational assumption that an agent will do only what it is authorized to do has outpaced the infrastructure to enforce that assumption.
The adoption gap is real. Per TechRepublic's RSAC reporting, 85% of enterprise customers are testing AI agent pilots, but only 5% have moved agents into production. The security industry has built the alarm. The operational reality is that most organizations have not crossed the threshold from testing to production — not because they chose caution, but because the governance layer to do so safely does not yet exist at scale.
For teams deploying agents into production today, the practical implication is straightforward: the governance layer is not a later phase. It is the thing that determines whether the agent deployment survives contact with real users, real data, and real edge cases. The organizations that treat containment as a prerequisite rather than a feature flag will be the ones that survive the first wave of agentic failures.
The security industry has named the problem. The solution is still being written.
Sources: Kiteworks 2026 Data Security, Compliance and Risk Forecast, TechRepublic RSAC 2026 floor reporting, SecurityWeek RSAC 2026 Conference Announcements Summary, HelpnetSecurity CSA AI Agent Identity Security Report, luizneto.ai RSAC 2026: Every Attack Involves AI.
