RSA Conference 2026 brought 649 exhibitors to Moscone Center in San Francisco (March 23-27, 2026). We analyzed every single one of them: who they are, what they build, how big they are, and what they announced.
The numbers tell a story that the keynotes didn't. Below you will find the full breakdown, key trends, and a searchable exhibitor directory with company size, funding, and product space data for all 649 companies.
RSA Conference 2026 Exhibitors: The Data at a Glance
| Metric | Number |
|---|---|
| Total exhibitors | 649 |
| Product companies | 524 |
| Early-stage startups | 64 |
| IT services and consulting firms | 61 |
| Companies founded since 2020 | 261 |
| Innovation Sandbox finalists focused on AI | 9 of 10 |
| Largest acquisition announced | $32B (Google/Wiz) |
Security for AI at RSAC 2026: 115 Companies and Counting
The single biggest signal from the exhibitor floor: 115 companies listed "Security for AI" as a primary product space. That makes it the second-largest category at the entire conference, behind only Threat Detection and Intelligence (117).
For context, here are the top product spaces by exhibitor count:
| Product Space | Exhibitors |
|---|---|
| Threat Detection and Intelligence | 117 |
| Security for AI | 115 |
| Security Operations | 101 |
| Data Security | 95 |
| Identity and Access Management (IAM) | 91 |
| Application Security | 83 |
| Cloud Security | 82 |
| Network Security | 56 |
| Endpoint Security | 55 |
| GRC | 53 |
| Attack Surface Management | 50 |
| Security Testing and Red Teaming | 43 |
A year ago, "Security for AI" would have been a niche subcategory. Now it sits at the top of the table alongside detection and response. Every major platform vendor shipped AI security capabilities at the conference: CrowdStrike launched Charlotte AI AgentWorks, Palo Alto Networks unveiled Prisma AIRS 3.0, SentinelOne introduced AI Agent Security, Microsoft announced Zero Trust for AI, and Cisco released its Zero Trust for AI Agents framework.
The message from the stage was clear: agentic AI is the next platform shift, and the industry is racing to secure it.
RSAC 2026 Innovation Sandbox: Geordie AI Wins, 9 of 10 Finalists Focus on AI
Nine of the ten Innovation Sandbox finalists had an AI-security angle. The winner, Geordie AI, builds an AI agent security and governance platform, founded in 2025 by leaders from Snyk, Veracode, and Darktrace. Each finalist received a $5M SAFE note from Crosspoint Capital.
The full Innovation Sandbox 2026 finalist list:
- Geordie AI (winner) - AI agent security and governance
- Token Security - AI agent and machine identity governance
- Humanix - Human Threat Detection, social engineering via cognitive psychology
- Charm Security - Agentic AI for scam and social engineering prevention
- Clearly AI - AI-focused security
- Crash Override - Security automation
- Fig Security - Security operations
- Glide Identity - Identity security
- Realm Labs - AI model inference monitoring
- ZeroPath - Application security
The Sandbox is usually a leading indicator of where venture capital flows next. This year, it says AI agent security is about to get a lot of funding.
RSA 2026 Startup Landscape: 261 Companies Founded Since 2020
More than 40% of exhibitors were founded in the last six years. Of those, 64 were in the Early Stage Expo, most with fewer than 50 employees and undisclosed funding. The startup boom in security is not slowing down.
What stands out is what these startups are building. The majority are shipping AI-powered products that need to plug into a customer's existing security stack to deliver value. An AI-powered alert triage tool is useless if it can't connect to the customer's EDR. An automated compliance platform doesn't work if it can't pull data from their GRC tool.
The integration layer beneath these products is a hard problem, and most of these startups are solving it from scratch, one vendor API at a time.
CTEM at RSA Conference 2026: From Gartner Framework to Real Products
Continuous Threat Exposure Management got significant attention. Reach Security won the Global InfoSec Award for Pioneering CTEM. Multiple vendors shipped CTEM-adjacent capabilities: Vectra launched exposure management features, Nagomi introduced Agentic Exposure Ops, Intel 471 bundled its exposure products, and Filigran showcased its open-source XTM Platform for CTEM workflows.
This matters because CTEM requires continuous visibility across multiple security domains: vulnerabilities, identity, access, endpoints, and cloud posture. You can't do continuous exposure management with siloed tools and manual data correlation. The framework only works when your security data is connected.
Major Acquisitions Announced at RSA 2026: Google-Wiz $32B and More
Google closed its $32B acquisition of Wiz during RSA week, making it the largest acquisition of a venture-backed startup in history. Veeam acquired Securiti AI for $1.725B. F5 bought CalypsoAI for $180M. Commvault's Satori acquisition powered its new data security announcements.
Every one of these deals has the same thesis: security infrastructure that normalizes and connects data across environments is worth a premium. Wiz didn't just build a cloud scanner. It built a unified view of cloud risk that works across AWS, Azure, and GCP. That's what made it a $32B company.
RSAC 2026 Product Announcements: Platform Consolidation Accelerates
The major vendors are no longer selling point products. They are selling platforms:
- CrowdStrike launched an entire partner ecosystem (Charlotte AI AgentWorks) with Accenture, AWS, Anthropic, Deloitte, and NVIDIA as launch partners.
- Palo Alto Networks expanded Prisma into a full AI security platform with an MCP gateway and supply chain visibility via its Koi acquisition.
- Microsoft announced Sentinel data federation, allowing federated queries across Fabric, Azure Data Lake, and Databricks without moving data.
- SentinelOne partnered with LevelBlue for managed SIEM, expanding beyond endpoint into full security operations.
When every major vendor builds a platform, the number of integration touchpoints doesn't shrink. It multiplies. Every platform needs to talk to every other platform. Every customer's stack is a unique combination of vendors that changes over time.
The Integration Gap: What RSA 2026 Exhibitors Need But Nobody Discussed
Here is the pattern that emerged from our analysis:
- 115 companies are building Security for AI products. All of them need to integrate with their customers' existing security stacks.
- 101 companies are in Security Operations. Their products need to ingest, correlate, and act on data from dozens of other tools.
- 91 companies are in IAM. Identity doesn't live in one system. It spans every tool in the stack.
- 261 startups founded since 2020 are building new products that have to work alongside whatever their customers already have.
Every one of these companies faces the same challenge: building and maintaining integrations across a fragmented security ecosystem. The conference was full of announcements about what AI can do for security. What was missing was the conversation about how all these tools connect to each other.
That's the integration layer. It's not exciting enough for a keynote, but it's the foundation that determines whether any of these AI-powered, platform-consolidated, CTEM-enabled products actually work in a real customer environment.
Cybersecurity Trends to Watch After RSA 2026
Based on the exhibitor data and announcement patterns, here are the trends we expect to accelerate:
Non-human identity is a new attack surface. AI agents need credentials, API keys, and access permissions. Multiple vendors (Token Security, Cisco, Microsoft Entra, CrowdStrike) announced identity controls specifically for AI agents. This category barely existed a year ago.
Shadow AI discovery will become table stakes. CrowdStrike and SentinelOne both shipped tools to find unauthorized AI usage across SaaS environments. If your organization is using AI (and it is), your security team needs to know where.
Data security needs a rethink. Traditional DLP was built for humans copying files. AI agents move data through pipelines, APIs, and multi-tool workflows. The old models don't apply.
The build-vs-buy math on integrations is changing. With 649 exhibitors and growing, the number of security tools a product company needs to integrate with is only going up. Building and maintaining those integrations in-house gets harder every year. The companies that figure out a scalable integration strategy will ship faster. The ones that don't will spend their engineering budget on plumbing.
Frequently Asked Questions About RSA Conference 2026
How many exhibitors were at RSA Conference 2026? RSA Conference 2026 had 649 exhibitors, including 524 product companies, 64 early-stage startups in the Early Stage Expo, and 61 IT services and consulting firms.
Who won the RSAC 2026 Innovation Sandbox? Geordie AI won the RSAC 2026 Innovation Sandbox contest. The company builds an AI agent security and governance platform and was founded in 2025 by leaders from Snyk, Veracode, and Darktrace. Each of the 10 finalists received a $5M SAFE note investment from Crosspoint Capital.
What was the biggest announcement at RSA 2026? The largest announcement was Google's completion of its $32B acquisition of Wiz, the largest acquisition of a venture-backed startup in history. Other major announcements included CrowdStrike's Charlotte AI AgentWorks ecosystem, Palo Alto Networks' Prisma AIRS 3.0, SentinelOne's AI Agent Security, and Microsoft's Zero Trust for AI framework.
What were the top trends at RSA Conference 2026? The dominant theme was agentic AI security, with approximately 60% of organizations now using AI-augmented automation. Other major trends included Security for AI (115 exhibitors), non-human identity management, Shadow AI discovery, CTEM (Continuous Threat Exposure Management), and platform consolidation across major vendors.
What is the largest product category at RSAC 2026? Threat Detection and Intelligence was the largest category with 117 exhibitors, closely followed by Security for AI with 115 exhibitors. Security Operations (101), Data Security (95), and Identity and Access Management (91) rounded out the top five.
Explore the Full Exhibitor Data
We've made the complete dataset searchable. Filter by segment, product space, or search for any company. Click a row to see details including revenue, funding, and description.
We analyzed the full RSA Conference 2026 exhibitor list to understand the trends shaping cybersecurity. If you're building a security product and want to understand how a unified integration layer can accelerate your roadmap, get in touch.
Ashish Batwara
Founding Member & Chief Growth Officer
Founding Member and Chief Growth Officer at Unizo. Bridges the gap between technical architecture and customer-facing solutions. Writes about integration strategy, security infrastructure, and building products that put customers first.
Related Articles
Why Your Integration Roadmap Is Holding Back Your GRC Platform
Your integration roadmap is not a roadmap. It is a bottleneck. Here is why GRC platforms that stop building integrations in-house start winning their market.
Ashish Batwara
Jan 15, 2026 · 6 min read
Why Unified APIs Became the Modern Software Backbone - The Evolution of Integration
If your security product relies on customer data, you already know the truth: integrations are the biggest bottleneck in your engineering roadmap. But here's the shift -- today, integrations power context, not just workflows.
Ashish Batwara
Dec 9, 2025 · 8 min read
How Modern Security Products Ship 40-50 Integrations, and the AI Context Layer - In Weeks, Not Years
The fastest security companies aren't building integrations anymore. They've moved to an API & Data Fabric that handles them. Here's how teams ship 40+ integrations and full AI context in 3 weeks.
Praveen Kumar
Dec 2, 2025 · 12 min read