RSA Conference 2026: What to Expect

RSA Conference returns to San Francisco's Moscone Center from April 28 through May 1, and the early signals suggest this year's event will lean heavily into post-quantum cryptography, AI-driven security operations, and the ongoing reckoning with software supply chain risk.

With over 40,000 attendees expected and more than 600 exhibitors confirmed, RSA remains the single largest gathering in the cybersecurity industry. Here's what we're watching heading into the conference.

Keynotes and Featured Speakers

The conference organizers have confirmed a keynote lineup that skews toward policy and emerging technology. Government speakers are expected to address the evolving regulatory landscape around incident disclosure, particularly in the wake of updated SEC reporting requirements that went into effect in 2025.

The opening keynote traditionally sets the tone for the week, and this year's theme appears focused on resilience — not just in the technical sense, but organizationally. Several track chairs have signaled that submissions around security program sustainability and burnout prevention were stronger than in previous years.

Tracks Worth Prioritizing

RSA's track system can be overwhelming. With 24 tracks running simultaneously, you can't see everything. Based on the published descriptions and our conversations with track chairs, here are the ones that look most promising:

• Applied Crypto and Blockchain: Post-quantum migration is the headline here. Expect practical sessions on NIST's finalized post-quantum standards and what migration timelines actually look like for large enterprises.
• Security Operations and Incident Response: The SOC automation debate continues. Multiple sessions will address where AI-assisted triage is working and where it's creating new blind spots.
• Software Supply Chain Security: The SolarWinds and MOVEit aftershocks are still reverberating. Look for sessions on SBOM adoption, dependency management, and the emerging regulatory requirements around software provenance.
• Cloud Security: Multi-cloud security posture management is mature enough now that the conversations have shifted from "how to start" to "what's going wrong." The war stories should be informative.

Innovation Sandbox

The Innovation Sandbox competition remains one of the most-attended sessions of the week. Ten finalists will pitch their companies to a panel of judges and a packed audience. In recent years, the finalists have served as a reliable indicator of where VC money is flowing in the security market. Last year's winner focused on identity threat detection — a category that barely existed three years ago.

Practical Tips for Attendees

If you're attending in person, a few things worth knowing:

• Register for sessions early. The popular talks fill up, and standby lines are unpredictable.
• The expo floor is worth a focused visit, but don't try to see everything. Identify 10-15 vendors you actually want to evaluate and schedule meetings in advance.
• The hallway conversations are often more valuable than the sessions. Block time for networking, especially during the evening events.
• San Francisco hotel prices spike during the conference. Book accommodation well in advance or consider staying in Oakland and taking BART.

What We'll Be Covering

We'll publish daily recaps during the conference week, highlighting standout sessions, notable product launches, and the conversations that define each day. Subscribe to our newsletter to get those recaps delivered directly.

If you're speaking at RSA this year or know of sessions we should prioritize for coverage, get in touch through our newsletter.