Beyond the Breach: A Recap of the Resilient CISO Summit at RSAC 2026
Imagine a room filled with the world's top cybersecurity leaders, and the one topic on everyone's mind is AI and the paradox of progress: how the same force multiplying our defenses is multiplying threats even faster. At Absolute Security's Resilient CISO Summit, held at RSAC 2026 in San Francisco, that tension drove the conversation.
Convened to celebrate the inaugural Resilient CISO Awards with SC Magazine and to push the conversation about what resilience truly demands in the future, the summit brought together CISOs, security leaders, and futurists for a discussion that was equal parts sobering and clarifying. Here is what we took away.
The acceleration of digital fragility
Absolute Security CEO and President Christy Wyatt opened the evening with a data point that reframed the entire conversation. According to the 2026 Resilience Risk Index, roughly 20% of enterprise devices have security controls that are degraded, non-compliant, or simply not running.
This is not a failure of intention. It is a structural reality of how modern endpoint environments work. Security tools decay. They conflict with one another. They get disrupted by system updates, agent sprawl, and the accelerating complexity of AI-injected applications. Crucially, organizations often don't realize this is happening until long after the damage is done.
"What that really means to me is an acceleration in fragility. The number of controls we rely on continues to grow — and by the way, it's going to happen even faster the more we apply new technologies."
— Christy Wyatt, CEO, Absolute Security
As AI accelerates software change cycles, the gap between what organizations believe their security posture is and what it actually is continues to widen. The antidote is not purchasing more tools. It requires building resilience into the foundation. You need persistence at the firmware level that allows systems to self-heal and rehydrate, regardless of what happens above the operating system.
Resilience is a mindset before it is a technology
One of the most important shifts the summit surfaced is the need to reorient the CISO's primary objective. For decades, the dominant paradigm has been prevention. The goal was always to stop the breach before it happened. That goal is not wrong, but it is increasingly insufficient.
The question that resilience-minded leaders ask is different: When something breaks (and it will), how fast can we get back? How quickly can we restore operations, recover devices, and return clinical systems, financial platforms, or critical infrastructure to a known-good state?
This mindset requires building toward rapid rehydration: the ability to automatically rebuild security controls and system state from the inside out.
To achieve this level of continuous operation, organizations need:
- Platform-level visibility: You cannot protect what you cannot see. Unbreakable visibility into every device and application is non-negotiable.
- BIOS-level self-healing: Resilience must anchor below the operating system. Leveraging embedded firmware allows you to automatically rehydrate and rebuild security controls where attackers cannot reach.
- Automated restoration: Stop disruption in minutes, not hours or days. Automatically restore devices, applications, and access to a trusted, compliant state without manual IT intervention.
Endpoint, access, and application resilience must work together to keep organizations operational and secure. When you can rehydrate your environment in minutes, the breach itself becomes irrelevant.
AI is both the problem and the most powerful tool we have
The summit also explored the profound impact of artificial intelligence on the future of defense. With decades of work in AI, from early pattern recognition to large-scale language models, futurist Ray Kurzweil offered a visionary parallel, framing AI as a necessary healer rather than just a weapon for threat actors.
The throughline: The amount of computation hardware is doubling every two months, and the algorithms that drive these models are traveling together with that exponential growth. This means that the offensive capabilities available to adversaries are growing at a rate that outpaces any purely human-led defensive response.
But they also mean that AI-powered defense is becoming genuinely transformative. The same acceleration that empowers attackers can be turned toward modeling vulnerabilities before they are exploited, detecting anomalies in real time, and automating recovery at a speed no human team can match.
The organizations that will thrive are those that treat AI as a force multiplier for their defenders, not just a risk to manage.
The CISO role is undergoing a structural transformation
The CISO panel discussion, featuring security leaders from healthcare, enterprise technology, and critical infrastructure, converged on a theme that deserves its own spotlight: the CISO's job description is changing fundamentally.
A decade ago, the role was defined by manual velocity: managing lines of code, static policies, and text-heavy documentation, reviewing logs, and signing off on tool deployments. Today, the most forward-thinking CISOs are repositioning themselves as orchestrators of AI-driven intent: setting direction, governance, and outcome requirements, while AI systems execute at machine speed.
"I'm really focused on a future where we're doing more and more directly through AI... that means I have to have my defenders leading into that future."
— Harold Rivas, CISO, Absolute Security
That shift has real implications for how security teams are structured, trained, and evaluated. The skills that made a great CISO ten years ago are necessary but no longer sufficient. The security leaders who will define the next decade are those building organizations that can operate, adapt, and recover at AI velocity.
Trust is the hardest problem in an AI-native world
Perhaps the most provocative thread of the evening involved a complex challenge: how do you establish and maintain trust in a world where the distinction between human and AI action is increasingly indistinguishable?
Identity verification has historically been anchored in human context. We rely on behavioral patterns, organizational roles, and authentication signals that assume a person is behind the keyboard. As AI agents proliferate across enterprise environments, those anchors become unreliable. An AI acting on behalf of a user, or an adversary mimicking one, may present identical signals.
The industry does not yet have a clean answer to this. But the CISOs in the room were clear on the stakes: building trust frameworks that can survive an AI-native world is not a future problem. It is an urgent one, and it starts with governance structures, auditability, and resilience architectures that make AI behavior transparent and recoverable when it goes wrong.
The road forward
The Resilient CISO Summit reinforced a conviction we have held for years: the security industry needs to stop measuring success solely by what it prevents and start measuring it by how quickly and completely it recovers. Prevention will always matter. But in a world where AI is accelerating both the sophistication of attacks and the complexity of the environments we defend, cyber resilience is the only durable competitive advantage.
To every CISO, security architect, and technology leader who joined us at the Resilient CISO Summit at RSAC 2026 — thank you. The conversations in that room are exactly the ones the industry needs to be having, and we're just getting started.
- Download the 2026 Resilience Risk Index to understand the true state of enterprise security controls.
- Learn more about the Resilint CISO Awards presented in partnership with SC Magazine and see how industry leaders are redefining defense.
