RSA 2026 Was Agent Washing Season. Here’s What Actually Matters…

The real attack surface isn’t agents. It’s your CI/CD pipeline — right now, today. The attestation gap no one is talking about RSA 2026 was agent washing season — here’s how to spot it What enforcement-first security actually looks like The deeper lesson from RSA this year I just attended the RSA Conference 2026 this week. My honest read: the marketing has never been more sophisticated, and the gap between what’s being sold and what’s actually under attack has never been wider. Let me give you the version no one’s booth was advertising. Before we talk about the agentic future, let’s talk about what happened last month. Three weeks ago, we wrote about an autonomous bot called hackerbot-claw — describing itself as “an autonomous security research agent” — that spent seven days systematically attacking CI/CD pipelines across major open source repositories. It targeted seven projects belonging to Microsoft, DataDog, Aqua Security, and multiple CNCF members. It achieved confirmed or likely remote code execution in five of them. In one — Aqua’s Trivy, a vulnerability scanner embedded in thousands of CI pipelines — it stole a Personal Access Token, renamed the repository, deleted years of GitHub Releases, and pushed a potentially malicious artifact to the VS Code extension marketplace. The recent TeamPCP exploit continues to impact the open source community. The attack vector isn’t exotic.