DataStealth's team shares key takeaways from RSAC 2026, from DLP fatigue and AI noise to growing demand for data-centric protection in enterprise environments.
RSAC 2026 wrapped up last week. Our team was on the floor for four days at the Moscone Center, engaged in hundreds of conversations at our booth, and had very insightful and candid exchanges with cybersecurity leaders working through many complex problems.
We came into the show watching three themes:
Our conversations on the floor confirmed each of them – and expanded upon them with many additional insights we felt were worth sharing.
Here are some key takeaways from our team members who attended RSAC 2026:
By Lindsay Kleuskens - Account Executive
The conversations I had at the booth kept circling back to the same frustrations.
DLP is noisy. Security teams are drowning in alerts, spending more time tuning policies and managing false positives than actually preventing data exposure.
On top of that, the sheer volume of APIs connecting enterprise environments has become a pain point in itself. Every integration is another path for sensitive data to leave the organization, and most teams don’t have full visibility into all of them.
Visibility in general was a recurring concern as well. The security leaders I spoke with want real solutions that work where their data truly lives, and for many of them, that means on-premises.
Cloud-first solutions get the attention, but on-prem remains a priority for organizations that can’t move everything to the cloud, or simply don’t want to.
The AI pressure was constant. Security leaders are being pushed by their executive teams to adopt and integrate AI into workflows, but they’re caught between the pressure for productivity gains on one end, and real security risks on the other. It’s a tension that doesn’t resolve easily, and it came up in nearly every conversation.
One area that surprised me was test data management. Most organizations I spoke with are still handling data sanitization for dev teams through manual processes (or not handling it at all).
Development teams are working with cleartext production data in non-production environments, and nobody is comfortable with it.
When I walked them through how DataStealth can create production-like tokenized data at a fraction of the time it takes to sanitize manually, the reaction was eye-opening. For many, it was the first time they'd seen a practical solution to a problem they'd been living with for years.
By Victoria McGlone - VP Channel
The partner conversations at RSAC confirmed something I've been hearing on calls for months: channel partners are looking for ways to differentiate their managed services offerings and become more data-centric for their clients.
The old playbook of deploying another tool on top of the existing stack isn't working.
Partners want to bring something to their clients that shifts the conversation from adding more infrastructure to protecting the data itself.
AI was everywhere at the show. So were agents. And frankly, everyone's messaging looked similar. The booths blurred together – i.e., the same buzzwords, the same claims, the same "AI-powered" positioning.
It made it hard for partners to evaluate what's real and what's noise.
That's an opportunity for vendors like us who can explain what we do in plain terms and back it up with how the technology actually works.
What stood out most was the number of people who came directly to our booth with specific questions. These were security leaders describing real use cases and real problems, asking pointed questions about how DataStealth could solve them.
That tells you something about where the market is. People aren't browsing for ideas anymore but, instead, want answers to problems they've already defined.
By Gregory Ivo - Solutions Advisor
The AI fatigue on the floor was real. By day two, people were visibly exhausted by the constant AI noise from the rest of the conference.
Every booth had an AI angle, every session had an AI reference, and by the time attendees reached us, many of them openly said they were tired of hearing about it.
That created an interesting dynamic: when we focused the conversation on data protection rather than pure AI hype, people leaned in. They wanted to talk about what actually happens to their data, not what an algorithm promises to do about it.
One thing that surprised me was how few people actually understand what tokenization is in the context of data security.
The term isn't new, but the practical understanding of how element-level tokenization works – i.e., replacing sensitive data with format-preserving tokens that carry zero exploitable value – is still limited.
When I explained the mechanics, especially the part about no keys to manage and no decryption to reverse-engineer, you could see the shift in understanding. It's a fundamentally different approach from encryption, and most people hadn't thought about it that way.
The other gap was in platform awareness.
A lot of the people I spoke with were actively looking for a DLP or evaluating their existing one, but they had never heard of a Data Security Platform (DSP) or even a DSPM.
The category is still new to many practitioners.
When I walked them through how a DSP differs from a DLP (that it goes beyond monitoring data movement to actually discovering, classifying, and protecting data at the source) it reframed the conversation entirely. Several people told me they didn't realize that category existed.
RSAC is always a snapshot of where the cybersecurity industry stands, and this year, we saw clear direction: the conversation has expanded from protecting infrastructure around the data to protecting data directly.
What does that mean? It means moving beyond relying only on firewalls and access controls around the data, and embedding protection into the data itself, regardless of where it lives, how it moves, or which systems touch it.
That's the problem DataStealth was built to solve. One platform that discovers, classifies, and protects sensitive data in vast and complex enterprise environments.
We're grateful to every security leader, practitioner, and partner who stopped by Booth #1927 and shared what their teams are working through. Those conversations shape how we build.
If any of the themes in this post sound familiar, we'd like to hear about them. Request a demo and let's continue the conversation.
Bilal is the Content Strategist at DataStealth. He's a recognized defence and security analyst who's researching the growing importance of cybersecurity and data protection in enterprise-sized organizations.
