By Darron Antill, CEO, Device Authority

RSAC remains the cybersecurity event. It is where the industry gathers to compare notes, pressure-test assumptions, spot the next wave of market change and, just as importantly, build the partnerships that will shape what comes next.

This year in San Francisco, that energy was unmistakable.

There was real buzz across the city, from the show floor and executive meetings to the side events and industry gatherings that increasingly define RSAC week. For Device Authority, it was another valuable opportunity to meet new contacts, deepen existing relationships and explore partnerships that can help us move faster in a market that is changing rapidly.

One thing is yet again clear after this year’s event: cybersecurity is not standing still. It is consolidating, converging and accelerating.

AI is everywhere, but identity is still at the centre

If there was one theme that dominated conversations, it was AI. More specifically, agentic AI and what it means for enterprise security, operations and risk. Everyone is trying to understand where they fit in this market shift, what new threats are emerging and how security needs to adapt.

But alongside AI, identity was everywhere too.

The industry is now fully awake to the scale of the machine identity challenge. Non-human identities are multiplying fast across cloud, software, infrastructure, OT and IoT environments, and they are creating new attack surfaces that many organisations still do not have a handle on. That is becoming a board-level issue.

At RSAC, identities and AI security consistently came through as two of the highest priorities in the market. That is significant, because as AI scales, so too does the number of machines, agents, services and devices requiring trust, control and visibility.

This is no longer just an IT problem. It is an enterprise-wide security challenge.

OT, IT and IoT are converging fast

Another strong signal from RSAC was the growing recognition that OT, IT and IoT security can no longer be managed in silos.

As connected environments expand, the threat landscape becomes broader and more complex. Device sprawl, unmanaged assets, fragmented ownership and inconsistent identity controls all increase operational and cyber risk. Smart attackers know that the edge is often where visibility is weakest and where traditional security tooling is least effective.

That is why the conversation is shifting from isolated protection measures to end-to-end remediation, from point products to coordinated response, and from disconnected teams to more holistic planning.

This matters greatly for Device Authority because it aligns directly with where we have deep expertise: securing machine identities at scale in OT and IoT environments, particularly at the edge, where automation is essential and manual intervention is often impractical.

Platformisation and consolidation are reshaping the market

A major market trend discussed throughout the week was platformisation.

The largest cyber vendors are continuing to expand their portfolios, and customers are responding positively to the idea of working with fewer vendors to reduce cost, integration burden and operational complexity. That broader shift is driving consolidation and creating new ecosystem opportunities.

It was particularly interesting to hear Nikesh Arora’s perspective during RSAC week, and to see how the market conversation continues to evolve around machine identity security and platform-led growth. With Venafi now part of CyberArk, there is a bigger strategic spotlight on machine identities across customer environments, and that creates a meaningful opportunity for Device Authority to extend that value into OT and IoT use cases where the challenges are different, more distributed and often harder to solve.

The same applies more broadly across the ecosystem. Customers want integrated approaches. They want visibility, automation and policy enforcement that work across hybrid, cloud, enterprise and operational environments. They also want partners who can plug into that reality and solve the gaps that broader platforms do not address deeply enough.

That is where specialist expertise still matters enormously.

Discovery, sprawl and edge identity are rising up the agenda

Two other themes stood out repeatedly in discussions: discovery and identity sprawl.

Before organisations can control risk, they need to know what they have. Across both IT and cyber-physical environments, discovery is becoming foundational. The number of identities, devices, certificates and unmanaged endpoints is simply too large for manual processes to keep up.

That challenge becomes even harder at the edge.

Identity at the edge is now a far more active discussion point than it was even a year ago. That is encouraging, because this is one of the areas where Device Authority has genuine experience and proven capability. Securing unmanaged and edge-connected devices, automating credential lifecycle management and enforcing trust in environments where traditional tools struggle is exactly the kind of challenge we are built to solve.

Regulation is turning urgency into action

Another major shift is that regulation is no longer theoretical.

Highly regulated industries are moving faster because they have to. Whether driven by sector mandates, customer expectations or broader frameworks such as the Cyber Resilience Act, organisations are being pushed to act with more urgency and more discipline.

Security is no longer a “nice to do”. It is a business requirement. It is central to trust. It is central to resilience. And increasingly, it is central to operational continuity and market access.

That is particularly true in OT and IoT environments, where manual lifecycle management does not scale and where compliance depends on being able to demonstrate visibility, control and repeatable policy enforcement across large fleets of connected devices.

MSSPs are becoming more important to customers and vendors alike

One of the most encouraging trends from our conversations was the role that MSSPs and wider cyber services partners are starting to play in this space.

For many customers, especially in the mid-market and enterprise, the threat landscape has become too complex to manage alone. They are looking for trusted partners who can bring not just tools, but expertise, services and operational support.

At Device Authority, we see this clearly and it remains an important part of our go-to-market strategy. The most forward-looking MSSPs are already thinking about OT and IoT identities as an area where they can extend their value to customers. That is exactly the kind of market development we welcome.

Our discussions during the week reinforced that view, including positive conversations around evolving partnerships that we believe can create meaningful value going forward.

The real value of RSAC is perspective

Events like RSAC are not just about visibility. They are about perspective.

You go to keep up with the industry, understand what matters now, test your own assumptions and identify where future partnerships and growth will come from. This year certainly delivered on that front.

We had some excellent discussions with investors, ecosystem partners, MSSPs, technology vendors and companies dealing with very real OT, IIoT, IoMT and device security challenges at scale. Those conversations were productive because the problems are real, the urgency is increasing and the market is looking for practical solutions.

That is why I came away optimistic.

Device Authority is well placed. We understand the complexity of securing connected devices at scale. We understand lifecycle automation. We understand Zero Trust for machines and devices in environments where traditional IT-centric approaches fall short. And we know that as the market continues to converge around identity, AI, compliance and platform integration, our role becomes more relevant, not less.

RSAC 2026 confirmed that the opportunity ahead is significant.

We made new connections, strengthened existing partnerships and came away with valuable insight into how the market is evolving. Most importantly, we were reminded that there is a growing need for what Device Authority does best: delivering trust, automation and control for OT and IoT environments at enterprise scale.

We will be back.

And yes, the cocktails and sliders were excellent too.