RSAC 2026 Panel Warns of Agentic AI Accelerating OT Attacks and Cybercrime
What Happened — At the RSA Conference 2026, ISMG editors convened a panel of cyber‑experts to discuss the rapid emergence of “agentic” artificial intelligence. Participants warned that AI‑driven tools are now capable of automating reconnaissance, vulnerability exploitation, and even full‑kill‑chain attacks, while also exposing critical operational‑technology (OT) environments to new geopolitical threats.
Why It Matters for TPRM —
- Agentic AI lowers the skill barrier for threat actors, expanding the pool of potential attackers that a third‑party may face.
- OT systems—often managed by third‑party operators—are becoming high‑value targets, increasing supply‑chain exposure.
- Governance gaps in AI procurement and deployment can translate into contractual and compliance risks for vendors and their customers.
Who Is Affected — Energy & utilities, manufacturing, telecommunications, cloud‑SaaS providers, and any organization that outsources OT or AI‑enabled services.
Recommended Actions —
- Review AI‑related clauses in vendor contracts (model‑risk, audit rights, data‑usage limits).
- Validate that third‑party OT providers have hardened network segmentation and incident‑response playbooks for AI‑augmented attacks.
- Incorporate AI‑risk assessments into your third‑party risk framework and require evidence of governance controls.
Technical Notes — The discussion focused on “agentic” AI—autonomous systems that can act without direct human input. No specific CVE or malware was cited; the risk vector is the misuse of large‑language models, generative code tools, and automated exploit frameworks to accelerate attack timelines. Source: DataBreachToday – ISMG Editors: Panel Wraps Up RSAC 2026 on AI, OT Risks