Skip to content
Perspectives

The Power of Community: 4 Takeaways from the 16th Annual Executive Dinner at RSAC 2026

Rey Kirton

April 8, 2026

  • Blog Post

Fully autonomous cyberattacks are less than two years away.

A network of 20 North Korean operatives submits over 160,000 fraudulent job applications in three months, leveraging deepfake technology to infiltrate the U.S. tech sector and funnel earnings to the DPRK regime.

Global enterprises with the largest security budgets are forced to pay out multi-million-dollar bounties for exploits they missed.

These are the realities that shaped the dialogue at the 16th Annual Executive Dinner at RSAC 2026. Co-hosted by Forgepoint Capital, PwC, and Google Security, this year’s invitation-only gathering brought together over 425 industry leaders including enterprise CISOs, startup founders, investors, and government leaders from 21 countries and 347+ global organizations, with 10% of the Fortune 500 represented.

With the theme The Power of Community in a New Era of Cybersecurity, the evening unfolded with off-the-record strategic conversations among trusted peers, anchored by a candid keynote panel featuring Kevin Mandia, Partner at Ballistic Ventures and CEO at Armadin; Nicole Perlroth, Founding Partner at Silver Buckshot Ventures; and Pat Opet, Global CISO at JPMorgan Chase.

As the dialogue flowed from cocktails to dinner to the panel and the afterparty, four key themes surfaced around emerging risks, technologies, and trends.

The Asymmetric AI Arms Race

AI has fundamentally altered the offense-defense calculus in cybersecurity, and attackers hold the upper hand. The structural advantage is stark: threat actors using AI operate with unlimited attempts and often face no meaningful risk of repercussions, while defenders must be right every time. With the increase in agentic AI adoption, attackers will soon be able to compress vulnerability discovery from days to seconds via agents that have total recall and no degradation over time. Persistent weaknesses across software supply chains, hardware supply chains, and third-party ecosystems compound this imbalance, ensuring attackers will likely maintain the advantage for at least the next year.

The path forward for defenders can’t be passive. Security leaders must build internal offensive capabilities to train their defenses for real attacks and should selectively share their findings within the cybersecurity community to preserve their value as a defensive tool. By necessity, fully autonomous defense will be the next structural shift for cybersecurity, and the industry will likely reach this goal by early 2028. Community-level infrastructure including hyperscalers and shared resources will be critical to accelerating that timeline.

A New Era of Supply Chain Security

Organizations are experiencing third-party incidents at alarming rates. Cyber criminals increasingly pre-position themselves upstream in third-party systems, gaining access long before any attack is deployed. The legacy approach to third-party risk management via passive attestation no longer works: questionnaires and certifications are a snapshot of a vendor’s security posture at a moment in time, not a measure of where they are now.

Addressing supply chain risk requires a defense-in-depth approach layering active intelligence, architectural controls, and contractual pressure across the supplier ecosystem rather than relying on any single solution. The most sophisticated security teams are abandoning passive oversight and self-reported compliance, redirecting resources like penetration testing to directly interrogate suppliers about their security posture in known failure lanes to reveal a more accurate picture of third-party risk. Organizations that invest in dedicated third-party intelligence teams, actively track supplier weaknesses, and identify signs of pre-compromise see meaningfully faster vendor remediation cycles.

Industrialized Nation-State Threats

Leading nation-state adversaries no longer operate as loosely coordinated hacker collectives. They behave like well-funded, highly organized companies scaling operations.

China has emerged as the most formidable offensive cyber actor globally, surpassing its rivals in scale, scope, and innovation over the past several years. China’s current posture, though, appears to be focused on access rather than action. The geopolitical calculus makes deploying full AI-enabled attacks against critical American institutions too costly- for now.

AI is poised to empower dozens of additional nations with comparable offensive capabilities, enabling operators to fine-tune open-source models locally and generate platform-specific exploits that target operating systems and global providers like Android, iOS, Microsoft, SAP, and Oracle. Chinese open-source models are easy to purchase and already produce offensive hacking capabilities competitive with leading Western AI models in some red team scenarios.

North Korea’s IT worker scheme highlights the remarkable industrialization of nation-state threats. DPRK-affiliated cells have applied to U.S. corporate jobs at massive scale, generating an estimated $600-800 million annually for the North Korean regime– and the playbook is spreading. Criminal groups in other countries are now replicating this model, outsourcing labor from geographies including Pakistan, Nigeria, and India and expanding into fields like customer service and financial processing which attract less scrutiny than software development. Americans displaced by AI-related job losses represent a growing recruitment pool for laptop hosting arrangements in these schemes.

Defenses against these threats must move beyond perimeter security. Leading institutions are beginning to implement controls like in-person biometric verification requirements for employees, a meaningful structural barrier against remote infiltration schemes where operatives cannot afford to appear in person. We expect this trend to continue as organizations adopt more robust security measures against deepfakes and workforce infiltrations.

Security is a Community Imperative

The cybersecurity community’s greatest weaknesses are structural and require collaborative solutions.

AI adoption has outpaced AI security- an industry-wide blind spot hiding in plain sight. Security teams apply uneven scrutiny to AI security standards as their companies rapidly integrate AI. Many organizations knowingly leverage AI tools built on non-standard architectures with poorly implemented authorization logic.

In addition, the AI-fueled acceleration of threats and nation-state capabilities presents a resource, talent, and policy challenge. Individual organizations can’t patch and defend themselves at scale, particularly in the mid-market where resources are limited. Many of the most pervasive attacks now flow through systemic third-party vulnerabilities that no individual organization can resolve on its own- for example, poisoned search engine results redirecting to cloud providers that host malware. Critical infrastructure is particularly vulnerable: sectors like utilities provide target-rich environments in which cybersecurity spending alone is insufficient.

The path forward requires cross-sector partnership between government agencies, policymakers, platform providers, security buyers, and builders. Enterprises need to exercise their collective buying power to demand Secure by Design standards for AI systems. Endpoint, firewall, and infrastructure vendors must deliver compensating controls at compute speed to protect the mid-market. Hyperscalers need to secure the shared computing foundations at the core of the global economy. Innovators must share security insights and capabilities that benefit the global security community.

Conclusion

The Power of Community is more than an aspiration. It is the only architecture that matches the scale of the threats we face. As AI reshapes the offense-defense calculus, adversaries industrialize and systemic vulnerabilities outpace individual organizations. The days of defending in silos are over. The future of cybersecurity will be shaped by collective strength, mutual trust, and transparent partnerships.

Thank you to the leaders across enterprise, startup, government, and investment communities who gathered with us to forge a safer digital ecosystem. We look forward to continuing the mission and hope to see you again next year.

With Appreciation

Special thanks to our honored speakers, co-hosts, and guests for their insights, expertise, and support. Here’s to your leadership and work to advance innovation and collective resilience.

  • Kevin Mandia, Partner, Ballistic Ventures; CEO, Armadin
  • Nicole Perlroth, Founding Partner, Silver Buckshot Ventures
  • Pat Opet, Global Chief Information Security Officer, JPMorgan Chase
  • Sean Joyce, Principal, Global Cybersecurity & Privacy Leader, PwC United States
  • Morgan Adamski, Principal, Deputy Platform Leader, Cyber, Data, and Tech Risk, PwC
  • Avinash Rajeev, Principal, Platform Leader, Cyber, Data, & Tech Risk, PwC
  • Jon Ramsey, VP & GM, GCP Security, Google Security
  • Nick Godfrey, Senior Director, Office of the CISO, Google Security

With Alberto Yépez, Leo Casusol, and the Forgepoint Capital team.