Amazon Web Services powers Carson Group AI tool

Key Takeaways

• RSAC 2026 highlighted the shift in AI security from hype to practical outcomes, emphasizing AI governance for agents and continuous monitoring in SaaS security.
• A new AI agent marketplace enables MSSPs to offer modular identity security solutions, deploying specific agents for tasks like phishing detection.
• Attribute-Based Access Control (ABAC) provides flexible access management for AI and multi-cloud platforms, securing against threats like tool poisoning.
• Researcher Brandon Colelough warns that AI hallucinations from LLMs are unavoidable due to their predictive nature and lack of transparency.
• The 'Iron Curtain' system enhances AI agent safety by isolating them in virtual machines to mitigate risks like prompt injection attacks.
• Government use of AI systems often suffers from an "oversight fallacy," where accountability is lacking due to autonomous AI learning.
• The US Chip Security Act aims to block China's access to high-performance AI chips, intensifying technological tensions.
• Ethical discussions at ITB Berlin highlighted the need for inclusive, transparent, and regulated AI in travel to prevent bias and promote diversity.
• Carson Group launched 'Client Intelligence,' an AI tool developed with Amazon Web Services, featuring an AI assistant named Steve for unified client data access.
• Shadow AI poses significant enterprise risks, leading Fortinet to unify network and security operations onto a single platform for better visibility and governance.

RSAC 2026 AI Security Shifts from Hype to Real Outcomes

At RSAC 2026, the focus on AI in SaaS security matured from hype to practical results. Security teams are now asking how to secure AI and improve security outcomes with it. While AI accelerates processes, it also reveals security gaps. Key takeaways include the need for AI governance for AI agents and non-human identities, and a shift from audits to continuous monitoring in SaaS security. Organizations are finding value by applying AI thoughtfully, grounded in security basics.

AI Agent Marketplace Changes How MSSPs Offer Identity Security

A new AI agent marketplace is changing how Managed Security Service Providers (MSSPs) offer identity security. Instead of bundled platforms, specific AI agents can be deployed for tasks like phishing detection or dark web monitoring. This modular approach aligns with how MSSPs deliver outcomes like visibility and risk reduction. The platform also integrates external identity exposure data with internal context, helping teams prioritize high-risk identities and speed up response to attacks that bypass traditional security.

Attribute-Based Access Control Secures AI and Multi-Cloud

Attribute-Based Access Control (ABAC) offers a flexible way to manage access for AI systems and Multi-Cloud Platforms (MCPs). ABAC evaluates access based on user, resource, action, and environmental attributes, which is crucial for AI capability negotiation. This dynamic approach helps secure AI against threats like tool poisoning by evaluating tool trustworthiness. ABAC can also adapt to future threats like quantum computing by updating access policies.

AI Hallucinations Are Unavoidable Researcher Says

A researcher warns that AI hallucinations, or false information produced by large language models (LLMs), are an unavoidable hazard. Brandon Colelough explained that LLMs predict the next word based on patterns, not true understanding, leading to plausible but incorrect outputs. These 'black box' systems lack transparency, making it hard to understand or fix hallucinations. Current methods to improve AI performance haven't been proven to reduce these errors, raising concerns about trusting AI systems.

New 'Iron Curtain' System Safely Manages AI Agents

A new concept called 'Iron Curtain' aims to make AI agents safer by isolating them within a virtual machine. AI agents often require broad access to digital services, creating security and privacy risks. This isolation separates the agent's actions from the user's accounts, reducing danger if the agent malfunctions or is compromised. The system helps mitigate risks like prompt injection attacks and unexpected behavior by controlling the agent's environment.

Government AI Use Lacks Accountability Oversight Fallacy

Governments are increasingly using AI systems that structure public authority, but accountability is often lacking. The idea of keeping a human 'in the loop' is insufficient because AI systems learn and optimize autonomously. This leads to the 'oversight fallacy,' where officials approve outcomes without understanding the upstream design decisions. An example shows how an AI urban management platform can amplify disparities by optimizing for efficiency without clear human oversight of its complex trade-offs.

US Chip Act Blocks China's AI Chip Supply

The US House Committee on Foreign Affairs has passed the Chip Security Act, a move designed to restrict high-performance computing exports to China. This action signals a significant step in response to rising technological tensions between the two countries. Reports from within China suggest a growing internal consensus regarding the impact of these new US policies on their access to specialized AI chips.

AI in Travel Must Benefit Everyone Ethically

A session at ITB Berlin highlighted the ethical challenges of AI in the travel industry, focusing on bias and fairness. Speakers discussed how AI-generated answers and recommendations need to be inclusive and transparent. The need for regulations regarding data privacy and algorithmic fairness was emphasized. The industry must ensure AI promotes diversity and inclusion rather than worsening existing inequalities.

Carson Group's AI Tool Offers One-Stop Client Data Access

Carson Group has launched 'Client Intelligence,' a new AI tool that allows advisors to query client data from multiple systems with a single request. Developed with Amazon Web Services, the tool uses an AI assistant named Steve to access information across proprietary and vendor wealth platforms. This aims to increase advisor efficiency by embedding AI directly into daily workflows, providing a unified view of client information for better service.

Unified Security Needed for Dangerous Shadow AI

Shadow AI, where employees use generative AI tools without IT approval, poses a significant enterprise risk. This practice can lead to compliance violations, data leakage, and hefty fines, exceeding the dangers of shadow IT. Fortinet is addressing this by unifying network and security operations onto a single platform. This approach provides visibility and governance for AI agents, reducing risks and speeding up incident response times compared to fragmented systems.

Baseball's AI Strike Zone Creates Must-Watch Drama

Major League Baseball's new Automated Ball-Strike (ABS) system, powered by AI, is creating compelling drama. While an AI determines balls and strikes, human players decide when to challenge calls, leading to emotional reactions and ejections. The system exposes umpire inconsistencies in real-time, making games more engaging for viewers. This human element interacting with AI judgment has turned the strike zone into a must-watch part of the game.

Sources

• RSAC 2026 Recap: From AI Hype to Real SaaS Security Outcomes
• AI Agent Marketplace Signals a Shift in How MSSPs Package Identity Security
• Attribute-Based Access Control for AI Capability Negotiation
• Researcher Warns That AI Hallucinations Are Unavoidable
• Why AI agents need an iron curtain
• Where is Accountability When Governments Deploy AI?
• Commentary: US chip security act ends China's special AI chip supply
• Ensuring AI benefits everyone in travel
• Carson Unveils One-Stop Client AI Query Tool
• Shadow AI solutions need a unified security approach
• 'You Can't Defeat the Robots!': Baseball's AI Strike Zone Is Must-Watch Television