RSAC 2026 just wrapped up in San Francisco (March 23–26), and the energy was exactly what you'd expect. Tens of thousands of security professionals packed into the Moscone Center, the hallways buzzing with demos, handshakes, and the kind of conversations that only happen when the stars of the cyber community are all in one place. It never gets old.
No surprise: AI dominated the conversation. Vendors showed off new ways to use AI to automate security operations, and a growing number of booths tackled the emerging challenge of securing agentic AI itself. That second problem is near and dear to us. If you're wrestling with how to govern AI agents in the enterprise, check out what we're building with Ensage AI.
But here's what caught us off guard. The level of interest in OT security was off the charts. Not just a little bump from prior years. We're talking packed sessions, serious buyer conversations, and a noticeable shift in urgency from CISOs who historically treated OT as someone else's problem. OT was the sleeper hit of RSAC 2026.
Why OT Security Is Finally Getting the Attention It Deserves
If you've spent any time around operational technology environments, you know the challenge. OT networks are full of aging, mission-critical equipment that nobody wants to touch. These systems run water treatment plants, power grids, manufacturing floors, and pipeline operations. They depreciate slowly, they run legacy protocols, and the consequences of a bad update can be far worse than a few hours of downtime. So they sit there, unpatched and often unmonitored, connected to flat networks with little or no segmentation.
The result is an attacker's dream. Low cost of entry, minimal detection risk, and the potential for outsized real-world damage.
For years, the security industry has struggled to offer good answers here. Traditional IT security tools weren't designed for OT constraints. You can't just drop an agent on a decades-old PLC or force a maintenance window on a system that runs 24/7. The gap between IT security maturity and OT security maturity has been widening quietly in the background, and it feels like the industry is finally waking up to it.
Threat Actors and Regulators Are Forcing OT Security Up the Priority List
A couple of forces are converging. First, the geopolitical threat landscape has shifted. Nation-state actors have made it clear that critical infrastructure is fair game, and the attacks on water systems, energy grids, and transportation networks over the past two years have moved OT risk from theoretical to visceral. Security leaders who used to file OT under "we'll get to it" are now fielding pointed questions from their boards.
Second, regulators are catching up. New York's mandatory cybersecurity rules for water and wastewater systems, which took effect in March 2026, represent a new breed of top-down mandate that puts real teeth behind OT security requirements. This isn't voluntary guidance. It's compliance with deadlines, and it's a signal of what's coming in other states and other sectors. When the regulatory pressure meets the threat pressure, budgets start to move.
The Real-World Stakes of OT Security Failures
Whatever the catalyst, it's good to see the industry paying serious attention to OT. This is an area where the asymmetry between attack cost and potential damage is staggering. A relatively unsophisticated adversary, armed with publicly known vulnerabilities in legacy infrastructure, can cause disruptions that ripple through communities and supply chains. We're not talking about stolen credit card numbers. We're talking about clean water, reliable power, and safe manufacturing.
The good news is that practical, deployable solutions now exist that respect OT's unique constraints. You don't have to rip and replace your infrastructure or force disruptive changes on plant operators to meaningfully reduce risk.
Talk to Zentera About OT Security
If OT security is on your radar - and after RSAC 2026, it should be - watch this short walkthrough from our team. It shows exactly how Zentera's Virtual Chambers and Gatekeeper appliances isolate and protect OT environments, from Windows-based HMIs down to the PLCs and SCADA systems that can't run a software agent.
No rip-and-replace. No forced maintenance windows. Just Zero Trust enforcement that works with what you already have.
Ready to see what this looks like in your environment? Talk to a Zentera architect.
