While the US government sits out this year, EU officials are on the ground in San Francisco leading the conversations on today's top cybersecurity challenges.
RSAC 2026 CONFERENCE – San Francisco – With US government officials from the FBI, CISA, and the NSA conspicuously absent from this year's RSAC 2026 Conference, Europe's top cybersecurity officials were on the ground to reach out to the private sector and discuss everything from cybersecurity regulations, to AI, and the ongoing war in Iran.
The only thing they didn't want to talk about was the current US administration.
It's a stark reversal from years past. In 2025, now fired DHS Secretary Kristi Noem showed up to try and offer some guidance to the cybersecurity industry about what they could expect to see from the department. The year before, then Secretary of State Antony Blinken joined DHS Secretary Alejandro Mayorkas in attending the global cybersecurity meet-up, along with a cadre of relevant policy makers, legislators, law enforcement, and regulators from across the industry.
According to reports, the RSAC hire of former CISA Director Jen Easterly was behind the decision to pull US government officials out of this year's RSAC lineup. The move, while seemingly driven by personal grievance, comes at a serious time of cybersecurity disruption around the world. The ongoing war with Iran, with its fulsome nation-state hacking program, poses potential risks to the US and its allies.
Additionally, AI regulation is coming and decisions are being made now about future guardrails for the technology. Quantum computing is another shoe poised and ready to drop with a thud.
With US officials nowhere to be found, European leaders stepped in.
Because vibe coding is so cheap, it's liable to lead to accelerated adoption. And that, Horne said, means the time is now to establish security standards before it's too late.
"The attractions of vibe coding are clear, and disrupting the status quo of manually produced software that is consistently vulnerable is a huge opportunity, but not without risk of its own," he said. "The AI tools we use to develop code must be designed and trained from the outset so that they do not introduce or propagate unintended vulnerabilities."
"We got a lot of criticism in 2018 with the GDPR, that is was going to be the end of the world," Spanou said during a Tuesday session. "And the world is still here."
She and Kirketerp de Viron explained that their main concern moving forward is the technology supply chain, particularly as AI is increasingly added to the mix. Spanou added that cybersecurity today demands more than just securing data systems — it's about securing things like drones — it's part of a defense strategy, and she urged the cybersecurity sector to approach it in that way.
Edvardas Šileris, head of European Cybercrime Centre (EC3) at Europol, touted his organization's ability to take offensive action against threat actors and invited wider collaboration with the private sector. Asked about their ongoing interactions and partnerships with the US government, and whether the US was considered a reliable partner by Europe, the response was somewhat awkward. Šileris declined to answer, as did Kirketerp de Viron.
Only Spanou replied, reiterating the position of EU President Ursula von der Leyen: "The American people will always be our friends."
RSAC 2026 CONFERENCE – San Francisco – With US government officials from the FBI, CISA, and the NSA conspicuously absent from this year's RSAC 2026 Conference, Europe's top cybersecurity officials were on the ground to reach out to the private sector and discuss everything from cybersecurity regulations, to AI, and the ongoing war in Iran.
The only thing they didn't want to talk about was the current US administration.
It's a stark reversal from years past. In 2025, now fired DHS Secretary Kristi Noem showed up to try and offer some guidance to the cybersecurity industry about what they could expect to see from the department. The year before, then Secretary of State Antony Blinken joined DHS Secretary Alejandro Mayorkas in attending the global cybersecurity meet-up, along with a cadre of relevant policy makers, legislators, law enforcement, and regulators from across the industry.
According to reports, the RSAC hire of former CISA Director Jen Easterly was behind the decision to pull US government officials out of this year's RSAC lineup. The move, while seemingly driven by personal grievance, comes at a serious time of cybersecurity disruption around the world. The ongoing war with Iran, with its fulsome nation-state hacking program, poses potential risks to the US and its allies.
Additionally, AI regulation is coming and decisions are being made now about future guardrails for the technology. Quantum computing is another shoe poised and ready to drop with a thud.
With US officials nowhere to be found, European leaders stepped in.
UK Calls on Vibe Coding Guardrails
Dr. Richard Horne, the chief executive of the UK's National Cyber Security Centre, gave a keynote presentation at the conference advocating for guardrails on vibe coding. Horne acknowledged the vast opportunities that AI-generated code can offer, but implored cybersecurity professionals to build security into its foundation, adding cybersecurity professionals have both the opportunity and the responsibility to make vibe coding and other AI code-generation tools "a net positive for security."Because vibe coding is so cheap, it's liable to lead to accelerated adoption. And that, Horne said, means the time is now to establish security standards before it's too late.
"The attractions of vibe coding are clear, and disrupting the status quo of manually produced software that is consistently vulnerable is a huge opportunity, but not without risk of its own," he said. "The AI tools we use to develop code must be designed and trained from the outset so that they do not introduce or propagate unintended vulnerabilities."
EU Outreach to US Private Sector
EU regulators were also on hand to have conversations about proposed regulations in the works, specifically the EU Cybersecurity Resilience Act, which is slated to go into effect in December 2027. Despina Spanou, deputy director general for networks and technology–cybersecurity coordination at the European Commission DG CNECT; and Christiane Kirketerp de Viron, director for digital society, trust, and cybersecurity at DG CNECT — two main architects behind the newest EU cybersecurity strategy — were on hand to talk about the new proposed regulations and listen to concerns from the private sector."We got a lot of criticism in 2018 with the GDPR, that is was going to be the end of the world," Spanou said during a Tuesday session. "And the world is still here."
She and Kirketerp de Viron explained that their main concern moving forward is the technology supply chain, particularly as AI is increasingly added to the mix. Spanou added that cybersecurity today demands more than just securing data systems — it's about securing things like drones — it's part of a defense strategy, and she urged the cybersecurity sector to approach it in that way.
Edvardas Šileris, head of European Cybercrime Centre (EC3) at Europol, touted his organization's ability to take offensive action against threat actors and invited wider collaboration with the private sector. Asked about their ongoing interactions and partnerships with the US government, and whether the US was considered a reliable partner by Europe, the response was somewhat awkward. Šileris declined to answer, as did Kirketerp de Viron.
Only Spanou replied, reiterating the position of EU President Ursula von der Leyen: "The American people will always be our friends."