Artificial Intelligence (AI)
TrendAI™ Research at RSAC 2026: Advancing Defense Across AI‑Driven and Cyber‑Physical Threats
TrendAI™ Research explored agentic AI cybercrime and EV infrastructure security through two research sessions at RSAC™ 2026.
Save to Folio
The 35th Annual RSA Conference (RSAC) returned to San Francisco from March 23-26, 2026, uniting the global cybersecurity community under the theme of “The Power of Community.” Set against a landscape of rapid technological shifts and increasingly sophisticated adversaries, the event emphasized the need for intelligence‑led collaboration. Among the many pressing issues discussed, agentic AI stood out as one of the defining topics of the multi-day event.
The conference opened with industry leaders reflecting on the need for integrated perspectives to tackle today’s increasingly complex threats. This view helped frame the participation of TrendAI™ throughout the week, with a focus on research‑driven insight into the simultaneous evolution of digital and cyber‑physical threat landscapes.
Anticipating the rise of agentic AI-driven cybercrime
Robert McArdle, Director of Cybercrime Research, TrendAI™, and Stephen Hilt, Principal Threat Researcher, TrendAI™, presented “VibeCrime: Preparing for the Next Generation of Agentic AI Cybercrime.” Their session detailed how cybercrime is evolving toward autonomous, AI‑driven operations.
Drawing on research from TrendAI™, Hilt and McArdle described a layered criminal AI architecture in which specialized agents handle tasks such as reconnaissance, targeting, social engineering, and extortion, while an orchestration layer dynamically adjusts tactics and evades defenses. Proof‑of‑concept examples demonstrated how agentic systems can already automate ransomware data analysis, generate personalized extortion messages, and scale high‑volume social engineering campaigns that were previously too costly or complex to sustain.
The session closed with an examination of how the cybercrime ecosystem is evolving, particularly as agentic AI approaches broader economic adoption. With attackers increasingly capable of orchestrating faster, more resilient, and more autonomous campaigns, the discussion emphasized the importance for organizations to invest in AI‑driven, continuously operating security capabilities that can keep pace with this shift.
Revealing infrastructure blind spots in automotive cybersecurity
Extending the research narrative into the cyber-physical domain, Trend Micro subsidiary VicOne presented insights from “NIST 8473 to the Rescue: EV Charging Standards Being Hacked in Pwn2Own,” delivered by Philippe Z Lin, Senior Threat Researcher, TrendAI™, and Shin Li, Staff Threat Researcher, Automotive CyberThreat Research Lab, VicOne.
Drawing on real world findings from the Pwn2Own Automotive competition and related VicOne research, the speakers demonstrated how Pwn2Own has become one of the most effective environments for uncovering exploitable vulnerabilities in electric vehicle supply equipment (EVSE), offering defenders concrete visibility into attacker techniques targeting charging infrastructure.
The session highlighted that while numerous regulations and standards apply to EV and charging systems, most focus on specific components in isolation. In practice, many of the most critical vulnerabilities emerge at the interfaces between systems, where responsibilities, assumptions, and security controls often fail to align.
The discussion pointed to NIST IR 8473 as one of the most comprehensive cybersecurity profiles for EV and extreme fast charging infrastructure. Although not mandatory, the speakers recommended its adoption by EV charging pile vendors as a practical, unifying framework for reducing systemic risk across the EV charging ecosystem.
As connected vehicles and charging networks continue to evolve into highly software-defined environments, the session reinforced the importance of secure-by-design engineering, continuous vulnerability research, and deeper collaboration among automakers, suppliers, and infrastructure operators to strengthen resilience across the broader mobility ecosystem.
Key takeaways from RSAC 2026
The research that TrendAI™ presented across two sessions at RSAC 2026 highlighted a clear inflection point for defenders: cyberthreats are becoming faster, more autonomous, and more adaptive than traditional security models can handle. From the emergence of agentic AI‑driven cybercrime to systemic weaknesses in EV charging infrastructure, adversaries are increasingly operating at machine speed across both digital and cyber-physical environments.
TrendAI™ also hosted immersive, invite‑only activations during RSAC 2026 as a forum for practical dialogue. Through customer use cases, peer discussion, and hands‑on engagement with the TrendAI Vision One™ platform, security leaders explored how AI‑driven insights can be operationalized to stay proactively secure.
Ultimately, the takeaway from RSAC 2026 is clear: defending against the next generation of threats will require a combination of rigorous research, shared community insight, and security platforms designed to operate at machine speed.