Non-Human Identity,
The Defining Theme of RSAC 2026

The vendor that brought the strongest data to RSAC 2026. Their State of Secrets Sprawl 2026 report documented 28.65 million hardcoded secrets added to public GitHub in 2025 — a 34% year-over-year increase and the largest single-year spike on record. AI service secrets surged 81% to 1.27 million incidents. GitGuardian's detection engine runs 482+ detectors and scans 1.1 billion commits per day, with active validation to confirm whether discovered secrets are still live.

• 482+ detectors plus Honeytokens capability
• 64% of critical secrets leaked in 2022 were still valid as of January 2026
• One-click revocation for GitHub, GitLab, and OpenAI secrets
• Expanding into NHI governance with OWASP NHI Top 10 risk scoring

TruffleHog is the leading open-source secrets scanning engine with 24,500 GitHub Stars and 250,000+ daily scans. It detects 800+ secret types and performs real-time validation to confirm whether discovered credentials are live. The GCP Analyze add-on maps blast radius — identifying exactly which resources a leaked secret can access within a GCP environment.

• 800+ secret types detected
• Real-time credential validity verification
• GCP Blast Radius analysis

A Korean security startup providing a CLI secrets detection tool based on pattern matching, entropy analysis, and keyword detection. Cremit has conducted research on secrets exposure in frontend code running on Vercel, and placed 3rd at the BSidesSF Cloud Village CTF and 2nd at the RSAC Cloud Village CTF during RSA Week — demonstrating real-world cloud security expertise on the international stage.

• 3rd place — BSidesSF Cloud Village CTF
• 2nd place — RSAC Cloud Village CTF
• Research on Vercel frontend secrets exposure

Following Palo Alto Networks' $25B acquisition of CyberArk in February 2026, CyberArk's PAM and Conjur secrets management capabilities merged with Venafi's machine identity and certificate lifecycle management. The combined platform governs every type of machine identity — from service accounts and API keys to certificates and AI agents — in a single platform.

• Unified PAM + secrets management + certificate management platform
• JIT access and least-privilege enforcement for AI agents
• Kubernetes sidecar-based secret injection via Conjur

The boldest Vault vendor proposal at RSAC 2026. Following its acquisition of StrongDM for JIT runtime authorization, Delinea introduced industry-first hardware-attested AI agent authorization. In their Yubico partnership demo, when an AI agent reaches a high-risk decision point — such as a production deployment or privileged configuration change — a human sponsor must physically touch a YubiKey to provide cryptographic approval before the agent can proceed.

• Industry-first YubiKey-based AI agent authorization
• Secret Server + StrongDM + Iris AI unified platform
• StrongDM ID — dedicated identity layer for AI agents (Q2 2026 Early Access)

An agent security platform that starts at the endpoint. 1Password scans developer devices for shadow AI usage, local agents, and exposed credentials, then governs human, agent, and machine credentials in a single encrypted vault. Launch partners include Anthropic, Cursor, GitHub, Perplexity, and Vercel. Already used by 180,000+ businesses.

• NHI visibility starting at the endpoint
• Single vault unifying human, agent, and machine identities
• Runtime Credential Delivery planned for H2 2026

HashiCorp Vault, now under IBM ownership, is evolving toward combining identity governance with dynamic secrets through integration with IBM Verify. Akeyless is a SaaS-native zero-knowledge secrets management platform, differentiated by DFC (Distributed Fragments Cryptography) — a proprietary encryption method that distributes master key fragments across multiple geographic locations so that no single point can decrypt data.

• Akeyless DFC — distributed encryption with no single-point decryption
• HashiCorp Vault + IBM Verify identity governance integration
• Unified management of static, dynamic, and ephemeral secrets

The most aggressively visible NHI startup at RSAC 2026, with a quad-detection architecture providing the broadest AI agent and NHI coverage in the market. Four data sources — AI platform integrations, NHI fingerprinting, EDR sensor telemetry, and BYOS — are unified to detect every NHI including shadow agents. The MCP Secret Wrapper demo at RSAC drew significant attention. $91M raised, $25.1M ARR.

• Quad-detection architecture — AI platforms, NHI fingerprinting, EDR, BYOS
• MCP Secret Wrapper — agents use MCP servers without accessing secrets directly
• Agent Policy Enforcement Engine (Agent Control Plane)

The pioneer of the NHI-dedicated enterprise platform, closing a $120M Series B right before RSAC — the largest single round in the NHI category (led by Craft Ventures, with Sequoia, Accel, and Cyberstarts). Their AuthPrint technology fingerprints threat actors at the authentication stage, matching behavior against the Oasis NHI Threat Center database to reduce false positives by up to 90%.

• AuthPrint — threat actor fingerprinting at the authentication stage
• AI/ML-based NHI owner auto-assignment (industry first)
• Oasis Scout — first NHI-dedicated ITDR
• 5x YoY ARR growth

Innovation Sandbox Top 10 finalist, built by a Unit 8200 alumni founding team. Their Machine-First Identity Security Platform uses agentless scanning and log analysis to build a unified NHI Risk Graph. By correlating static permissions with runtime behavior, it surfaces overprivileged, idle, and shadow assets. Intent-Based Permissioning — aligning access to an agent's purpose rather than its credentials — is the core differentiator.

• NHI Risk Graph — unified analysis of intent, permissions, secrets, behavior, and ownership
• Intent-Based Permissioning — purpose-driven access control for agents
• Global InfoSec Awards: 'Hot Company - Agentic AI Security'

An NHI IAM platform specialized in workload-to-workload access control. Its core innovation is secretless, identity-based workload authentication: the Aembit Edge sidecar proxy intercepts requests, verifies workload identity via cryptographic attestation without secrets, and issues short-lived ephemeral tokens. This eliminates 85% of the overhead associated with credential issuance, rotation, and auditing.

• Secretless cryptographic workload authentication
• MCP Identity Gateway — exchanges agent access tokens for MCP server credentials
• Machine MFA — dynamic authorization based on risk posture, time, and location

The only vendor in the market that sits inline between AI agents and MCP servers as a gateway. While other vendors detect and alert, Silverfort evaluates and blocks every tool call in real time before it reaches the target resource. A key differentiator is legacy identity coverage — including Active Directory service accounts and on-premises identities that most NHI vendors skip.

• Inline MCP gateway — real-time blocking of tool calls
• SSO Enforcement for Agents — correlates every agent session to a human entity
• Coverage of legacy AD service accounts and on-premises identities

A universal NHI security platform that maps identities across five dimensions using its proprietary Identity Lineage technology: Origin, People Attribution, Storage, Consumers, and Resources. A zero-knowledge architecture ensures sensitive data never leaves the customer network. Ephemeral IDs with automatic expiration continuously validate the legitimacy of NHI usage, eliminating the need for resource-intensive secret rotation.

• Identity Lineage — 5-dimensional NHI mapping (Origin, Attribution, Storage, Consumers, Resources)
• Zero-knowledge architecture — sensitive data processed locally
• Universal NHI MCP Server — first natural-language NHI security query interface

The only vendor providing VM-level agent isolation — each AI agent runs inside a dedicated Firecracker VM. VMs start in 2 seconds, and the filesystem is completely wiped after session end. All network access (internet egress, internal services, inference endpoints) requires explicit whitelisting. 100% of access events are immutably logged with session replay. $1.1B unicorn. MVP launch April 30.

• Firecracker VM agent isolation — 2-second VM startup
• Ephemeral by design — complete filesystem deletion after session end
• Immutable audit log of all access events with session replay