At the RSAC 2026 Conference in San Francisco, European cybersecurity leaders led regulatory and technical discussions following the notable absence of US government officials. Representatives from the FBI and the NSA withdrew from the event, a significant shift from previous years when leaders such as former DHS Secretary Kristi Noem (2025) and Secretary of State Antony Blinken alongside DHS Secretary Alejandro Mayorkas (2024) attended to provide guidance to the private sector.
Reports indicate the withdrawal of US federal agencies followed the conference's decision to hire former CISA Director Jen Easterly as CEO. This shift in participation occurs during a period of complex global security challenges, including ongoing nation-state cyber operations originating from Iran, the development of quantum computing, and the critical need to establish safety parameters for artificial intelligence.
Establishing guardrails for AI-generated code
With US officials not in attendance, European leaders prioritized proactive defense and collaboration with the technology sector. Dr. Richard Horne, chief executive of the UK's National Cyber Security Centre, used his keynote presentation to advocate for security standards in "vibe coding"—the use of AI to generate software code. Horne noted the productivity benefits of AI tools but emphasized the responsibility of security professionals to make these technologies a net positive for digital safety.
Because vibe coding lowers the barrier to software creation, its adoption is accelerating rapidly. Horne advised the industry to build security into the foundation of these tools to prevent the introduction of unintended vulnerabilities before adoption scales further.
"The attractions of vibe coding are clear, and disrupting the status quo of manually produced software that is consistently vulnerable is a huge opportunity, but not without risk of its own," he stated. "The AI tools we use to develop code must be designed and trained from the outset so that they do not introduce or propagate unintended vulnerabilities."
Preparing for the EU Cyber Resilience Act
European Union regulators also engaged the private sector regarding upcoming compliance requirements, specifically the EU Cyber Resilience Act, scheduled to take effect in December 2027. Despina Spanou, deputy director general for networks and technology–cybersecurity coordination at the European Commission DG CNECT, and Christiane Kirketerp de Viron, director for digital society, trust, and cybersecurity, outlined the proposed regulations and gathered feedback from industry partners.
Addressing concerns about regulatory friction, Spanou compared the upcoming changes to the 2018 rollout of the GDPR, noting that initial industry anxieties did not materialize into systemic disruptions. The officials emphasized that securing the technology supply chain is their primary focus, especially as AI integrations become more prevalent. Spanou advised the private sector to view cybersecurity as a comprehensive defense strategy that extends beyond data systems to include physical assets like drones.
Edvardas Šileris, head of the European Cybercrime Centre (EC3) at Europol, discussed his organization's capacity for proactive mitigation against threat actors and encouraged deeper collaboration with private organizations.
When asked whether the US remains a reliable partner for Europe given the current dynamics, Šileris and Kirketerp de Viron declined to comment directly. Spanou provided the sole response, reiterating the position of EU President Ursula von der Leyen: "The American people will always be our friends."