Ghosts in the Halls: Why the U.S. Vanished from RSAC as Europe Seizes the Cybersecurity Spotlight

The RSAC 2026 Conference in San Francisco, once a stage dominated by high-profile U.S. government officials, felt eerily different this year. The absence of the FBI, CISA, and NSA left a vacuum - one that Europe’s cybersecurity elite swiftly filled. While American agencies watched from afar, EU officials mingled with industry leaders, steering discussions on AI, cyber risk, and a world on the brink of digital conflict.

Fast Facts

• For the first time in years, no U.S. government representatives appeared at RSAC 2026.
• EU regulators took center stage, notably discussing the forthcoming Cybersecurity Resilience Act.
• AI-generated code (“vibe coding”) and quantum computing threats were major conference themes.
• Tensions from the ongoing war with Iran and its cyber fallout loomed over discussions.
• EU leaders courted U.S. private sector partners - while sidestepping questions about current U.S. policy.

The Vanishing Act: U.S. Officials Sit Out

In a dramatic shift from previous years, American cyber authorities were nowhere to be seen at one of the industry’s most influential gatherings. Sources suggest the abrupt withdrawal was tied to internal politics, particularly RSAC’s recent hiring of former CISA Director Jen Easterly. Whether motivated by personal grievances or deeper policy rifts, the result left the U.S. government conspicuously absent during a period of global cyber upheaval.

Just last year, high-ranking U.S. officials - including the now-dismissed DHS Secretary Kristi Noem - dominated the agenda, offering insights on national cyber strategy. This time, their silence was palpable, especially as the world faces escalating threats from Iran’s nation-state hackers and the looming specter of AI-powered attacks.

Europe Steps Up: Regulation, AI, and Cyber Offense

Into the void stepped the European Union. Despina Spanou and Christiane Kirketerp de Viron, key architects of the EU’s cybersecurity strategy, took the opportunity to engage directly with American private sector leaders. Their message was clear: Europe is moving forward with sweeping new regulations, especially the Cybersecurity Resilience Act, set to take effect in late 2027. Referencing the storm of criticism that greeted GDPR in 2018, Spanou reminded attendees that bold regulations can become the new global norm.

The conference also spotlighted technical debates. Dr. Richard Horne of the UK’s National Cyber Security Centre called for “guardrails” around AI-generated code - dubbed “vibe coding” - warning that its rapid, low-cost adoption could introduce fresh vulnerabilities if not properly secured. With quantum computing on the horizon, the urgency for robust standards has never been greater.

Europol’s Edvardas Šileris emphasized offensive cyber capabilities and cross-sector collaboration, but when pressed on U.S.-EU cooperation, European leaders dodged direct answers. Only Spanou offered a diplomatic reassurance: “The American people will always be our friends.”

Conclusion: A New Digital Order?

As the world’s cyber landscape grows more volatile, the U.S. retreat from RSAC sends an unmistakable signal: leadership is up for grabs. Europe, seizing the initiative, is shaping the next generation of cyber norms and regulations. Whether the U.S. can - or will - reclaim its voice in global cybersecurity remains an open question, but for now, the EU is calling the shots.

WIKICROOK

• RSAC: RSAC, or RSA Conference, is a major annual event where cybersecurity professionals gather to share knowledge, discuss trends, and showcase new technologies.
• Vibe coding: Vibe Coding is the rapid generation of code using AI tools, often sacrificing quality and security for speed and volume.
• Quantum computing: Quantum computing uses quantum physics to solve complex problems much faster than traditional computers, thanks to special units called qubits.
• Cybersecurity Resilience Act: The Cybersecurity Resilience Act is an upcoming EU law to boost digital product security and harmonize cybersecurity standards across member states.
• Nation: In cybersecurity, a 'nation' refers to a government-backed actor conducting cyber operations like espionage or attacks to advance national interests.