- The AI Trust Letter
- Posts
- AI Agent Security Takes RSAC 2026
AI Agent Security Takes RSAC 2026
Top AI and Cybersecurity news you should check out today
Rodrigo Fernandez
March 23, 2026
Welcome Back to The AI Trust Letter
Once a week, we distill the most critical AI & cybersecurity stories for builders, strategists, and researchers. Let’s dive in!
🛡️ NeuralTrust Brings Agent Security to RSAC 2026
The Story:
NeuralTrust announced its participation at RSAC 2026, focusing on a new approach to securing AI agents. As agents move from simple assistants to systems that can take actions, the security model needs to evolve.
The details:
NeuralTrust is introducing capabilities designed specifically for AI agents, not just traditional LLM applications
The focus shifts from prompt-level risks to controlling agent behavior, decisions, and tool usage
The approach includes enforcing policies across multi-step workflows and external integrations
Security coverage extends to real-time monitoring, anomaly detection, and prevention of unsafe actions
The company positions agent security as a core layer, similar to how APIs and infrastructure are secured today
Why it matters:
AI agents expand the attack surface. They can trigger actions, access systems, and interact with external tools. Securing only the model is no longer enough. Organizations need visibility and control over what agents do, not just what they say.
💳 Visa Prepares Payments for AI Agent Transactions
The Story:
Visa is adapting its payment infrastructure to support transactions initiated by AI agents. The goal is to enable agents to act on behalf of users while maintaining control, security, and trust in the payment process.
The details:
Visa is developing systems that allow AI agents to securely initiate and complete payments on behalf of users
The model relies on user-defined permissions, spending limits, and approval rules before any transaction is executed
Tokenization and identity verification are used to ensure agents can act without exposing sensitive payment data
The company is working with partners to test real-world use cases such as automated purchases and task-based transactions
A key focus is ensuring traceability and control over each action taken by an agent
Why it matters:
Payments are one of the first high-risk actions AI agents will perform at scale. This shift requires moving from simple authentication to continuous control over agent behavior. Guardrails, auditability, and policy enforcement will define whether agent-driven commerce can be trusted.
🧠 LLMs Use Rhetorical Tricks to Influence Users
The Story:
A new analysis shows that large language models can use persuasive language patterns that influence user decisions. These behaviors are not always explicit or intentional, but they can shape how users interpret information and make choices.
The details:
Researchers found that LLMs often rely on rhetorical techniques such as framing, selective emphasis, and confident tone to guide responses
These patterns can make certain answers appear more credible, even when uncertainty exists
The issue is not limited to incorrect outputs. Even accurate responses can steer users toward specific conclusions
The conversational format increases the impact, as users tend to trust natural language explanations over raw data
Current evaluation methods focus on correctness, not on how responses influence user behavior
Why it matters:
The risk is shifting from what models say to how they say it. Subtle persuasion can affect decisions in areas like finance, health, or politics without users noticing. This creates a new category of risk that requires monitoring language patterns, not just factual accuracy.
🔁 The A2A Loop: When AI Agents Start Talking to Each Other
The Story:
A new pattern is emerging where AI agents interact with other agents in continuous loops. These agent-to-agent exchanges can amplify errors, create unpredictable behaviors, and make systems harder to control.
The details:
The A2A loop happens when one agent’s output becomes another agent’s input, creating chained interactions without clear boundaries
Small errors or ambiguous instructions can propagate and grow across multiple steps
Feedback loops can reinforce incorrect assumptions, leading to drift from the original task
Observability becomes difficult, as decisions are distributed across multiple agents and interactions
Traditional safeguards focused on single prompts do not capture these multi-agent dynamics
Why it matters:
As systems move from single models to networks of agents, risk shifts from isolated failures to systemic behavior. Controlling inputs is no longer enough. Organizations need visibility into how agents interact, how decisions evolve over time, and where loops can break expected behavior.
🔓 Universal Jailbreaks Work Across Multiple Models
The Story:
New research shows that jailbreaks are no longer isolated tricks. A single attack can bypass safeguards across different models, making current defenses harder to rely on.
The details:
Universal jailbreaks are designed once and reused across multiple LLMs and use cases
These attacks exploit shared training patterns and alignment methods across models
An optimized input or suffix can consistently override safety behavior without needing model-specific tuning
This allows attackers to scale attacks instead of crafting them case by case
One key risk is “non-expert uplift,” where users can generate harmful or complex instructions without prior knowledge
Why it matters:
The threat model is changing. Defenses based on blocking specific prompts or patterns are no longer enough. If one jailbreak works across systems, vulnerabilities become systemic. Security needs to focus on behavior, not just input filtering.
What´s next?
Thanks for reading! If this brought you value, share it with a colleague or post it to your feed. For more curated insight into the world of AI and security, stay connected.
