We are heading to San Francisco in a few days for RSAC 2026 and we’re excited to meet with you. Our cybersecurity researchers are presenting sessions about infostealers, cloud-native malware, and victim profiling in the infostealer malware economy. We’ve compiled their three sessions along with six others we’re looking forward to.
Connect with Flare at RSAC
We’re taking over The Fly Trap, 2 blocks from Moscone, as Flare’s home base for RSAC week. Submit a meeting request and our team will reach out to confirm a time. Available for 1:1s, coffee, or a conversation about what Flare is seeing in the threat landscape.
2 blocks / 6 min walk from Moscone
RSAC Sessions with Our Researchers
Here are the sessions our researchers will be speaking at:
Here are the sessions our researchers will be speaking at:
The Art of Stealth: The Hidden Techniques of Cloud Native Malware
Assaf Morag, Security Researcher
Monday, March 23 | 1:10 PM – 2:00 PM PDT | Moscone West 2018
Cloud-native malware is evolving to blend seamlessly into legitimate processes, making detection increasingly difficult. This session examines real-world campaigns, including Koske and Perfctl, to break down the specific techniques these threats use to hide in plain sight and how defenders can identify them.
Learn more about the session and reserve your seat here.
Could Infostealers Be the Choke Point in the Modern Cyber Kill Chain?
Assaf Morag, Security Researcher
Monday, March 23 | 2:20 PM – 3:10 PM PDT | Moscone West 2012
Infostealer malware has become the primary intake layer of the modern cyber kill chain, supplying threat actors with the credentials and access needed for ransomware, phishing, and further exploitation. This session explores the possibility of disrupting infostealers at scale to greatly hinder attackers.
Learn more about the session and reserve your seat here.
Beyond Credentials: Victim Profiling in the Stealer Malware Economy
Olivier Bilodeau, Principal Cybersecurity Researcher; Andreanne Bergeron, Researcher
Thursday, March 26 | 9:40 AM – 10:30 AM PDT | Moscone West 2002
Who actually falls victim to infostealer malware? This session profiles real victims through stealer log analysis, examining their age, habits, and risk exposure. Case studies include:
- kids tricked by “free Robux”
- students seeking out cracked software
- nation-state hit by fake installs
These demonstrate how curiosity and misplaced trust are drivers of people falling prey to the stealer economy.
Learn more about the session and reserve your seat here.
Other RSAC Sessions We’re Excited About
The conference lineup is packed with compelling research. Here are a few sessions we’re looking forward to:
Lessons From the Agentic Frontier: How the SOC is Winning in the AI Era
Fred Frey, Director, Software Engineering; John Morgan, SVP, GM (Splunk Security)
Tuesday, March 24 | 3:35 PM – 3:55 PM PDT | Moscone West Street Level
Agentic AI is reshaping security operations, enabling machines to make decisions and act at machine speed. This session introduces the Agentic SOC model, where defenders shift from reactive response to proactive strategy by blending automation with human leadership. Expect practical insights on building a human-led, machine-accelerated SOC.
Learn more about the session here.
Backdoors & Breaches Demonstration
John Strand, Owner (Black Hills Information Security)
Tuesday, March 24 | 4:30 PM – 5:45 PM PDT | Moscone South 204 Briefing Center
Backdoors and Breaches is a tabletop incident response game developed by Black Hills Information Security. This walkthrough shows how the game works and how teams can use it to teach security concepts, strengthen cross-team collaboration, and practice incident response planning in a low-stakes environment.
Learn more about the session here.
No CVEs, No Exploits, No Problem: Living Off the Plant to Impact OT
Ric Derbyshire, Principal Security Researcher (Orange Cyberdefense)
Wednesday, March 25 | 8:30 AM – 9:20 AM PDT | Moscone West 2002
Living Off the Plant (LOTP) leverages native OT functionality to conduct stealthy, unpatchable attacks without exploiting any vulnerability. This session maps the LOTP attack surface, demonstrates real capabilities, and introduces a new technique for PLC-to-PLC lateral movement. It examines how adversaries abuse built-in features to maximize stealth, precision, and impact, while challenging current assumptions about OT security.
Learn more about the session and reserve your seat here.
Analyst Alliance: Let’s Talk Cyber Threat Intelligence
Jackie Deloplaine, Director, Strategic Partnerships & Engagement (Retail & Hospitality ISAC); Phil Englert, VP, Medical Device Security (Health-ISAC), Denise Anderson (President & CEO, Health-ISAC); John Denning, CISO (Financial Services Information Sharing and Analysis Center); Pam Lindemoen, Chief Security Officer & Vice President, Strategy (Retail & Hospitality ISAC); Jonathan Braley, Director (Food and Ag-ISAC); Randy Rose, VP, Security Operations (Center for Internet Security); Dirce Hernandez, Sr. Cybersecurity GRC Manager (Raices Cyber)
Wednesday, March 25 | 9:40 AM – 10:30 AM PDT | Moscone West 2016
Participants can explore challenges and solutions to cyber threat intelligence (CTI) sharing. Various Information Sharing and Analysis Center leaders will share their learnings.
Learn more about the session and reserve your seat here.
Fortifying Our National Defense: Hardening Golden Dome Against Cyber Risk
Jacob Oakley, Chief Scientist (SIXGEN); Dave DeWalt, Founder & CEO (Nightdragon); Leslie Kershaw, Chief Information Security Officer (IonQ); Craig Miller, President (Viasat Government)
Wednesday, March 25 | 2:25 PM – 3:15 PM PDT | Moscone West 2007
The Golden Dome is America’s next-generation missile defense shield, designed to counter ballistic, hypersonic, and cruise missile threats. But as it is built, it must also be secured. This panel brings together leaders from industry, government, and the investment community to explore how innovation and cybersecurity can advance in lockstep, protecting the protector without introducing new risk.
Learn more about the session and reserve your seat here.
Agentic AI for AppSec: Conversational Static Analysis with LLMs
Viswanath S Chirravuri, Product Security Director (Thales)
Thursday, March 26 | 1:30 PM – 2:20 PM PDT | Moscone West 3011
This session demonstrates how agentic AI and conversational large language models can transform Static Application Security Testing (SAST). The demo features an AI agent that integrates Semgrep scans with OpenAI’s GPT to provide natural language vulnerability analysis and remediation guidance, allowing developers to interactively find and fix security issues on local workstations or within CI/CD pipelines.
Learn more about the session and reserve your seat here.
OASIS CoSAI: Addressing What’s Next in Securing Enterprise AI
J.R. Rao, IBM Fellow & CTO, Security Research (IBM Research); Akila Srinivasan, Member of Technical Staff, Manager (Anthropic)
Thursday, March 26 | 1:30 PM – 2:20 PM PDT | Moscone West 3022
OASIS CoSAI brings together over 40 organizations, including Anthropic, Cisco, Google, IBM, Meta, Microsoft, NVIDIA, and OpenAI, to develop vendor-neutral standards for securing enterprise AI development and deployment. This session covers how competitors collaborate on supply chain security, agentic identity, and threat detection, along with practical frameworks for model verification, incident response, and risk assessment.
Learn more about the session and reserve your seat here.
See You at RSAC
We are counting down to what promises to be a week of sharp research and valuable conversations. We hope to see you in San Francisco.
Connect with Flare at RSAC
We’re taking over The Fly Trap, 2 blocks from Moscone, as Flare’s home base for RSAC week. Submit a meeting request and our team will reach out to confirm a time. Available for 1:1s, coffee, or a conversation about what Flare is seeing in the threat landscape.
2 blocks / 6 min walk from Moscone
