Last week I covered five vendors making moves at RSA Conference 2026 that the major security suite announcements were drowning out. The response prompted a logical follow-on question: who else is working in these spaces? Below is the extended map, organized by the same five categories from that post. None of these companies made the Moscone Center headlines, but all of them are worth a line on your evaluation shortlist.
Identity and Deepfake-Resistant Authentication
The original post covered imper.ai's shift away from visual biometrics. Three other companies are attacking the same problem from different angles.
AuthID (authid.ai) is a biometric identity platform that goes beyond single-login verification. Its IDX product binds a verified identity to a persistent credential that travels with a user across devices and sessions, reducing the window where an attacker who has compromised one device can move laterally under a stolen identity. The company has also released Mandate, an identity layer specifically for AI agents, which anchors every autonomous agent to a biometrically verified human sponsor. For organizations deploying agentic AI workflows, that accountability chain is increasingly a compliance requirement, not just a security preference.
Nametag (nametag.co) is purpose-built for IT help desks, the exact attack surface that drove the MGM and Caesars breaches in 2023. Social engineering through support channels remains one of the most reliable entry points for threat actors, and Nametag's focus on real-time identity verification at the point of a help desk ticket is a direct response to that pattern.
Stytch, now part of Twilio following an acquisition, is a developer-first identity platform building fraud resistance into authentication flows at the application layer. It has added explicit support for AI agent authentication, including Model Context Protocol and monitoring for tools like OpenAI Operator. The Twilio acquisition raises the same long-term independence question that applies to Recorded Future: the technology is substantive, but the roadmap is now subject to a larger platform's priorities.
Threat Intelligence and AI-Assisted Malware Detection
Hive Pro's work highlighting Operation Olalampo and the Rust-based CHAR backdoor was the sharpest signal at RSAC 2026 that AI-assisted malware development by state-sponsored actors is no longer theoretical. These three companies are tracking the same threat surface.
Recorded Future, now part of Mastercard following a 2024 acquisition, brings large-scale threat actor tracking with machine learning analysis of dark web, technical, and geopolitical signals. Its nation-state actor coverage is among the deepest available commercially. The Mastercard acquisition raises questions about long-term independence, but the intelligence product remains substantive.
Eclypsium operates lower in the stack, at the firmware and supply chain layer. As AI-generated malware targets less-monitored surfaces like firmware, BIOS, and peripheral controllers, Eclypsium's approach of treating hardware components as attack surface deserves more attention than it currently receives.
KELA (ke-la.com) is an Israeli cybercrime intelligence platform with specific depth in dark web monitoring for nation-state adjacent criminal activity. For organizations in regulated industries with exposure to Eastern European or Middle Eastern threat actors, KELA's coverage fills gaps that broader platforms often miss.
Secure Enclaves and Isolated Workspaces
Replica Cyber's award at RSAC pointed to a real operational problem: security teams conducting threat research or testing agentic workflows need environments that are genuinely isolated from corporate infrastructure. Several other vendors have built around this requirement.
Island (island.io) builds an enterprise browser that enforces security policy at the application layer without requiring a separate network enclave. For organizations not ready to deploy full secure workspace infrastructure, Island's browser-first approach to isolation has strong practical uptake in financial services.
Authentic8 Silo provides cloud-isolated browsing specifically designed for sensitive research, open-source intelligence, and dark web investigation. Security operations teams using Silo interact with the external web through a remote rendering layer, leaving no local artifacts. It is a narrow product but it solves the specific problem of investigators exposing their corporate environment during research.
Deception Technology and Moving Target Defense
Acalvio's 360 Deception framework stood out because it was explicitly designed for autonomous attackers, not human operators who can be fooled by static honeypots. The broader deception technology category has significant consolidation history worth understanding.
SentinelOne now carries Attivo Networks' identity deception capabilities inside Singularity following its 2022 acquisition. If you are already a SentinelOne customer, you may have access to deception functionality that is not being used. The integration focuses specifically on lateral movement and credential-based attack paths.
Proofpoint similarly absorbed Illusive Networks, which built deception technology specifically around Active Directory environments. The emphasis was on making every lateral movement attempt by an attacker land on false credentials or false systems. Both acquisitions signal that the major platforms view deception as table-stakes infrastructure rather than specialty tooling.
Smokescreen Technologies deserves specific attention as a non-US vendor with a mature deception platform. Headquartered in India, Smokescreen was acquired by Zscaler in 2021, and its IllusionBLACK deception technology now lives within that broader platform. For organizations already in the Zscaler ecosystem, this means the capability may be accessible without a separate procurement. For those evaluating it independently, the acquisition context matters: the same question applies here as to Attivo inside SentinelOne and Illusive inside Proofpoint. The deception logic is sound. Whether it receives continued investment inside a large platform vendor is the variable to track.
Post-Quantum Cryptography and Quantum-Safe Infrastructure
ZeroTier's launch of its Quantum platform with hybrid post-quantum cryptography, or PQC, built directly into its transport protocol was one of the more architecturally interesting announcements at RSAC. The broader PQC space is accelerating, driven by the National Security Agency's CNSA 2.0 timeline and NIST's finalized post-quantum standards.
PQShield is a UK-based company providing semiconductor intellectual property and software libraries for post-quantum cryptography. Its products are designed to embed PQC into chips and firmware rather than layer it on top of existing systems. For organizations managing hardware procurement cycles of five or more years, PQShield's silicon-level approach is the right entry point for the CNSA 2.0 conversation.
Sandbox AQ, spun out of Alphabet, is building an enterprise PQC migration platform aimed specifically at regulated industries in financial services, government, and healthcare. Its cryptographic inventory and migration tooling addresses the operational problem most enterprises face: they do not know how much vulnerable cryptography they are currently running. You cannot migrate what you have not mapped.
Quantinuum, the combined entity of Honeywell Quantum Solutions and Cambridge Quantum, is developing quantum-safe key generation using actual quantum hardware. Its Quantum Origin platform produces cryptographic keys with a verifiably quantum source of randomness. For government and defense organizations where key provenance matters, this is a different category of product than software-based PQC libraries.
The Pattern Across All Five Categories
Three things are consistent across this extended vendor map. First, the major platform players have been acquiring the most mature point solutions, which means enterprise buyers can often access these capabilities inside existing contracts. The question is whether those acquired capabilities are being actively developed or are simply being maintained. Second, the non-US vendors, particularly in deception and post-quantum, are building with a threat model informed by different adversarial environments and are worth evaluating on their own terms. Third, the underlying driver in every category is the same: agentic AI systems make the attack surface faster, more adaptive, and harder to monitor with human-speed defenses. Security architecture that was designed for human operators on both sides of the threat is being stress-tested in real time.
The vendors in both this post and the original RSAC roundup are betting that the answer is security built for machine-speed engagement. That is the right bet. The question for every Chief Information Security Officer is which vendors will still be independent long enough to build the category, and which will be absorbed before the product matures.
Sources
AuthID. "Identity Continuity Platform." authid.com, 2026, https://www.authid.com.
Island. "The Enterprise Browser." island.io, 2026, https://www.island.io.
KELA. "Cybercrime Intelligence Platform." ke-la.com, 2026, https://www.ke-la.com.
National Security Agency. "CNSA 2.0 Cybersecurity Advisory." NSA, 2022, https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/3148990/nsa-releases-future-quantum-resistant-qr-algorithm-requirements-for-national-se/.
PQShield. "Post-Quantum Cryptography Solutions." pqshield.com, 2026, https://www.pqshield.com.
Sandbox AQ. "Cryptographic Inventory and Migration." sandboxaq.com, 2026, https://www.sandboxaq.com.
Smokescreen Technologies. "Deception Technology Platform." smokescreen.io, 2026, https://www.smokescreen.io.
