RSAC Innovation Sandbox: Where Cybersecurity Giants Are Born

Why Does the RSAC Innovation Sandbox Matter for Cybersecurity's Future?

Learn more about energy secretary wright: u.s. not ready for hormuz escorts

For two decades, the RSAC Innovation Sandbox has operated as cybersecurity's most accurate predictor of industry success. The contest's alumni network has attracted over $50.1 billion in investments and completed more than 100 acquisitions, creating a track record that few industry competitions can match.

The numbers tell only part of the story. Behind these figures lies a generational cycle of innovation where founders acquire other founders, building on accumulated knowledge and proven foundations.

This pattern has created a tight-knit ecosystem that continues to shape cybersecurity's evolution. "We see one founder buying another founder buying another founder," says Cecilia Marinier, vice president of innovation and scholars at RSAC. "Think about the amount of accumulated knowledge, and how powerful it is to continue to build on such solid foundations."

What Does the Innovation Sandbox Track Record Reveal?

The contest's alumni network demonstrates a remarkable pattern of interconnected success. Last year, Donnchadh Casey and James White, CEOs of Calypso AI, sold their company to F5.

F5's current Chief Product Officer is Kunal Anand, who stood on the RSAC 2016 Innovation Sandbox stage as co-founder of Prevoty. His company was acquired by Imperva, the 2007 contest winner. This interconnected web of success stories validates the Sandbox's role as an industry talent incubator.

Oliver Friedrichs, currently GM of CrowdStrike, appeared on the Innovation Sandbox stage twice. He won in 2016 with Phantom, acquired by Splunk, then returned as a 2023 finalist with Pangea, later acquired by CrowdStrike.

Ali Golshan, a 2017 finalist with StackRox, went on to sell Gretel AI to Nvidia. Rehan Jalil, the 2020 winner who brought Securiti AI to the stage, saw his company acquired by Veeam for $2.7 billion. "That's with a B," Marinier notes, underscoring the scale of value emerging from the Sandbox alumni network.

What Makes a Winning Cybersecurity Startup?

For a deep dive on jim cramer's 3 stock market themes for post-oil shock, see our full guide

The 2026 finalists reveal where enterprise security is heading. This year's Top Ten take the stage at Moscone Center in San Francisco on Monday, March 23, each delivering a three-minute pitch to seasoned industry judges.

The lineup addresses enterprise security's most urgent challenges:

For a deep dive on brent crude oil tops $100: impact on sports & events, see our full guide

Agentic AI governance: Token Security and Geordie AI tackle the governance of AI agents and machine identities at enterprise scale.

Non-human identity management: Glide Identity verifies users instantly without passwords or SMS codes.

Social engineering defense: Humanix stops social engineering attacks by detecting and responding to threats targeting people.

Supply chain provenance: Crash Override embeds in CI/CD to capture build execution data that APIs can't access.

AI-native code security: ZeroPath replaces traditional SAST, SCA, and secrets scanning with a single AI-native engine.

Additional finalists include Charm Security, which uses its agentic AI workforce to target scams and human-centric fraud. Clearly AI delivers AI-powered software reviews, Fig Security fixes broken security flows across SecOps stacks, and Realm Labs monitors AI's "thoughts" during inference.

How Does AI Shape This Year's Competition?

"The most disruptive technology right now is obviously AI, and it's bringing with it some brand-new security challenges that are being developed at the same rate that AI is evolving," Marinier explains. "Our finalists are bringing cutting-edge solutions for tackling those problems and beating those nefarious actors."

Agentic AI emerged as the dominant theme this cycle. Governance for AI, continuous monitoring, automation, and SecOps resilience all feature prominently in the top 10.

From threat modeling to using agentic AI and controlling against agentic AI infiltrating systems, the finalists address the full spectrum of challenges. "It's the call to action to today and tomorrow's security leaders," Marinier says.

What Makes the Selection Process So Rigorous?

One secret behind the Sandbox's track record is the rigor of its judging panel. This year's panel includes:

• Nasrin Rezai, SVP & CISO at Verizon
• Larry Feinsmith, head of global technology strategy at JPMorganChase
• David Chen, head of global technology investment banking at Morgan Stanley
• Paul Kocher, cryptographer and entrepreneur
• Niloofar Razi, operating partner at Capitol Meridian Partners

"We're very careful about how we put together the panel," Marinier explains. "They have to represent a variety of perspectives, including an eye for startups that are likely to have positive trajectories."

RSAC itself plays no role in the selection. The judges select the companies independently, as they have for the past 20 years. This independence gives the contest its industry credibility and weight.

What's the Value of the $5 Million Investment?

Beginning in 2025, as part of the contest's 20th anniversary, all 10 finalists receive a $5 million investment in the form of a SAFE note, funded by Crosspoint Capital. While it's early days for measuring the full impact, Marinier points to the trajectory of ProjectDiscovery, last year's winner.

The funding launched ProjectDiscovery from a hopeful startup to a company with enough traction to hire experienced industry professionals who wouldn't have previously considered an early-stage startup. The recognition attracted top talent because the company was clearly heading somewhere.

"The money is ultimately about extending the runway," Marinier adds. "The SAFE note gives finalists breathing room to scale infrastructure and capitalize on the visibility the contest generates, before the spotlight fades."

What Other Programs Support Cybersecurity Innovation?

The Innovation Sandbox contest is the flagship, but it's the centerpiece of a significantly larger innovation infrastructure. In the past decade, RSAC's innovation programming has touched more than 1,000 companies across multiple programs.

Launch Pad, now in its sixth year, functions as the Sandbox's "little brother." This Shark Tank-style forum gives earlier-stage companies real feedback from judges without declaring a winner.

The Early Stage Expo features 78 companies this year, giving attendees a window into what's coming down the pipeline. It sits alongside the conference's 600 main exhibitors, creating a comprehensive view of the industry landscape.

The Innovation Showcase runs year-round, not just during conference week. Live Q&A sessions between entrepreneurs and audiences continue into RSAC's new membership platform, sustaining connections across the full year rather than just five days in San Francisco.

A dedicated track for investors and entrepreneurs features VCs sharing forward-looking perspectives, sessions on fundraising strategy, and design partnership frameworks. For the next generation, RSAC's Security Scholars program selects 60 students from universities across the country, with 22 presenting research posters on Wednesday of conference week.

"The security scholars are presenting their research that could lead to nascent technology," Marinier says. "They're in the early phase, working their way up the ladder. One day they'll make it onto our stages, and after that, the world's their oyster."

Why Should Cybersecurity Leaders Attend RSAC Conference?

For CISOs, founders, investors, and engineers serious about cybersecurity's future, the value proposition is clear. The Innovation Sandbox offers unparalleled access to emerging technologies and the minds behind them.

"Building a safer society requires bold ideas, and new technologies, and real-world solutions," Marinier says. "RSAC Conference is bringing together some the newest, the smartest, the most innovative security perspectives in the industry for critical conversations about solving the security problems the world faces."

The contest kicks off at Moscone Center on Monday, March 23 at 9:30 AM PT. Winners will be announced by approximately noon the same day.

What Should Business Leaders Take Away?

The RSAC Innovation Sandbox has proven itself as more than a startup competition. It's a launching pad for cybersecurity's future leaders and a reliable indicator of where the industry is heading.

With $50.1 billion in investments and over 100 acquisitions among alumni, the contest's track record validates its role as the industry's premier talent incubator. The interconnected success stories of founders acquiring other founders create a powerful ecosystem of accumulated knowledge and innovation.

Continue learning: Next, explore ai comments on hacker news: why human conversation matters

This year's focus on agentic AI governance, non-human identity management, and AI-native security solutions signals where enterprise security challenges will intensify. For business leaders, investors, and security professionals, the Innovation Sandbox offers invaluable insights into technologies that will shape cybersecurity's next decade.