At RSA 2026, multiple vendors walked conference audiences through agentic systems hunting data lakes, triaging hundreds of alerts autonomously, correlating threat signals across enterprise environments at a speed no human analyst team could match. The framing was consistent across keynotes and breakout sessions: your bandwidth is no longer limited by the size of your SOC team. Agentic AI removes the constraint. The promise, as pitched, is that organizations can now defend like a large enterprise regardless of how many analysts they have on staff.

What the demos did not show was the cost model underneath.

Each of those hunts consumes tokens. Each investigation runs against data ingested at scale. Each autonomous remediation action chains together inference calls that, individually, look trivial, and that at production volume, in an enterprise environment, processing thousands of alerts daily, add up to a cost structure that most of the organizations in that conference hall have never modeled. The conversation on stage was about capability. The conversation that needs to happen next is about who can actually afford to run it.

What Google’s preview reveals about the pricing architecture

Google’s agentic SOC product, currently in trial through mid-2026, gives a useful window into how this scales in practice. The trial measures usage in trial runs, where a single trial run equals one investigation performed by the agent, and imposes rate limits on how many investigations an organization can run per hour before being throttled. These are not arbitrary design choices. They are a pricing architecture in preview. The message embedded in that architecture is clear: agentic security operations are a metered service, and the meter runs whether or not the investigation was necessary, whether or not the alert was real, and whether or not the outcome changed anything.

This matters because the most honest productivity argument for agentic SOC tools rests on volume. The value proposition is not that agents handle the interesting cases better than skilled analysts. It is that agents can absorb the enormous volume of routine, low-quality alerts that currently consumes most of a SOC team’s working hours. Roughly 960 alerts per day is the current average for a mid-sized organization, and large enterprises face more than triple that. The agentic model addresses that backlog. But absorbing 960 alerts per day through an inference-based pipeline, at enterprise data ingestion rates, in an environment where the cost-per-investigation is not yet publicly documented or widely benchmarked, is a financial commitment that most organizations have not yet priced out. The vendors are not volunteering that calculation on stage.

The asymmetry the demos do not name

The issue is not that agentic security operations are overpriced. The market is too early to know that. The issue is that the affordability question is being systematically deferred in public conversations about capability. The enterprise audience at RSA can likely absorb whatever pricing structure eventually stabilizes. For them, the relevant question is implementation complexity and integration cost, both of which are substantial but navigable. The organizations that the affordability gap actually threatens are the ones not in the room: mid-market companies running lean security programs, public sector agencies operating under procurement constraints, critical infrastructure operators in sectors that have historically underinvested in security tooling.

These organizations face the same threat landscape as the enterprise clients in those keynote demos. The AI-generated zero-day pipeline that the SANS panel identified as the most dangerous new attack technique does not distinguish between targets by security budget. The acceleration of attacker capability that was the conference’s dominant theme applies uniformly. The defense, as currently priced and packaged, does not.

Conference economics assume a force already exists

There is a structural asymmetry in how the industry discusses this. Conference presentations are designed for the organizations with the budget to buy what is being presented. The case studies feature enterprises. The ROI calculations are built on enterprise alert volumes and enterprise staffing costs. The comparison point is always the fully-staffed SOC that the agentic system is meant to augment or replace. For an organization that never had a fully-staffed SOC to begin with, and that is also the modal organization across most of the economy, that comparison does not land. The force multiplier argument only works if there is already a force to multiply.

Urgency and affordability are different questions

None of this diminishes the genuine operational advance that agentic security tools represent. The capability is real. The speed advantage is real. The argument that defenders need to operate at machine speed because attackers already do is correct and urgent. The point is that urgency and affordability are separate questions, and treating one as an answer to the other creates a gap that the industry has so far declined to name directly.

The conversations happening on vendor floors and in breakout sessions about token costs, data ingestion pricing, and per-investigation economics are more honest than the keynotes. Practitioners who have moved past the pilot phase know that the meter runs. The next necessary step is for those conversations to move to the main stage, because the organizations that most need affordable agentic defense capability are the ones least equipped to navigate opaque pricing through procurement negotiations. They need the field to reckon with the affordability problem before they are priced out of the solution.