Before the RSAC Conference 2026 expo floor opens, Subo Guha of Stellar Cyber draws a sharp line between AI that has been proven in production and AI being sold on conference-season enthusiasm. This conversation is the framework every security buyer needs before walking the show floor.
Every vendor at RSAC Conference 2026 will have an autonomous SOC story. Subo Guha, Senior Vice President of Product Management at Stellar Cyber, has been building the real thing for over a decade -- and he has one question every buyer should ask at every booth: can your platform explain why it reached its verdict? Stellar Cyber's autonomous SOC provides a full case summary for every true positive, showing the forensic evidence chain, threat intelligence correlations, and specific observables that led to the conclusion. SOC analysts can review, challenge, or override -- and that feedback loop is how the system improves.
The threat landscape has shifted in ways that validate Stellar Cyber's original architecture. LLM-generated attacks have collapsed the time to launch a sophisticated phishing campaign from weeks to minutes. Stellar Cyber was built to serve the mid-market and the MSSPs that protect it -- organizations that face identical threats to enterprises but without enterprise resources. A unified, multi-tenant platform means MSSPs onboard new customers in minutes. An open data ingestion engine works with whatever tools are already in place -- no EDR lock-in, no rip-and-replace.
At the center of the platform is a correlation engine that transforms thousands of individual alerts into a manageable set of high-confidence cases. An identity compromise driving lateral movement across dozens of alerts becomes one case with a clear recommended action. Subo describes this as the difference between drowning in noise and focusing on decisions that actually require human judgment -- and it is the foundation the autonomous SOC layer is built on.
Subo is direct about what the hype gets wrong: the claim that organizations can dramatically cut SOC headcount because AI has it covered is not happening. The realistic version of autonomous SOC is a force multiplier -- digital agents handle the continuous, high-volume triage work that consumes analyst hours, freeing humans for the cases that require context and institutional knowledge. A system that automates without explainability does not reduce risk. It relocates it.
Stellar Cyber will be at booth S327 in the South Hall at RSAC Conference 2026, right at the bottom of the escalator. Live autonomous SOC demonstrations will be running throughout the event, with real-world results from customers already in production. The team also has a barista on site -- a detail Subo was particularly keen to mention for Marco Ciappelli.
This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight
GUEST
Subo Guha, Senior Vice President of Product Management, Stellar Cyber
https://www.linkedin.com/in/suboguha/
RESOURCES
Learn more about Stellar Cyber: https://stellarcyber.ai
RSAC Conference 2026 Coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage
Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight
KEYWORDS
Subo Guha, Stellar Cyber, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, autonomous SOC, Open XDR, MSSP security platform, AI-driven security operations, agentic AI cybersecurity, threat detection and response, RSAC Conference 2026, SOC analyst tools, multi-tenant security platform, LLM-generated attacks, security operations center, SIEM NDR unified platform
Ahead of RSAC Conference 2026: The AI Hype Is Real -- But So Is the Risk of Getting It Wrong | A Brand Spotlight at RSAC Conference 2026 with Subo Guha, Senior Vice President of Product Management of Stellar Cyber
[00:00:00]
Sean Martin: Marco,
[00:00:01]
Marco Ciappelli: Sean, are we there yet? Are we there yet?
[00:00:03]
Sean Martin: It's getting so close. So close. I can smell it.
[00:00:06]
Marco Ciappelli: Did you fill up the gas tank?
[00:00:09]
Sean Martin: You know, I'm not in charge of filling up the tank because I'm flying.
[00:00:17]
Marco Ciappelli: No, no, no. I'm gonna go straight Burbank to Oakland. That should be pretty easy and I don't have to worry about refilling the tank. We were talking about that with Subo before we started recording -- things are going crazy, but that's just how it is.
[00:00:34]
Sean Martin: It is how it is. Subo, how are you?
[00:00:36]
Subo Guha: Good. Good. How are you guys doing?
[00:00:38]
Sean Martin: Doing great. RSAC Conference is right around the corner and we're excited to see you there.
[00:00:47]
Subo Guha: Yeah, we're getting thrilled. It's about to come and we have a lot to talk about. As we talked last time, a lot of good things we want to discuss.
[00:00:56]
Marco Ciappelli: Yeah. And that's why we're here. We're kind of teasing what we're expecting there, what the conversation we're gonna have, and then we'll check back and see if we were right or wrong. Right?
[00:01:10]
Sean Martin: Yeah. Well, we'll have a good chat on site as well to get into some of the nitty gritty. But before we do that, some folks have probably heard you on the show before, but I'm gonna guess there are a few new ones because we're always getting new people listening. A few words about what you're up to, Subo, and what's going on at Stellar Cyber.
[00:01:35]
Subo Guha: Yeah, sure. So I'm with Stellar Cyber. We're one of those innovative security operations -- SecOps -- software companies. I head product, so I'm responsible for the product direction, strategy, and delivery. We've been a SecOps software tool sold as a platform. The founders quickly found out there was a lot of tool sprawl going on.
You have to buy a tool for SIEM. You have to buy a tool for endpoint. You have to buy a tool for identity attacks. We clearly said no -- we want to serve the MSSP market, which doesn't have a lot of staff like enterprises do. So it needs to be a unified platform. And from day one, it was built with AI in mind.
As you fast forward, now everybody's talking about AI, autonomous SOC, agentic AI. We were way back a decade ago talking about machine learning. Everything we did -- all the layers of our platform -- was AI based. And then we announced with you, a year ago at last RSAC Conference, that we're going to be a leader in the autonomous SOC, agentic AI.
And we're here. We're actually gonna talk about customers using our autonomous SOC. We started early with AI. We're like the adults versus a lot of the new kids on the block trying to say they can do it. But ours is more professional -- with history, with maturity and experience comes the ability to execute.
[00:03:12]
Sean Martin: Yeah. And I'm gonna put you on the spot a little bit. Ten-plus years ago, you had a vision for what you wanted to accomplish. How does that look now compared to what you foresaw, and if there are changes, how did you navigate those to actually achieve what you have available?
[00:03:35]
Subo Guha: Yeah. The vision from the start was a unified platform that can take the entire lifecycle of what a SOC does -- how to discover, where to get the alerts, how to protect, how to contain. Fast forward 10 years later, the amount of attacks happening have gone crazy. AI is helping the bad actors too. LLM-generated attacks -- what used to require manual work can now be done in minutes.
So the volume of attack surface has gone so crazy that unless you have unlimited budget to keep adding humans and SOC analysts, you can't maintain the velocity of threats coming. Our vision was to be a SecOps platform for the masses -- not just serve those with heavy budgets like enterprises or government. We wanted to serve the mid-market, because the threats don't care what size company you are.
We were fortunate to build our product to be MSSP-friendly -- who serves that mid-market as well as very large customers. There are far more mid and small customers than large enterprises, and it's a much more scalable business. So we built our product to be multi-tenant.
And now look -- we knew AI was important and now everybody's talking about it. You can't imagine going through a booth at RSAC Conference without hearing AI, autonomous. What we're going to say is: we've already thought about this and it's here. Let's talk about how our product gives you a true positive and why you should be comfortable. Because everybody can automate.
[00:05:47]
Marco Ciappelli: Let me ask you something. You mentioned buzzword, and I know that's what we're gonna hear on the expo floor -- it's gonna be all AI. You've been doing this since before it was even cool. Help me and the audience understand what is hype and what is the truth, or where we are standing right now.
[00:06:17]
Subo Guha: Yeah. AI is the transformative new technology -- like the internet was in the old days. AI truly is transforming because you can do in minutes what used to take a human person years of experience to accomplish. We can't process how fast an agent or AI can process things across multitudes.
So AI is not hype -- it's actually real. The fact that we've been using machine learning for decades, we clearly understood the value. Automation is important, but your grandfather's automation is not what's gonna work in this world. You now have GenAI LLM capabilities which are very capable of doing complex workflows and use cases.
AI is truly important and here to stay. It will transform how products are created, processes, and operational roles. It's not going to replace SOC analysts -- it's going to elevate the role of the SOC analyst.
Now the hype is: buy our agentic AI, autonomous SOC, and we'll solve world hunger. You have to have confidence in how the agents work and give back a result. Why we call ours human-augmented -- the humans are going to interact with our system and make it more intelligent. If you have overdependence on a new technology like AI, you're just assuming it's correct. That's not the case.
So we're making our roadmap so that our agents are constantly learning and also interacting with humans -- we can teach the system: yes, I know this is a problem, but it's not really an issue. Only a human today can think that way. The quality and accuracy of the verdicts these agents give -- there's a lot of hype there. Only those systems that have learned how to use AI properly and interact with humans to optimize it will be more successful.
[00:09:31]
Sean Martin: And the word sticking in my head is trust. Because this is an industry that's increasingly reliant on trusting the vendor as a partner -- not just grabbing a bunch of technology and hoping it works. So how do you establish that trust and connect that back to a program? It's not just the product can do X, Y, and Z in the lab. It's building trust in the environment where this stuff actually has to work.
[00:10:07]
Subo Guha: Yeah. We'll actually demo this at our booth. When we come back with the results and say it's a true positive, our agents are extremely transparent about relaying back why they came to that conclusion. There'll be a case summary -- this is why we think it is -- and then you'll see all the forensics: why we think this was a phishing or ransomware high-alert issue.
The trust comes with accuracy and the details of what's displayed, and then our system will interact with you: do you agree with this, or should we change the verdict, or should we ignore any of the analysis of the observables or threat intel?
Trust will come from repeated capability to bring accuracy in your findings. I have a slide that shows what the day of a SOC analyst looks like -- it is complicated. All the things they do to analyze a single alert, multiplied by a thousand alerts per day.
The only way to solve that is to keep adding bodies -- that's not scalable. Trust comes when they repeatedly say: Stellar Cyber, you told me these 10 this month, I agreed with all 10. Next month another 10, same accuracy. Once they start seeing that accuracy from the autonomous SOC, they'll have more trust. But it can't be blind faith. That's a fallacy -- that's never going to happen.
[00:12:03]
Marco Ciappelli: And what I hear is: everybody has their own need, every company has its own jewel to protect and its own way of doing it. So customization is important. It's not an out-of-the-box here's-AI-for-everybody solution.
[00:12:20]
Subo Guha: Yeah. That's the blood, sweat, and tears we put into building the product. AI is an enabler, but how you use AI to do the enrichment of an alert, normalize it -- the other thing we do is correlate. Just focusing on alerts, you'll get a needle in a haystack. Our AI correlates all the alerts into cases. You can have a thousand alerts and only need to focus on 10 cases, because there are commonalities.
Like if an identity hack happens -- somebody gets into your login and starts lateral movement -- that type of attack is probably triggering multiple alerts. If you didn't know how to correlate, you'd go through hundreds of alerts and miss that it's the same actor. That's a case. Block the user, don't let them in -- that's the action.
So you have to know how to use AI across the lifecycle of security operations. And you have to trust the data. With us, we have the feedback loop to make it a more intelligent learning system.
[00:13:39]
Sean Martin: So as people come to your booth, which is in the South Hall --
[00:13:45]
Subo Guha: Yeah. Actually right down the escalator, you'll see us.
[00:13:47]
Sean Martin: There you go -- S327, down the escalator. You serve a few different audiences: the analyst engaging with your platform, the SOC leader managing the team, security program managers, threat hunters, and MSPs helping small and midsize organizations. What do you expect them to come to the booth and find?
[00:14:31]
Subo Guha: So when we think of ICP -- ideal customer profile -- the buyer, usually the CEO of an MSSP or most senior executive, wants to understand value and ROI. Our tool versus a competitive tool. We talk about unification: you don't need 10 different tools. That saves time hopping between consoles. You can pick and choose any vendor -- we don't care what EDR you use. We're agnostic.
The openness and unification of the platform is what the decision maker wants to purchase -- especially MSPs where margins are slim and budgets are limited. They want to get up quickly. With our platform they're up in minutes -- we're multi-tenant. They want to know: how easy is it to use, does it solve the core problems, and does it allow me to scale and create more security services, which means more revenue?
The SOC analysts are fatigued. They just want to know what you can do to reduce their time to solve a problem. That's where our autonomous SOC and AI capabilities let them breathe. They want to understand the capability and extensibility of the platform.
We have an open ingestion data engine. If you don't have proper data ingestion, it's garbage in, garbage out. We knew that from day one. We built a very robust data engine so we can ingest from anywhere, then filter, normalize, and create more context on the alert. The secret sauce is the XDR platform enriching and creating cases from alerts -- and now we're introducing autonomous SOC, which goes into hyper automation.
We can rapidly triage alerts or phishing attacks and sift through thousands of alerts into a few cases, so you can remediate much faster. Things that took weeks now take a day or two. You focus on remediation instead of spending hours figuring out what the problem is. It elevates the SOC analyst so they focus on remediation, while the agents -- a farm of digital agents that don't sleep -- handle the busy work.
[00:17:51]
Marco Ciappelli: Very cool. Listen, Subo -- RSAC Conference, where we've been lucky enough to find you, is also a place where the community comes together, you talk in the hall, explain what you do. You're gonna have demos at the booth, so people should come over. We're excited to see you and we're excited to have you sit down on the couch with us to go deeper into this conversation.
[00:18:41]
Subo Guha: Yeah. While I'm there the first day or two, I can give you what we're hearing from customers and prospects at our booth, what we're hearing from friends in the infosec community. We want people to see we've got stuff running and we've got customers. And if you're tired, we have a barista -- come get some good coffee. I know Marco, you love Italian coffee. We'll have a latte for you.
[00:19:13]
Marco Ciappelli: For my cappuccino in the morning!
[00:19:15]
Subo Guha: Yeah, we'll make sure we have a latte there for you.
[00:19:17]
Sean Martin: There we go. Latte.
[00:19:18]
Marco Ciappelli: All right -- let's say goodbye. The booth is S327 South Hall, right down the escalator. Stop by for the espresso shots and the cappuccino. The show is at RSAC Conference.
[00:19:35]
Subo Guha: We're excited. It's about two more weeks.
[00:19:40]
Sean Martin: March 23 through 26th and we will see you there. Thanks everybody for listening and watching. Stay tuned for coverage at RSAC Conference -- itspmagazine.com/rsac. Thanks Subo.
[00:19:55]
Subo Guha: All right. Thank you.