This year’s RSA Conference brought together over 44,000 attendees, 730+ speakers, and 450+ sessions — all in one week in San Francisco. It’s one of the biggest gatherings in security, drawing CISOs, IT leads, engineers, vendors, and everyone in between. Naturally, we had to be there.
Tailscale showed up with a booth (with a pretty good slogan, if we do say so ourselves), a lightning talk, happy hours, and a lot of curiosity about what people are really struggling with when it comes to modern security.
The mood: curiosity, realism, and urgency
You could feel it in the conversations: AI is shaking things up, and no one’s quite sure what the endgame looks like yet. Everyone’s asking questions: What new threats are around the corner? What old systems are no longer good enough? How do we actually modernize?
For many attendees, it’s clear that the answer won’t come from bolting AI onto outdated infrastructure. Instead, the sentiment we heard again and again was this: It’s time to leave legacy tooling behind—especially legacy VPNs.
“Drop your VPN. Not your standards.”
That was our booth message this year, and it resonated. More than 2,000 people stopped by to chat with us, including security engineers, IT leads, students, founders, and channel partners. In a twist we didn’t expect, I had dozens of people stop me in the hallway — not the other way around — to say something like, “Hey, I saw your sign. I want to drop my VPN. How do I do that?”
Legacy VPNs just aren’t cutting it anymore. They're expensive. They break constantly. They frustrate engineers, lead to shadow IT, and aren’t built for remote teams or cloud infrastructure. A lot of folks we met had already hit the breaking point.
For them, switching isn’t optional — it’s overdue.
Conversations that stuck with us
At a fireside chat, Microsoft’s Global CISO told a story about his kid cloning a sibling’s voice for a prank call using free AI tools—within minutes. It was a reminder: the tools are out there, the threats are fast-moving, and we need defenses that are just as agile.
In nearly every conversation, the same questions came up:
- How is Tailscale different from a VPN or [insert vendor here]?
(Short answer: We're built for modern infrastructure. No hardware. No single point of failure. No headaches.) - Are you a Zero Trust solution?
(Yes—but we think "Zero Trust" is only meaningful if it actually improves security, visibility, and developer experience. Not just as a label.) - What’s the business value? How fast can I roll this out?
(Teams roll out Tailscale in hours, not weeks. And the value shows up in the form of fewer tickets, faster engineering velocity, and lower risk exposure.)
These weren’t just curiosity questions—they were real buying questions. A lot of teams are actively re-evaluating their stack, looking for security tools that are faster, leaner, and built for the way they work now.
The theme that ran through it all: Security teams don’t want more tools—they want better outcomes. That means reducing blast radius, making user access more auditable, and moving fast without breaking things.
Trends worth noting
AI was the dominant theme, as expected. But what stood out wasn’t the usual hype. It was that even security teams — traditionally risk-averse — seemed more willing to explore new ideas, new tools, and new ways of thinking. From a marketing perspective, there were still many companies touting “Zero Trust” as a buzzword, but without really defining what the value they offer is. This wasn’t just a “walk the expo floor and collect stickers” kind of show. People came ready to talk. Not just about tech, but about the real pain points they’re wrestling with: legacy infrastructure, poor visibility, fractured security models, and frustrated developers. Some of the best conversations happened in quiet corners, not conference rooms.
A lot of people at RSAC already use Tailscale at home. Even if they hadn’t deployed it at work (yet), they were fans. “My home network just works because of Tailscale, and I love it,” was something we heard more than once. As you can imagine, the conversations that followed that statement were fun for me and mainly revolved around “Well if it works so well at home, why not bring Tailscale to work?”
What’s next
We left RSAC energized. Tailscale is here to help security teams modernize — not just by replacing VPNs, but by making secure access simple, transparent, and actually pleasant for the people who rely on it.
We’ll keep building the tools that help security leaders manage their infrastructure, reduce risk, and avoid unnecessary complexity. We’re also continuing our VPN buyout offer — if you’re stuck in a painful contract with something like Cisco AnyConnect, Palo Alto GlobalProtect, or Fortinet FortiClient, get in touch. Yes, really.
Next year? We’re going bigger. Expect more space, more execs, and more deep-dive conversations. If you’re facing challenges in secure access, identity, or infrastructure modernization, we want to help. But if you’re already ready to switch, there’s no need to wait — reach out now and we’ll help you get started.
Shoutouts
A big thank-you to the partners and friends who helped make the week great: Heavybit, Anchor, Insight Partners, Jamf, Accel, AWS, NVIDIA, and everyone else who stopped by the booth, took part in a demo, grabbed some swag, or shared a story of how Tailscale has changed their networking lives.
You don’t have to wait until RSAC 2026 to catch us again — we’ll be at GrafanaCON in Seattle (May 6–8) for a session on using Tailscale to monitor a 14-foot drone boat across the globe, and hosting a nearby community meetup on May 8 for Tailscale fans and networking folks. Later this month, Tailscale CEO, Avery Pennarun will take the stage at Web Summit Vancouver (May 27–30) to talk about securing AI’s future.
Sydney Rossman-Reich
