Good day. Day one of the RSAC Conference in San Francisco, of course, dominated by artificial intelligence. This year, however, and whisper it quietly, there seems to be a more pragmatic appreciation of what AI is actually doing to cyber defense.

There’s a general sense that the conversation is moving beyond the excitement and somewhat starry-eyed (if those eyes belong to vendor salespeople) optimism and into the practicalities of a world where AI is very much a dual-use technology. Yes, it’s beneficial for defenders, but also attackers.

That means some oft-cited reassurances from AI prophets of the past about humans always in the loop may not be, well, true.

“You have to fight AI with AI,” Francis deSouza, chief operating officer and president of security products at Google Cloud, told me on a panel I moderated Monday. The speed of the attacks coming from adversarial agents, he said, means that humans simply won’t be able to respond to them in the near future.

Others put it more starkly.

“Having a human in the loop isn’t scalable,” said Emma Smith, global CISO at British telecom company Vodafone.

The conversation seems to be shifting from whether humans should manage the machines to whether humans should be involved at all in agentic defense, beyond oversight roles.

More from me on what I’ve heard around the Moscone Center below, plus other news.

• The role of the department's Office of Cybersecurity, Energy Security and Emergency Response would expand under the plan. Yet CESER staff has been cut by one-third and its budget request is $150 million for the coming fiscal year, down from about $200 million. 

New home routers made outside the U.S. are banned under a new order from the Federal Communications Commission, citing concerns about national security, espionage and intellectual property theft. China controls about 60% of that market and the U.S. isn't much of a manufacturing center for such equipment. (Reuters)

Mazda Motor disclosed a data breach resulting from a hack in December to a warehouse system for parts procured from Thailand. More than 690 records containing personal information about Mazda employees as well as business partners are at risk, the Japanese car maker said. 

Hacking tool marketplace Tycoon 2FA is back in business less than three weeks after law enforcement and tech firms took it down. In the days after Microsoft led a disruption operation, activity linked to Tycoon 2FA dropped to about one-fourth of what it had been, according to research from CrowdStrike. Now it is back to pre-takedown levels, the cyber company said. (Bleeping Computer)

• Further reading from WSJ Pro: Posing as cybercriminals, investigators shut down a platform that fueled more than 30 million bogus emails in a single month.

“ You got a lot of AI companies being spun up that aren't being founded by AI experts. That's unusual. You know, normally we know our problem space really well.” —Mike Fey, chief executive, Island.

— James Rundle

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten and James Rundle. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.