How Autonomous IT Is Redefining Enterprise Operations

AI is pushing enterprise IT toward something new, systems that do not just detect issues, but act on them.

At RSAC 2026 in San Francisco, Patrick Moorhead and Daniel Newman are with Matt Quinn, CTO of Tanium, to break down how Autonomous IT is reshaping operations, security, and decision-making at scale.

As AI agents accelerate across enterprise environments, the challenge isn’t just visibility, it’s execution. Autonomous IT shifts decision-making to the endpoint, enabling real-time action across millions of devices while reducing operational complexity.

🔹 Autonomous IT enables real-time decision-making at the endpoint to reduce system complexity
🔹 Enterprise security risks are evolving, from external threats to internal AI-driven exposure
🔹 AI adoption is outpacing traditional governance and control models
🔹 Human roles are shifting from step-by-step control to high-level oversight
🔹 Foundational visibility across endpoints is critical to enabling trusted automation

Tanium’s approach focuses on turning real-time data into immediate, secure action. They’ve developed solutions like Guardian AI Spotlight, which allows organizations to identify how AI is being used across their environments and ensure it aligns with security policies without slowing innovation.

AI is forcing a shift. Enterprises must move from reactive IT to systems that can act, adapt, and respond in real time, with humans guiding the system, not slowing it down.

Watch the full conversation at sixfivemedia.com and subscribe to our YouTube channel so you never miss an episode.

Disclaimer: Six Five Media is for information and entertainment purposes only. Over the course of this webcast, we may talk about companies that are publicly traded, and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors, and we ask that you do not treat us as such.

Matt Quinn:
Given the speed at which agents can execute, especially as we get into kind of multi-agent systems, speed of execution is going to be so quick. Putting humans in the loop where they used to be is actually going to slow things down. Putting them on top and building very, very sophisticated governance and auditability and visibility tools is, I think, is the better approach.

Patrick Moorhead:
The SIx Five  is On The Road here in San Francisco at RSAC 2026. Daniel we knew it was going to be about A.I. and well it's been about A.I. And if you look back the last few years really it's gone from hey how do we control access to how do we control the agents and pretty much everything in between.

Daniel Newman:
Yeah well we're seeing just this massive inflection point right now Pat. RSA has a completely different tone this year. You know last year we were on this rise but I think in the last few months the open claw perplexity computer the next generation of LLM and seeing enterprises really starting to adopt this stuff is creating a whole new set of opportunities. for the black hats and the troublemakers and a whole new set of challenges for those people here, mostly the good guys here at RSA that are trying to protect the data, the applications, the control, the networks. So it's a big moment, Pat. I'm glad to be here.

Patrick Moorhead:
Yeah it is. And the optionality just increases complexity out there and the time it takes to pull everything together. And Danny we always like to say it's never this technology or another technology. It's pretty much over the last 50 years we just pretty much layer everything on top of each other. And what I'm excited to do is talk about the autonomous enterprise. And we have the CTO of Tanium Matt Quinn. Matt Welcome to the show.

Matt Quinn:
Great to be here.

Patrick Moorhead:
I loved chatting with you earlier in the week or last week as a nice little warm-up. Had a lot of fun. Maybe you didn't have as much fun as I did.

Daniel Newman:
I know. It was good.

Patrick Moorhead:

 It was really fun.

Daniel Newman:
I've got fond memories of talking autonomous IT. You know, he mentioned the Autonomous Enterprise. I think it all starts with the foundation. The foundation is autonomous IT. But let's We're tech guys. We love acronyms. We love to use hyperbole when we talk, especially analysts. We love that stuff. What is that? When you talk about autonomous IT, what do you mean and what does it really mean in practice for enterprise IT and security teams?

Matt Quinn:
Let me make it like a really simple example. You guys have got your own PCs, right? You've got your own tech. You spend probably a lot of time patching that machine, making sure that it's secure to the best of your ability, updating applications. So that's just you. And it probably takes 20 to 30% of your time. So imagine if you've got 10 machines you have to do it for. Imagine you've got 100 machines. What happens if you've got 1,000 machines? So you mentioned the layering. So we've had 40 years of layering of technology. For banking customers, it goes all the way back to the mainframe. So they've not just got 1,000 machines, they've got millions of machines, and they're all different. Even when you get the same machine from the same manufacturer at the same time, that can still be different. The management of that is just really complex. So the whole idea of autonomous IT is really simple. It's can we get back to doing work on the things that we bought and acquired to do work on. The idea behind autonomous is to make a lot of those decisions happen automatically at the end point. And clearly, huge amount of automation. And today, it's a huge amount of AI. And it's all based on the Tanium incredible architecture that has so much data to base those decisions off.

Patrick Moorhead:
That's smart. By the way, the conversation I were having last week was me doing a woe is me about my updates. It wasn't planned. But we all go through it. It wasn't planned, everybody. It, you know, we can make things very complex as tech defiles, and we do, create jargon, you know, you had talked about that. But the question is, if you are actually an operator and AI just keeps accelerating, what can people do to try to simplify and get their infrastructure ready for all the change? So having a platform for fast change.

Matt Quinn:
So look, I would say that there's one truth, and that is if you have a foundational understanding of where your machines are, what they're doing, and everything like that, you're in a far better position to take advantage of these trends that are coming. The people who don't know where their machines are, are they compromised, are they patched? Even basic things like who's using them, you're behind the eight ball. And so that's really what we're trying to do is give customers that even chance that they can have their patching run at the right level and all the rest of it, but that's just jargon because all it just means is I'm going to use my machine, I'm going to use the AI, I'm going to use these things to be more productive, to get more done without letting the technology get in the way. And that's the biggest thing we can do.

Patrick Moorhead:
So excuse my ignorance though, are there actually enterprises in 2026 that don't do what you said?

Matt Quinn:
Yeah, I would say a lot of them.

Patrick Moorhead:
Okay, I'm talking to the wrong ones, yeah.

Matt Quinn:
But here's, I think, the challenge.

Patrick Moorhead:
Or they're giving me the party line.

Matt Quinn:
But I think it's all a matter of degrees, right? So if you've got a zero day that comes out, doesn't matter who it's from, what it is, but let's say it's a pervasive zero day.

Patrick Moorhead:
Yeah.

Matt Quinn: 

You have a very short window in which to patch those machines to give yourself a half chance of being secure. So what autonomous IT does is speeds up that whole process, takes a lot of that choice out of it, it just does it. And it's great, because the end result is your machines are patched, you're more secure. Most people will say they're secure or they're patched, but after 30 days, after 60 days, after 90 days, and that's where the problems start. Yeah, it makes sense.

Daniel Newman:
So agents, Red Hat, one of the themes of this event, Stems from the word agency. Yes. Agency is the…

Matt Quinn:
you know, what we give to our… And we're getting into the philosophical part of the conversation.

Daniel Newman:
We're going to do this briefly.

Patrick Moorhead: Daniel, invariably, they don't ask a 10-part question.

Daniel Newman:
So be ready. Then there will be a 10-part, and you won't remember what I'm asking you when we're done. But the idea, right, even when you had employees working on your team, or you now have employees with agents working on them, is it really becomes productive when the agent can take the agency and do something on your behalf. That comes with all kinds of risks, right? To get there, there's real work to be done. They have to be secure. It has to be reliable. It has to be grounded. How do we actually make this? What's your read on how we actually make this progress? Because I think we want to deploy agents. We all want to benefit from them. But I'm hearing, I think I heard in a last interview, by the way, a stat like something like 80% of enterprise AI projects have kind of stalled because of compliance security. I don't know if that's the stat, but that number is going around.

Matt Quinn:
So I want you guys to cast your mind back. let's say 15 years, and we were having, you could have replaced the word agency with cloud. And we were all having that same conversation, like is the cloud safe enough? Is it for everyone, who can go there? With agents and agency and all the rest of it, there is a generational shift. It is a really large generational shift. Larger, I think, personally, larger than what we saw with the shift to cloud. I would argue and say that while agents and AI are predicated on the internet being a thing, really AI is larger than the internet in terms of an impact on society and everything else. But if you if you look at how we handle these things there's an element of time. People have to get comfortable. They have to get comfortable that the governance is in place. They have to get comfortable that the kill switches or whatever else are in place. But over time they become less important because they become bedrock. And that's what we're at the moment. We're still in that very early stages where a lot of the horror stories of failed projects and lack of ROI, that'll give way to sensible thinking, solid governance. And then I think we're going to see this generational shift in how we build software. you know, how much agency we could actually give to a machine to help us with our jobs or to do our jobs. It's all a matter of time.

Patrick Moorhead:
You've talked about AI enabling, hey, what is the problem, but also the resolution.

Matt Quinn:
Yep.

Patrick Moorhead:
Where is Tanium putting the human in the loop to basically talk about how we don't get locked outside the bay doors?

Matt Quinn:
I would actually say that three years ago, Our customers very clearly said we want a human in the loop at every step. We want it to be there when it's forming the plan, as it's executing the plan, as it's rolling through and making changes. We are seeing a shift because as people get comfortable with the results and they start to trust, trust becomes a really big word, as they start to trust, they're looking for oversight. So rather than being in the middle, they're putting themselves on top, which frankly, given the speed at which agents can execute, especially as we get into kind of multi-agent systems, speed of execution is gonna be so quick. Putting humans in the loop where they used to be is actually gonna slow things down. Putting them on top and building very, very sophisticated governance and auditability and visibility tools is I think is the better approach. That's what we do. We've been doing more layers for 40 years. We didn't like the mainframe, what did we do? Open systems, so we stuck some stuff over the top. Didn't like that, we had to plug it to the internet, more layers. It's layers all the way down.

Daniel Newman:
It creates a lot of economic value. You have more stuff to buy, right? So RSA is a beacon of light to the innovation of the future, right?

Matt Quinn:
You're trying really hard not to smile when you say those words.

Daniel Newman:
I'm doing my thing. But I mean this is like the place where they come together. You know we're talking about you know what the platform needs to look like. What does security need to be in order to get us into the future. What are you? Here's your little commercial moment. What is Tanium delivering here at RSA? Or what are you talking about here at RSA that's bringing autonomous IT to life for your customers?

Matt Quinn:
So look, there's one thing, just because we've been talking about AI, and I think it is a topical one, is the guardian spotlight for AI. So we have this… We have this technology called Guardian, which we use to alert customers to things going on in the industry. We recently did one that was Windows 10 to Windows 11 upgrade. Just helpful things, hey, you should know. The one that we've been working on and we just released this week has been around A.I. and around making sure that the use of A.I. within companies is within policy that they're not accidentally exfiltrating data that they shouldn't to some sort of open model that no one actually knows about. And it's it's not about stopping. But it's about identifying and finding out, and then hopefully doing some governance and education. Because what a lot of the problems we see at the moment, it's just the education of AI. Because it's moving so rapidly, people don't really know all the dangers. Hey, it's OK. Let's upload that spreadsheet of everyone's payroll. To a open system we wouldn't do that today on a cloud service and we're learning those same lessons for a I. So Guardian I had the Guardian A.I. spotlight is is definitely a big one.

Daniel Newman:
Yeah that's very topical. That's an interesting one now right with everybody setting up their own cloth. Everybody you know. I just mean like security people have to be having just again just an absolute hoot watching all these kind of novices standing up all their infrastructure and just handing the keys to them.

Matt Quinn:
But it's always interesting because security is always about risk and risk management ultimately. And the promise of A.I. and the productivity gains and what it can do in the evolution. is all the way on the scale. So you've got to make sure that the way you manage that from a security point of view, that you don't kill it accidentally by putting too much around it and surrounding it. We need that innovation, but it needs to be educated innovation.

Patrick Moorhead: 

Yeah, Claw was a good thing. I mean, it showed unshamed AI on the client side computer and what it could do. And every good tech needs brackets. It does. Which is, you know, there's doing nothing and getting nothing. There's putting it to 11 and absolutely breaking every rule and kind of seeing what happens. And this claw exercise showed, you know, well, I'm not doing it, or this is why we shouldn't do this. I think it's probably good for security professionals.

Matt Quinn: 

Yeah. I think things like AI, the way it is today, Open cause a great example of of those those moments in time. Those inflection points like I was always going to be a transformative technology when it grew up.

Patrick Moorhead:
Right.

Matt Quinn: 

Open call just happens to be that very ragged edge to that. Right. But it showed what the future could be. Yes. Like we always laugh about things like web van from back in the Internet era. But web van stumbled so that things like Amazon could run. I think that you look at you know you look at open core and you look at kind of ambient agents in general. It's pointing to where the future is. We should embrace that. Right. But we also should make sure that people aren't putting their fingers on the hot plate.

Daniel Newman:
Right. I'm totally here for it. It's just you know it's like watching those robots that are showing you how they can break dance until they collapse into pieces. Matt this was this was a lot of fun. We should do this again sometime. Congratulations all the progress here and have a great rest of your RSA conference. Thanks for having me. Thanks. And thank you everybody for being part of this 6-5. We are on the road here at RSAC 2026 in San Francisco. Subscribe, be part of all of our 6-5 coverage here at the event and we appreciate you being part of our community. Gotta go for now though. We'll see you all later.

‍