COMMENTARY: We’ve been hearing a great deal about Agentic AI in the cybersecurity community these past several months. Most of it has been cautionary tales about adversaries using Agentic AI systems to scale their targeted attacks against enterprises.However, more vendors and security teams are examining the use of Agentic AI to defend against attacks, leveling the playing field. Just recently, Microsoft announced new Agentic AI tools for its Security Copilot to help its education customers bolster defenses around cloud security. [SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]Agentic AI has already taken other industries by storm, such as customer service, retail, healthcare, and financial services. Regardless of industry, it’s a similar concept: Deploy AI-powered agents with the ability to independently learn, adapt, make decisions, and take action.Many security teams, especially lean, midmarket teams that lack access to the same budgets and resources as their larger enterprise counterparts, see great promise in what Agentic AI could do for them. Gartner reports that by 2028, at least 15% of day-to-day work decisions will be made autonomously through agentic AI, up from 0% in 2024.While the cautionary tales of bad actors tapping this technology deserve serious attention, it’s worth noting that Agentic AI can become an absolute game changer to combat the onslaught of never-ending cyberattacks.In short, Agentic AI operates similarly to a security analyst, but works faster, continuously, and tirelessly.For midmarket enterprises, this means having the protection of a SOC that operates independently without the additional cost of hiring dozens of security analysts. Because they tend to deal with small budgets and limited resources, mid-market SOCs can now stay effective without having to spend money on an expensive SOC team.
What makes Agentic AI different?
Autonomous decision-making and continuous learning are the two leading attributes that present significant opportunities for lean security teams. Instead of being a passive collector of data or an execution mechanism for predefined rules, Agentic AI can adapt and make decisions in real-time. Here’s what that means:- Autonomous decision making: Unlike traditional IT agents that wait for the next command, Agentic AI can autonomously detect a potential threat and decide to investigate it. Further, the AI agent has the ability to mitigate threats without human intervention.
- Refined, context-aware adaptability: Agentic AI doesn’t just follow pre-programmed logic. These more advanced agents are designed to learn from their environments and understand attack patterns based on past responses. Like human analysts, they refine their response actions through feedback loops to drive continuous improvement.
- Intelligent, goal-driven execution: While traditional automation software gets programmed to learn and take over repetitive tasks, Agentic AI chains multiple security actions together. It has the power to think deliberatively about the broader security picture, enabling it to achieve goals faster.
Use Agentic AI to automate SecOps
Agentic AI makes it more achievable than ever for lean security teams to transition their security operations centers (SOCs) to a more modern, autonomous model. Moving to this model has many benefits for an organization’s overall security posture, as well as significant operational cost savings. Autonomous SOCs orchestrate a blend of Agentic AI, Generative AI, machine learning, and workflow automation to seamlessly execute certain security operations tasks with minimal human involvement.Here are four ways Agentic AI helps lean security teams create a supercharged SOC that improves an organization’s defense against threats:- Real-time threat detection: Unlike SIEMs that rely on rule-based detection, which often leads to alert fatigue, Agentic AI ingests alerts from a wide variety of sources across the network, including cloud, network, endpoint, and identity systems, to automatically analyze and then only surface real threats that require action. It doesn’t just detect. It also acts, correlating related events with the rich context needed to neutralize and contain threats.
- Automated triage: Instead of requiring analysts to triage alerts manually, Agentic AI can prioritize incidents, investigate anomalies, and escalate threats intelligently. Think of it as a virtual Tier 1 analyst with the reasoning skills to handle prioritizing alerts and then escalating the most serious threats to the human analysts, complete with full environmental context around the threat.
- Adaptive, dynamic playbooks: Agentic AI promises to execute a multi-step response to blocking malicious traffic, isolating compromised endpoints, and initiating forensic data collection based on a real-time risk assessment. This allows for a more immediate response because agents won’t need an analyst to approve every alert.
- Continuous learning and optimization: Unlike static security tools, Agentic AI becomes more intelligent over time, learning from attack attempts, remediation steps, and analyst feedback to fine-tune its detection and response tactics. It also learns by continuously interacting with SOC analysts and learn patterns and actions.
