Security Operations, AI/ML, AI benefits/risks, SOC

How AI agents can end security’s cycle of toil

AI workflow automation concept. artificial intelligence software, Businessman uses AI Agent with Coding flow process technology, interface nodes triggers data tools

COMMENTARY: Today’s security engineers are frequently buried under a mountain of tickets, alerts and patches. They’re overwhelmed, and not because the work is too complex, but because they’re snowed under by the sheer volume of toil as compliance updates, false positives and vulnerability disclosures add to an ever-growing pile. As a result, security teams more often spend their time firefighting instead of fortifying

But a shift is underway. The rise of AI agents that can take inputs, interpret and act on them is beginning to relieve the daily grind. The repetitive, low-level work trapping teams in a cycle of toil is being reduced.

This isn’t a hypothetical. It’s happening right now.

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

When automation learns to think

The idea of automation in security isn’t new. Scripts, workflows and rules to speed up tasks have been talked about for years, but these approaches are limited to only what the user tells them and nothing more.

AI agents change the game by learning from context and adapting to patterns. In security operations, that could be the difference between a human manually triaging alerts and an AI agent detecting, classifying and resolving them in real-time. Tasks that used to take hours can now be completed in minutes and without the need for constant human oversight.

For example, consider how AI agents can be used to identify and block reconnaissance attempts on target systems. Previously, this would have triggered a chain of manual steps: analysts reviewing logs, engineers pushing updates and compliance teams documenting everything. An AI agent can undergo this process in seconds, rapidly resolving an incident by detecting malicious activity linked to known threat campaigns, blocking the activity across environments and recording actions for audit purposes.

When properly configured, AI agents can reduce noise, improve signal quality and slice through the flood of false positives that burn out security teams. Teams can benefit from both mean time to acknowledge (MTTA) and mean time to resolve (MTTR) metrics dropping dramatically.

Another area ripe for revolution with AI agents is compliance. Maintaining certifications, documenting controls and tracking daily changes are among the most resource-intensive parts of the day-to-day for security teams. AI agents can continuously monitor configurations, flag significant deviations and ensure changes are properly logged, saving a raft of manual effort and reducing human error.

A measured path to autonomy

Adoption of any new technology comes with risk. Allowing AI agents to make autonomous decisions in security operations, such as isolating endpoints, escalating alerts, or initiating containment measures, raises questions about identity, privilege and oversight. Their access to data and systems must be carefully tiered: sufficient to execute defined tasks effectively, but not so broad that it introduces new vulnerabilities or potential exploitation points for attackers.

Each AI agent will need its own identity within an organization's access management system so that its actions can be traced and verified. Privileges must be carefully scoped and monitored in real-time, and because agents operate continuously, the volume of activity they generate will dwarf that of human users, creating fresh challenges in log management and monitoring.

These aren’t necessarily reasons to avoid AI, but reasons enough to approach adoption and deployment methodically and with the same rigor applied to any security control.

The key to success is starting small and scaling deliberately. Organizations that try to automate everything on day one risk chaos. Instead, treat AI adoption as a maturity journey and begin with the predictable, low-risk processes that are already governed by playbooks.

Here’s a practical checklist to guide that journey:

  1. Identify repeatable pain points. Focus on the tasks that follow consistent procedures: patching, triage, vulnerability scanning, compliance reporting.
  2. Codify your playbooks. Before turning anything over to AI, ensure the human process is well documented and reliable.
  3. Assign identities and permissions. Give each AI agent its own identity and limit access privileges to what’s necessary.
  4. Monitor relentlessly. Log and review actions. Build dashboards to visualize AI agent activity and catch anomalies early.
  5. Start passively. Let AI agents observe, classify and suggest actions before granting full autonomy.
  6. Iterate and expand. As confidence grows, move from low-impact to higher-sensitivity operations.
  7. Educate your teams. Ensure engineers and analysts understand how the agents work, how to audit them and when to intervene.

A staggered approach balances innovation with control, allowing teams to scale the use of AI agents responsibly without compromising trust or visibility.

Looking ahead

Attackers aren’t waiting. They’re already using AI to probe defenses faster, mimic humans and generate code that mutates dynamically from one endpoint to another. Defenders can’t meet that challenge with manual tools alone. Autonomous systems capable of learning and acting at machine speed will be essential.

The near future of security will be hybrid where humans are focused on creativity and judgment while AI agents handle the toil. As confidence grows, those agents will move deeper into compliance, detection and even response workflows.

This won’t be an overnight transformation, and nor should it be. But if organizations design, govern and monitor these systems thoughtfully, AI can finally release security professionals from the cycle of endless reaction, freeing them to focus on protecting the business.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.
Pritesh Parekh

Pritesh Parekh is Chief Information Security Officer at PagerDuty.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds