From automation to agency: The next leap in cyber defense

As AI becomes the weapon of choice for cybercriminals, defenders must rethink their own approach to artificial intelligence. Automation alone is no longer enough. The future lies in agentic AI—intelligent systems capable of planning, learning, adapting, and acting on behalf of human operators.

This article explores the next evolution of Managed Detection and Response (MDR), where agentic AI augments human analysts, enhances SOC performance, and paves the way for autonomous decision-making.

Drawing on insights from eSentire CTO Dustin Hillard, we examine how this emerging capability is reshaping MDR today—and what must change culturally and operationally to make the most of it.

The limitations of reactive automation

Today’s security platforms often lean on automation to reduce human workload—streamlining repetitive tasks like alert triage, correlation, and initial response. While useful, this model is inherently reactive, relying on predefined rules and linear workflows.

But attackers are evolving faster. With AI-powered adversaries launching dynamic, multi-vector campaigns, defenders need tools that can think ahead, not just react faster.

Enter agentic AI: What it is and why it matters

Agentic AI moves beyond scripts and playbooks. It embodies a system’s ability to:

As Hillard explains, “It’s not about doing less or cutting costs—it’s about doing much more in the same short timeframes, and increasing the human-level value we can deliver at speed.”

Inside the SOC: How Agentic AI Enhances MDR

In eSentire’s MDR platform, agentic AI has already begun transforming key phases of the detection and response lifecycle:

1. Accelerated Investigation

Instead of waiting on an analyst to collect evidence across multiple systems, the agent gathers and synthesizes data from dozens of sources in seconds. On average, eSentire’s agent performs 30 investigative steps in under 10 minutes—the equivalent of 3–5 hours of human analysis.

2. Augmented Threat Detection

The system can generate and evaluate multiple hypotheses in parallel, improving signal fidelity and reducing time-to-decision. Analysts aren’t just handed raw alerts—they receive fully contextualized scenarios backed by evidence.

3. Contextualized Response

Rather than rigid playbooks, the agent adapts its response based on observed behaviors, threat intelligence, and organizational context. This enables faster, more precise actions to contain threats before they escalate.

Beyond the SOC: The rise of advisory agents

Hillard envisions a future where agentic AI extends beyond incident response into broader cyber risk advisory roles. Imagine a virtual teammate that synthesizes vulnerabilities, threat trends, and business risk factors to proactively recommend strategic security improvements.

These systems could help organizations:

This isn’t theoretical. These use cases are already in early development across platforms like eSentire’s, which aim to evolve from detection partners to proactive risk advisors.

What it takes: Shifts in culture, ops, and architecture

To harness the full potential of agentic AI, security organizations must embrace three key shifts:

Cultural shift: From control to collaboration

Trust in automation must give way to partnership with intelligent systems. SOC teams need to view agentic AI not as a threat to their jobs, but as a force multiplier that frees them to focus on high-value decision-making.

Operational shift: From playbooks to problem solving

Security operations must move beyond static workflows to embrace dynamic, hypothesis-driven investigation. Analysts become reviewers, validators, and strategists, working alongside AI to accelerate resolution.

Architectural shift: From silos to integrated intelligence

Legacy systems weren’t designed for agentic integration. Organizations need data-rich platforms that support real-time ingestion, cross-domain analysis, and rapid action—without manual handoffs or delays.

Looking ahead: AI teammates, not just tools

Agentic AI is not a futuristic fantasy—it’s already reshaping how MDR providers like eSentire deliver security outcomes. But unlocking its full promise requires more than better algorithms. It demands a reimagining of how humans and machines collaborate in the fight against cyber threats.

In the coming years, expect to see a shift from co-pilots to autonomous teammates—AI systems that don’t just assist, but advise, adapt, and act with unprecedented speed and intelligence. For defenders, this represents a generational leap in capability—and a crucial advantage in the escalating arms race of cyber warfare.