{"id":4415,"date":"2025-08-18T07:00:00","date_gmt":"2025-08-18T07:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=4415"},"modified":"2025-08-18T07:00:00","modified_gmt":"2025-08-18T07:00:00","slug":"agentic-ai-promises-a-cybersecurity-revolution-with-asterisks","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=4415","title":{"rendered":"Agentic AI promises a cybersecurity revolution \u2014 with asterisks"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

The hottest topic at this year\u2019s Black Hat and DEF CON conferences<\/a> was the meteoric emergence of artificial intelligence tools for both cyber adversaries and defenders, particularly the use of agentic AI<\/a> to strengthen cybersecurity programs.<\/p>\n

Although cyber defenders have relied on AI-like machine learning tools to automate tasks and find bugs for nearly 20 years, a new batch of AI systems and agentic AI tools powered by large language models (LLMs) has only recently burst onto the scene.<\/p>\n

[ Related: <\/strong>Agentic AI \u2013 Ongoing news and insights<\/strong><\/a> ]<\/strong><\/h5>\n

\u201cIt\u2019s been described as a Cambrian explosion,\u201d Jimmy Mesta, founder and CTO at RAD Security, tells CSO. \u201cIt\u2019s not just an evolution. It\u2019s a spawning of a new way we do work and even live in a lot of ways, beyond security. There\u2019s never been anything like it.\u201d<\/p>\n

Experts say that while AI agents carry security risks<\/a>, sometimes down to the semiconductor level<\/a>, they also offer opportunities to automate tedious tasks to free up scarce security professionals to tackle bigger problems in a force multiplier effect. But they also warn that CISOs should proceed with caution and protect their organizations and data<\/a> before allowing AI agents to roam autonomously through their networks.<\/p>\n

What are AI agents?<\/h2>\n

Although artificial intelligence is now understood across society due to popular chatbots such as ChatGPT, agentic AI has yet to emerge with a commonly understood definition. IBM defines<\/a> AI agents generically as \u201ca system that autonomously performs tasks by designing workflows with available tools.\u201d<\/p>\n

But on a practical level, the definition of agentic AI is harder to pin down<\/a> \u2014 and remains in flux. \u201cWhat\u2019s agentic AI?\u201d Mesta asks. \u201cIs it different than an LLM? Is it a chat interface? And I think the answer is, it\u2019s not as definitive as maybe we would like because it does seem like everyone has a different definition.\u201d<\/p>\n

Most experts agree, however, that AI agents are self-contained code modules that can direct actions independently. Andres Riancho, cybersecurity researcher at Wiz, tells CSO, \u201cThe basic concept is that you are going to have an LLM that can decide to perform a task, that is then going to be executed through most likely an MCP,\u201d or Model Context Protocol<\/a> server, which acts as a bridge<\/a> between AI models and various external tools and services.<\/p>\n

Ben Seri, co-founder and CTO of Zafran Security, draws a parallel between the rise of AI agents and the rise of generative AI itself. \u201cThese are the tools that would enable this LLM to act like an analyst, like a mediator, like something of that nature,\u201d he tells CSO. \u201cIt\u2019s not that different in a way from generative AI where it started, where it\u2019s a machine, you can give it a question, and it can give you an answer, but the difference is now it\u2019s a process. It\u2019s when you are taking an AI and LLM and you\u2019re giving it agency or ability to perform some actions on its own.\u201d<\/p>\n

Trust, transparency, and moving slowly are crucial<\/h2>\n

Like all technologies, and perhaps more dramatically than most, agentic AI carries both risks<\/a> and benefits. One obvious risk of AI agents is that, like most LLM models, they will hallucinate or make errors that could cause problems.<\/p>\n

\u201cIf you want to remove or give agency to a platform tool to make decisions on your behalf, you have to gain a lot of trust in the system to make sure that it is acting in your best interest,\u201d Seri says. \u201cIt can hallucinate, and you have to be vigilant in maintaining a chain of evidence between a conclusion that the system gave you and where it came from.\u201d<\/p>\n

Together with supply chain knowledge, it\u2019s crucial to have transparency when using agentic AI technologies. \u201cWe emphasize that transparency is a big part of this,\u201d Ian Riopel, CEO and co-founder of Root.io, tells CSO. \u201cEverything that we publish or that gets shipped to our customers, they can go in and see the source code. They need to be able to see what\u2019s changed and understand it. Security through obscurity is not a great approach.\u201d<\/p>\n

Another risk is that in the frenzied rush to incorporate AI agents, organizations might overlook fundamental security concerns<\/a>.<\/p>\n

\u201cIt\u2019s new technology and people are moving fast to ship it and to innovate and to make new things,\u201d Hillai Ben-Sasson<\/a>, cloud security researcher at Wiz, says. \u201cEveryone\u2019s creating MCP servers for their services to have AI interact with them. But an MCP at the end of the day is the same thing as an API. [Don\u2019t make] all the same mistakes that people made when they started creating APIs ten years ago. All these authentication problems and tokens, everything that\u2019s just API security.\u201d<\/p>\n

Agentic AI can be a game-changer<\/h2>\n

Despite what many consider to be hype<\/a> surrounding the advent of AI, experts say that if implemented with deliberateness and due diligence, the benefits of AI agents are game-changing for cybersecurity.<\/p>\n

AI agents are \u201cthe future,\u201d Wiz\u2019s Ben-Sasson says. \u201cHowever, given that the current stage of AI development is still immature, AI agents might, like a junior engineer, make a lot of mistakes. That\u2019s why we have different permission sets. That\u2019s why we have guardrails and so on.\u201d<\/p>\n

The real benefit of AI agents is that they can tackle the boring but necessary tasks of cybersecurity to free up talent to take on more complex tasks, thereby accelerating security programs and becoming a workforce multiplier.<\/p>\n

\u201cWe did a bake-off of gen three of some of our agents against one of our best security researchers to create a backported patch for a critical vulnerability on a very popular piece of open-source software,\u201d Root.io\u2019s Riopel says. \u201cAnd that researcher took eight days to create a patch that otherwise wasn\u2019t available. It required modifying 17 different snippets of code across three different software commits. The AI agents did it in under 15 minutes. When you think about that, that\u2019s not 10x multiplier, it\u2019s 1,000x.\u201d<\/p>\n

Force multiplication means skill set shifts, not job losses<\/h2>\n

Despite the potential for cutting out tasks that many security analysts perform today, agentic AI will likely not reduce the size of the current cybersecurity workforce<\/a>. \u201cNo one\u2019s getting fired in lieu of agents,\u201d Riopel says.<\/p>\n

\u201cI think we are going through a skill set shift, and I wouldn\u2019t call it an all-out replacement,\u201d RAD Security\u2019s Mesta says. \u201cWhat AI is going to do is impact the kind of lower-level paper shuffling style jobs where I had a CSV report, I\u2019m going to put it in Excel, and I\u2019m going to create a ticket,\u201d Mesta adds.<\/p>\n

But, he says, \u201cit will unlock extreme productivity for security teams for those who know how to use it, which is, I think, the big asterisk. If you\u2019re anti-AI and that\u2019s not a skill you think should be in your toolbox, it\u2019s going to be challenging going forward to maintain the same level of job seniority you have now.\u201d<\/p>\n

Zafran Security\u2019s Seri thinks it\u2019s wrong to say that the advent of AI agents means we will now need fewer cybersecurity experts. \u201cWe will need more of them,\u201d he says. \u201cThere is an opportunity with these tools to automate and to make your life easier, but it\u2019s not to replace the expertise that people accumulate over time.\u201d<\/p>\n

How CISOs should proceed in deploying AI agents<\/h2>\n

All experts say that the deployment of AI agents inside organizations is a done deal and will arrive faster than any other technology shift, including the adoption of cloud computing. \u201cThis train has not only left the station; it\u2019s a bullet train,\u201d Mesta says. \u201cIt\u2019s like the fastest train ever made.\u201d<\/p>\n

CISOs need to immediately strap in and grapple with the implications of a technology that they do not always fully control, if for no other reason than their team members will likely turn to AI platforms to develop their security solutions. \u201cSaying no doesn\u2019t work. You have to say yes with guardrails,\u201d says Mesta.<\/p>\n

At this still nascent stage of agentic AI, CISOs should ask questions, Riopel says. But he stresses that the main \u201cquestion you should be asking is: How can I force multiply the output or the effectiveness of my team in a very short period of time? And by a short period of time, it\u2019s not months; it should be days. That is the type of return that our customers, even in enterprise-type environments, are seeing.\u201d<\/p>\n

Not everyone agrees that pursuing compressed timeframes is the right strategy. \u201cIn many cases, from the CISO perspective, the takeaway here is that the agentic AI services that they are using are still immature,\u201d Wiz\u2019s Riancho says. \u201cIt\u2019s still an immature industry. We need years of security improvements to make sure that everything is more stable and secure for companies and end users.\u201d<\/p>\n

But Riancho also thinks CISOs should be asking a lot of questions now. \u201cI would ask difficult questions. So, before actually connecting an agent to my endpoint devices, to my infrastructure, to my SOC, to anything, ask the difficult question: Which actions are going to be performed by these agents?\u201d<\/p>\n

One critical question that CISOs should be asking is what happens to their organizations\u2019 information once it has been fed into any given vendor\u2019s agentic AI product.<\/p>\n

\u201cI don\u2019t want my data to go to other vendors like OpenAI or Anthropic or anybody else that is not the security vendor,\u201d Zafran Security\u2019s Seri says. \u201cThis is fundamental: Make sure that the data that you are sharing is not driving around the world and seeing the sights.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

The hottest topic at this year\u2019s Black Hat and DEF CON conferences was the meteoric emergence of artificial intelligence tools for both cyber adversaries and defenders, particularly the use of agentic AI to strengthen cybersecurity programs. Although cyber defenders have relied on AI-like machine learning tools to automate tasks and find bugs for nearly 20 […]<\/p>\n","protected":false},"author":0,"featured_media":4404,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-4415","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4415"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4415"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4415\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/4404"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4415"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4415"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4415"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}