.jpg?width=300&height=225&name=Evangelists-Martin%20Kraemer%20(1).jpg)
At the Milken Conference in May 2026, Robert F. Smith, founder and CEO of Vista Equity Partners, described a shift that every security leader should hear. Software, he said, has moved through three states: product, then service and now worker. "That agent, that software, actually does work." Companies that do not make the transition to software as a worker, he was blunt, risk being disintermediated entirely. He is not only right because organizations risk falling behind the competition as Al increases efficiency, but also because agentic systems have the potential to address systemic challenges many organizations are facing today.
Why Cybersecurity Needs Agents Now
Security teams are being asked to do more, with less, in environments that are harder to see. Four problems persist in cybersecurity, and Al agents have the capability to address some of these issues.
- The workforce shortage cannot be solved by hiring. ISC2 estimates a global shortfall of 4.8 million cybersecurity professionals. An agent that triages alerts, correlates telemetry and drafts incident summaries does not replace those people, but it increases efficiency.
- The defensive asymmetry is structural. Attackers probe at machine speed. Defenders monitor millions of events manually and respond in hours or days. An agent that detects, correlates and contains at machine speed changes that.
- Limited budgets force most security teams to choose between capabilities. An agent working across multiple domains in parallel changes what a small team can cover.
- System complexity has grown beyond what manual processes can govern. A modern enterprise runs thousands of endpoints, dozens of cloud services, hundreds of SaaS applications and an expanding mesh of APIs. An agent can monitor across that surface simultaneously.
For decades, the security equation has favored attackers. Attackers need to succeed once. Defenders need to succeed every time. Attackers don't need to move fast, they just need to get it right. Yet, they are using Al to orchestrate their attacks at scale and pace. Al agents, deployed correctly, give defenders the opportunity to move faster, operate at machine speed, without needing to sleep. A real opportunity to cover the attackers.
What Is an Al Agent?
First things first. At its core, an Al agent combines four components:
| Component | Role |
|---|---|
| LLM | Reasoning engine |
| Tools | The ability to act — query databases, call APIs, run scripts, search the web |
| Memory | Context retained across steps |
| Planning | Breaking a goal into a sequence of actions, adjusting based on observations |
The most common implementation pattern is the ReAct framework - Reasoning and Acting in an interleaved loop: Think, Act, Observe, Repeat. The agent reasons about what to do, invokes a tool, reads the result, and continues until the goal is achieved.
Modern LLM APIs support this pattern natively through function calling, and the agent's reasoning is visible at each step a property that matters for security governance.
What makes an agent different from a script or automation rule is that the reasoning is not pre-defined. The agent evaluates the situation at each step and decides what to do next. A script does what it was written to do while an agent works out what to do. That distinction is what makes them so powerful.
What Are Agentic Systems?
A single agent is powerful. A coordinated system of agents is a different proposition.
Agentic systems allow agents to spawn, coordinate with and delegate to other agents. An orchestrating agent receives a high-level goal, breaks it into subtasks,and assigns each to a specialist agent with the appropriate tools and scope. This mirrors how security operations work at scale: a CISO does not personally run every packet capture. They direct a team with defined roles and escalation paths.
Three architectures matter for cybersecurity:
- Linear pipelines: work passes sequentially from one agent to the next. Auditable and easier to govern.
- Hierarchical orchestration: a coordinator delegates to specialist subagents and synthesises their outputs. Powerful for complex tasks, but introduces the risk of intent drift: a subagent far down the chain takes actions the originating human never intended.
- Peer-to-peer collaboration: agents query and task each other dynamically. This is where the full power of agentic systems becomes visible and where governance is essential.
Another design choice is the level of autonomy and agency that agents are allowed to exercise. At one end: a copilot that suggests actions for a human to approve. At the other: a fully autonomous agent that acts, delegates and adapts without human checkpoints. Different agents have different capabilities that offer different value.
Martin's Top 3 Applications for Al Agents in Cybersecurity
The real strength of agentic systems is connecting formerly disjointed security functions at machine speed. Here is my list of three applications that I think produce the most consequential security outcomes.
1. Agentic Security Orchestration, Automation and Response
Playbooks that are fully automated and dynamically adjusted through intelligence provided by human operators.
Traditional SOAR tools rely on static playbooks, fixed workflows and constant upkeep that cannot keep pace with Al-driven attacks. An agentic SOAR replaces that rigidity with an orchestration layer that coordinates specialist agents across prevention, detection, investigation and response. The agentic system inherits context from each step and determining the next action in real time.
An agentic SOAR reasons about what it finds. An incident that begins as a credential anomaly can trigger a lateral movement investigation, a forensic collection, a containment action and a stakeholder notification. This happens simultaneously, with every part handled by an agent with the right tools and the right scope, all controlled by an analyst.
IBM's 2025 breach data shows organizations with Al-driven detection and response reduced breach costs by an average of $2.2 million compared with those that did not. Human operators set the missions, define the guardrails and hold the kill switch. The agents execute.
2. Joining Forces Between the Infosec Department and Your Digital Workforce
Where agency and secure actions become visible features of human and Al agent behavior, an agentic system enables effective security governance.
For two decades, security teams have invested in securing the human element. Personal, relevant, and timely training, awareness and behavioral analytics. Al agents now work alongside human agents, and the challenges translate directly. The agent reads emails, makes decisions, takes action and can be manipulated through its inputs in ways that mirror social engineering.
On the agent side, governance cannot rely on socialization. Building security culture does not work the same. What humans absorb through culture and institutional identity, agents must receive through structure: permissions, immutable logs, action gates.
On the human side, the security awareness program has to cover the new risks: prompt injection as a social engineering vector, the risks of over-trusting agent output and the obligation to escalate when something the agent does does not make sense. A new unified layer that allows organizations to govern human and Al secure decision making and behavior is required.
3. Continuous Threat Exposure Management
Where an agent continuously maps the attack surface, prioritizes findings by real-world exploitability and closes the loop between discovery and remediation.
Vulnerability management in most organizations runs on a cycle: scan, report, ticket, patch, repeat. Attackers measure their window in hours. A threat exposure agent compresses that cycle by running continuously, correlating discovered exposures against live threat intelligence feeds, and reasoning about exploitability in the specific context of the organization's environment rather than against a generic CVSS score.
The March 2025 McKinsey Lilli breach — where an adversarial agent compromised millions of chat records through a single SQL injection in an Al platform used by 43,000 employees — is a case study in what happens when this layer is not in place. See the full technical breakdown here.
When the agent does find something, it prioritises by what attackers are actually exploiting today, links to the relevant patch, and tracks remediation to closure.
What Is an Agentic Organization?
My top three use cases highlight what agents can do for an organization, but how should your organization be structured to accommodate these new capabilities?
An agentic organization is one where Al agents are not isolated tools but operational participants. They run alongside human employees, handle defined workflows, and are accountable to governance structures that span both layers.
Gartner forecasts that 40% of enterprise applications will embed task-specific Al agents by 2026, up from less than 5% in 2025. A PwC survey found 79% of executives already report using agents in their organization. Most of those deployments happened without a governance framework in place.
The transition to an agentic organization is primarily a governance challenge. Security culture, accountability structures and oversight mechanisms that work for human employees do not automatically carry over to agents. Agents cannot be socialized. They have no persistent identity to which norms can attach. That's why governance has to be engineered, not assumed.
Concluding Thoughts
The security equation has favoured attackers for decades, and while Al agents do not guarantee that changes, they are the first development in a generation that makes it structurally possible. The organizations that build agentic cybersecurity are the ones that will keep pace with adversaries operating at machine speed.
