Emergent Agentic AI Defense

My two previous recent postings on AI covered “Agentic AI” and how that impacts cybersecurity (https://www.dhirubhai.net/pulse/software-become-agentic-security-lessons-we-need-learn-roger-grimes-glhge) and the eventual emergence of malicious agentic AI malware (https://www.dhirubhai.net/pulse/autonomous-agentic-ai-enabled-deepfake-social-malware-roger-grimes-gg3re).

Both of those articles started to touch on the idea of automated agentic AI defenses. This posting goes into a little more detail on what agentic AI defenses might mean.

It starts with agentic AI, which is a collection of automated programs (i.e., bots or agents) working toward a common goal. Agentic AI somewhat comes out of a machine learning concept known as a Mixture of Experts (https://www.datacamp.com/blog/mixture-of-experts-moe), which has been around for over 4 decades.

Instead of creating a single program that does a bunch of things, you create a team of separate cooperating experts who are more specialized and better at what they do.

For a real-world example allegory, think about how we build most houses and buildings. One person usually does not do it all. You have people who do the architecting, surveying, landscaping, creating the foundation, pouring concrete, building up the wooden or steel framing, people who put up the walls, windows, and roofing. You have separate people who do electrical, plumbing, drywall, flooring, and painting.

You usually have a general contractor or construction manager overseeing the whole thing. Each of these individual experts is likely better at what they do than if one person knew and tried to do it all. There are exceptions, of course, but in the grand scheme of things, most societies build their homes and buildings with teams of cooperating laborers who are each an expert in their field.

It is the same overall concept with agentic AI, but it is done using individual software components. Today’s software and services are usually made up of one central program/service that tries to do it all. There could be dozens to hundreds of files supporting that program, but they are all part of that program and could not function standalone. They are called with one executable launching point. And they all start and end execution based on the overall program starting and stopping.

The future of software and services is agentic AI – teams of cooperating AI programs. The various components, like building subcontractors, are experts at what they do and can function standalone. They take input from the construction manager (called the orchestrator agent in AI vernacular) and return expert output to achieve a common, larger goal.

I can do drywall and paint, but nearly any full-time contractor I hire can do it faster and better. It is the same with agentic AI. It is designed to do it faster and better than traditional software. And it is going to do it in a way that is new and different than traditional software and services.

Instead of you working in and using a software program or service to do something, that software or service will do more of what you used to do. You will instruct it with a typed or verbal prompt and the agentic AI will go off and do it. This is our future world.

When I’m building a home and a roofer, I’m not expected to take part in any part of the roofing. I tell the roofing company I need a roof of a certain type and standard, and they go about building the roof. They may ask me questions before they get started and along the way if needed, but for the most part, I’m just staring up at the people building my big, beautiful new roof, and it gets done. Same with agentic AI. It does most of the work after you give it instructions.

Imagine that you use Microsoft Excel to run your family budget. Right now, today, you create a budget spreadsheet and type in the numbers and formulas. You have to figure out how to make it all work. In an agentic AI world, you will ask Excel, “Create me a family budget based on my bank account and credit cards.” AI will do the rest. It will interface with your bank account, your credit cards, etc., using APIs, and do the rest. The budget it creates will be far, far more accurate than what you could have manually created.

“Do I spend that much on bottled water?”

It will automatically update itself based on your current and projected spending patterns.

You will see very similar trends in agentic AI for cybersecurity. For example, instead of using a product to help you patch your environment, you will type or ask, “Go patch my Windows, Linux, and Cisco devices, apply the patches 48 hours after vendor release, if there is no news of known significant operational interruptions from applying the patches. Test on our non-critical systems first, wait 24 hours for results, then apply to the rest of the impacted devices over two days.” Or, “Update security logs to detect and mitigate the new agentic malware program attacking our brand of building entry scanners.” You instruct and it does the work. More doing. More automated tasks.

Every major software and services vendor you are aware of, including KnowBe4, is all in on agentic AI. It is going to happen. Some are saying it’s two to four years away before our world is mostly agentic AI; others think it could be 10 years or more. Regardless of the timeline, it is coming.

Agentic AI-Enabled Cybersecurity Defenses

Last week, my article on AI (https://www.dhirubhai.net/pulse/autonomous-agentic-ai-enabled-deepfake-social-malware-roger-grimes-gg3re) talked about how bad actors would use agentic AI to do bad things. This article is a chance to discuss how the good actors will use agentic AI.

The good actors have been using AI for many years. KnowBe4 has been actively using AI in its products and services for over six years. We now have a whole range of AI agents (https://www.knowbe4.com/products/aida) working to make our products and services better and our customers safer. Our effort is only going to increase tenfold over the next few years.

We are not quite to a mature agentic AI defense yet, but it is coming. Pretty soon, every company’s cybersecurity defense will include dozens of agentic AI-enabled cybersecurity defenses. Whatever you used to do manually or separately will become agentic AI-enabled. The AI will do more, better, and faster.

Here is a list of potential agentic AI-enabled cyber defense agents I can think of off the top of my head:

·???????? Orchestrator Agent

·???????? Agent Update Agent

·???????? Inventory Agent

·???????? Log Configuration/Analysis

·???????? Authentication Analysis

·???????? Cryptography Analysis

·???????? Vulnerability Scanning

·???????? Patch Management

·???????? Pruning Agent

·???????? Configuration Management

·???????? Cybersecurity Training agents

·???????? Network Traffic Analysis

·???????? Malware Hunter

·???????? Threat Hunting

·???????? Anti-Denial-of-Service agents

·???????? News/Research Agent

·???????? Risk Management Analysis

·???????? Deception Technologies

·???????? Vendor Agentic AIs

Orchestrator Agent

This is the “construction manager” of the whole cabal. It gets handed the task, communicates with the necessary other agents, manages workload distribution, fires off a research agent when needed, and so on. I have heard it called other names, including Director agent. It is not only the existing agents as needed, but bringing in and taking out agents as needed. Perhaps you need a different flooring installer, as you decided to do vinyl flooring instead of carpet.

Agent Update Agent

One of the key features of agentic AI is its ability to self-govern and update itself as needed. Today, most cybersecurity defense programs update themselves maybe once a day at most. Most only update quarterly or less. Agentic AI is updating itself as needed, checking a thousand times a day to see what needs to change and making it happen.

Inventory Agent

You cannot have a good cybersecurity defense without having a great cybersecurity inventory, starting with an inventory of all the devices and their attributes (e.g., physical location, IP address, firmware version, OS, etc.), software they are running, users, groups, and access control permissions. An agentic AI-enabled inventory agent will be super-precise. Not only will it tell you what cryptography is running on each device and application, but it will also tell you what cryptographic algorithms can be run on the device or software and the maximum key sizes allowed. It will be better at finding services, including all the “shadow” IT, where people have started using AI and other IT services without letting anyone else, including IT, know about it.

Log Configuration/Analysis

This AI agent would correctly configure the logs of devices to meet the detection and alert goals of the organization. It would ensure that the appropriate logging is configured and continuous and do a better job of eradicating useless event message collection.

Authentication Analysis

This agent would analyze the various types of authentication used throughout the organization, identify scenarios that need remediation, and enable the appropriate level of authentication according to organization policy. It would be my greatest hope that scenarios requiring high security all use phishing-resistant multifactor authentication (MFA) or equivalent.

Cryptography Analysis

Nearly every device and product uses some sort of cryptography. It is the way the world functions. And every half-decade to decade, we have to update our hardware and software to the latest supported cryptography (e.g., DES to AES, SHA1 to SHA2 to SHA3, RSA and Diffie-Hellman to post-quantum cryptography, etc.). We will likely have an AI agent that inventories and keeps track of what products use what cryptographic algorithms and the involved key sizes, certificate expiration dates, and so on. This has long been a super-neglected focus in my IT environments. We need a dedicated agent to help us manage it. Hopefully, more of our software and hardware will become crypto-agile to make the management and operations easier for all involved.

Vulnerability Scanning

This AI agent will do vulnerability scanning on all software and hardware in your defined environment, create reports, and implement best-practice mitigations. It will heavily work with the patch management agent, but since zero-day vulnerabilities can be even more popular than non-zero-days, the idea is mitigation of the risk from the vulnerability, however that can best be accomplished.

Patch Management

Mandiant stated that 33% of successful data breaches involved the exploitation of a software or firmware vulnerability. Every company needs better patch management. This agent will take instructions from the vulnerability scanning agent and patch as directed. It will follow up after the patch to make sure the device, service, or app is still operational and that the patch was successful.

Pruning Agent

We are great at creating stuff but not at deleting stuff when it is no longer needed. All our IT environments end up with a ton of unneeded objects: user accounts, old devices, groups, files, folders, and data. The pruning agent would look for and remove unneeded objects and duplicates, according to organizational policy.

Configuration Management

Hackers love it when we inconsistently apply controls. Misconfigurations are a significant cause of successful data breaches (after social engineering and vulnerabilities). The configuration management agent would ensure that all systems are correctly configured according to organizational policy and IT definitions and remain that way. Frequent, periodic audits will be conducted to ensure that once something is securely configured, it remains that way. The configuration management agent will also look for overly permissive access control permissions and remove them.

Cybersecurity Training agents

Future training agents will know what training you have taken, what simulated phishing you have passed and failed, what risks are associated with you, and send you personal, focused training that is best for you.

Network Traffic Analysis

Most computers do not talk to most other computers.? Most servers do not talk to most computers. Most servers do not talk to all other servers. But it is something that happens when a hacker or malware has taken over a computer and is using it for a home base for an attack. Network traffic analysis agents will look at your network traffic and note abnormal situations. They will be able to spot malware “dialing home”, unauthorized large file caches getting ready to be sent elsewhere, unauthorized services, and malicious roaming agents.

Malware Hunter

This type of agent is basically your antivirus scanner and intrusion detection programs on steroids, not only recognizing previously unrecognized malware, but recognizing otherwise benign-looking scripts and legitimate tools being used by hackers to “live-off-the-land.”

Threat Hunting

This type of agent looks for malicious agentic AI agents and other signs and symptoms of hacking and unauthorized activity. Your threat hunting bots will be among your fiercest opponents against malicious agentic AI.

Note: For some reason, I cannot stop thinking about the long, multi-armed “viruses” from the Matrix, but these agents are not anything like that.

Anti-Denial-of-Service agents

We, of course, need an agent to detect and mitigate denial-of-service and other network-specific types of attacks.

News/Research Agent

We need an agent to keep up on the latest types of attacks and notify the orchestrator agent, so they can start to mitigate against those new attacks. What? Do you think we are going to have to keep up on the latest cybersecurity news every second?

Risk Management Analysis

Cybersecurity is all about business risk management. This agent will understand the business and how the various cybersecurity threats and modalities impact the risk to the business and feed that information to the orchestrator agent.

Deception Technologies

We need agents that fake being other assets, and when connected to by hackers and malware, notifies the orchestrator agent so something can be done. The deception technology agent will understand what assets need to be simulated, what fake services and ports to offer, where they need to be placed, and what unauthorized event creates an alert that needs to be responded to.

Backup Agents

The backup agents would ensure that all critical assets are being appropriately backed up in a timely manner, manage the number of backups, and protect against unauthorized access or modification.

Vendor Agentic AIs

Lastly, this is a placeholder for every product and service you buy. KnowBe4’s agentic AI products and services would go here. Your intrusion detection vendor would go here. Your network router vendor’s products would go here, and so on.

In trying to envision an agentic AI cybersecurity defense, just take whatever services are currently provided by your existing traditional infrastructure, make it autonomous, make it better, and speed up its learning curve. ?

Which agentic AI defenses am I missing?

Maybe none of this will happen, but it seems like a natural evolution of where we are today, and the future technologies already being developed.

Will Organizations Actually Allow Agentic AI Into Their Environments?

I had a good discussion with a friend who rightly argued that a lot of environments would not willingly allow agentic AI into their organizations to do critical operations. He imagined the trust an agentic AI would need to be given (i.e., root/administrator access) and told to go do some critical management thing (like patch servers, respond to a threat, etc.). He was worried about CrowdStrike-like scenarios where the AI agents did something unintended (because you can never test what an agentic AI will do or not do in all environments), and cause significant operational issues. In his thinking, the risk of using agentic AI to do critical operations is too much of a risk and would not be used by most organizations.

I do think there will be cases where agentic AI does cause severe service interruption (just like traditional software sometimes causes today). I just do not think you can stop the coming wave of agentic AI. Every software developer is moving to that model. Over time, you simply cannot use a service or buy a product that will not be agentic AI.

It reminds me of the cloud. Two to three decades ago, the publication I wrote for 15 years, InfoWorld, saw the future of cloud computing. They called it SaaS (software as a service). When I would go speak about SaaS in my presentations, I would always have people come up to me afterwards and say that their company or organization would NEVER go to the cloud. Their data was too valuable and private to trust to the cloud. Their on-premise (we did not even have that word at the time) software and services had features and functionality that the cloud could not mimic, and so on.

I responded that once their CEO learned they could get nearly the same service in the cloud for $12 per month per user, get nearly the same functionality, and not have to buy hardware and pay a team of people to support that hardware and software, that the decision of whether to go to the cloud or not would be taken out of their hands. And that is exactly what happened.

Today, if you want the very best software functionality, you must accept and buy a cloud product. There are fewer and fewer on-premise software programs that do not run from the cloud. Pretty soon, your whole OS is going to be in the cloud. All your applications are going to run from the cloud. And by extension, pretty soon, your whole OS and all your applications are going to be agentic AI.

This is not a guess. This is what is already underway. It is just a matter of time.

Here is just the latest sign that agentic AI is on its way: https://www.reuters.com/technology/artificial-intelligence/amazons-aws-forms-new-group-focused-agentic-ai-2025-03-04/.

So, while I understand some people are rightfully wary of agentic AI, it is the future. You cannot stop it.

The best you can do is to be made aware of it, educate yourself and whoever else is making purchase decisions, and start thinking about when and where you will start deploying it in your environment.

Closing Statement

Repeating from my previous recent articles on agentic AI, we are going to live in a world of good and bad agentic AI. The bad actors are going to use malicious agentic AI to break into places and accomplish bad things. Cybersecurity defenders are going to launch and use good agentic AI to stop them, and the best algorithms will win.

And for the first time, I really think the defenders are in a good place to actually come out on top of this battle. The good actors have been using and developing AI a lot longer than the bad actors. In fact, for once, the bad actors are the ones following the good actors. It is not like the bad actors are developing something in AI and the good actors are having to respond. No, in almost every case, the good actors developed something in AI and used it before the bad actors saw it and started figuring out ways to use it maliciously.

For the first time in my over 36-year career, I have hope for the good actors to finally defeat the bad actors. Let’s just hope we write the best algorithms.