As cybersecurity threats become faster, more complex, and more automated, the old guard of security operations—alert systems and human-only response teams—is no longer enough. Enter agentic AI: intelligent, role-specific software agents that work alongside human analysts to accelerate threat detection and response.
In my interview with Steve Wilson, Chief AI Officer at Exabeam, he explores how AI agents are transforming the cybersecurity landscape. Wilson unpacks not only the technical and operational benefits of agentic AI, but also the challenges—including hallucinations, prompt injection, and even the risk of rogue agents—offering a grounded look at where we are and where we’re headed.
Key Points: Current Risks, Future Potential
Traditional AI in Cybersecurity Is No Longer Sufficient
AI has historically been used in cybersecurity to detect anomalies and respond to alerts, but the sheer volume of both true and false positives now overwhelms human analysts. The next evolution is AI agents that perform first-level investigations autonomously before handing off to humans.
AI Agents Boost Productivity but Must Be Contained
Modern cybersecurity agents at Exabeam are role-specific, context-limited, and operate within strict security boundaries. This containment ensures that while they operate quickly and intelligently, they don’t overstep or become vulnerable to misuse.
AI-on-AI Architectures Are Emerging
Exabeam uses layered AI systems: one AI identifies potential threats, another investigates, and others manage interactions. This multi-layered architecture allows for real-time, dynamic responses —customized minute-by-minute—without human bottlenecks.
The Future Brings Both Opportunity and Risk
As AI agents become faster and more autonomous, organizations will need to adapt not just their technology stacks but also their managerial approaches. These agents can be hacked, misled, or malfunction, meaning agent oversight and AI-specific defenses will become as critical as traditional cybersecurity measures.
Key Quotes: “managing agents is like managing very fast but junior employees…”
Agents handle the first layer
“The thing cybersecurity teams need to do is detect problems—but they’ve gotten too good at it. There are too many problems, both real and false. Even when you filter the noise, humans still have to investigate, and that’s incredibly hard. That’s where agents come in—doing the first layer of investigation before the human sees it. Early feedback says it’s three to five times faster than traditional workflows.”
Special-purpose agents
“We’re not building general-purpose bots like ChatGPT. We’re using that core technology to create special-purpose agents focused on one thing: investigating cybersecurity incidents. They’re created the moment a case appears, filled only with relevant case data, and can’t be tricked into sharing anything else. This lets the human and the AI work together—a true human-in-the-loop.”
Managing Agents
“AI agents can hallucinate, get tricked with prompt injections, and behave in ways you didn’t expect—not because they’re evil, but because they don’t know better. That’s why managing agents is like managing very fast but junior employees. You need to explain clearly, check their work, and keep them on task—otherwise they’ll go off and do the wrong thing at scale.”
Agentic Defense Layer
“We’re entering a world where agents aren’t just helping with cybersecurity—they’re becoming insider threats themselves. You can’t rely on humans alone to police AI agents—they’re not fast enough. We’ll need a whole new layer of agentic defenses to monitor, audit, and control what these agents are doing, because the next cybersecurity battlefield will be bots versus bots.”
