News

How Security Teams Can Scale Safely With Agentic AI

  • Quentin Rhoads-Herrera--securityboulevard.com
  • published date: 2025-06-10 00:00:00 UTC

None

<p data-ccp-border-bottom="0px none #000000" data-ccp-padding-bottom="0px" data-ccp-border-between="0px none #000000" data-ccp-padding-between="0px"><span data-contrast="auto">I’ve seen firsthand how quickly cybersecurity can evolve. The scope grows with every new platform, integration and compliance requirement. Threats move faster, data multiplies and expectations continue to rise, even when teams stay the same size.</span><span data-ccp-props='{"335559737":1440,"335572071":0,"335572072":0,"335572073":0,"335572075":0,"335572076":0,"335572077":0,"335572079":0,"335572080":0,"335572081":0,"335572083":0,"335572084":0,"335572085":0,"335572087":0,"335572088":0,"335572089":0,"469789798":"nil","469789802":"nil","469789806":"nil","469789810":"nil","469789814":"nil"}'> </span></p><p data-ccp-border-bottom="0px none #000000" data-ccp-padding-bottom="0px" data-ccp-border-between="0px none #000000" data-ccp-padding-between="0px"><span data-contrast="auto">That pressure surfaces in slower investigations, growing backlogs and decisions made with limited context.</span><span data-ccp-props='{"335559737":1440,"335572071":0,"335572072":0,"335572073":0,"335572075":0,"335572076":0,"335572077":0,"335572079":0,"335572080":0,"335572081":0,"335572083":0,"335572084":0,"335572085":0,"335572087":0,"335572088":0,"335572089":0,"469789798":"nil","469789802":"nil","469789806":"nil","469789810":"nil","469789814":"nil"}'> </span></p><p data-ccp-border-bottom="0px none #000000" data-ccp-padding-bottom="0px" data-ccp-border-between="0px none #000000" data-ccp-padding-between="0px"><span data-contrast="auto"><a href="https://securityboulevard.com/2025/04/agentic-ai-cybersecurity-a-powerful-partnership/" target="_blank" rel="noopener">Agentic AI has emerged as a strategy</a> to address these pain points. These systems are designed to handle structured, repeatable tasks autonomously, relieving the burden on human employees. They analyze logs, detect patterns, summarize vulnerabilities and generate reports — activities that once required hours of human attention. For organizations stretched thin, the ability to automate at scale presents real appeal.</span><span data-ccp-props='{"335559737":1440,"335572071":0,"335572072":0,"335572073":0,"335572075":0,"335572076":0,"335572077":0,"335572079":0,"335572080":0,"335572081":0,"335572083":0,"335572084":0,"335572085":0,"335572087":0,"335572088":0,"335572089":0,"469789798":"nil","469789802":"nil","469789806":"nil","469789810":"nil","469789814":"nil"}'> </span></p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwyXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> <div class="ai-rotate-option" style="visibility: hidden; position: absolute; top: 0; left: 0; width: 100%; height: 100%;" data-index="1" data-name="QVdTIEh1Yg==" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://devops.com/builder-community-hub/?ref=in-article-ad-1&amp;utm_source=do&amp;utm_medium=referral&amp;utm_campaign=in-article-ad-1" target="_blank"><img src="https://devops.com/wp-content/uploads/2024/10/Gradient-1.png" alt="AWS Hub"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><p data-ccp-border-bottom="0px none #000000" data-ccp-padding-bottom="0px" data-ccp-border-between="0px none #000000" data-ccp-padding-between="0px"><span data-contrast="auto">Scale only works when it’s accompanied by structure. Teams must define exactly what each system is responsible for, limit what it can access and build in the visibility they need to monitor its behavior. Poor scoping, excessive permissions, or lack of visibility can lead to systems taking the wrong actions or making decisions that are difficult to trace.</span><span data-ccp-props='{"335559737":1440,"335572071":0,"335572072":0,"335572073":0,"335572075":0,"335572076":0,"335572077":0,"335572079":0,"335572080":0,"335572081":0,"335572083":0,"335572084":0,"335572085":0,"335572087":0,"335572088":0,"335572089":0,"469789798":"nil","469789802":"nil","469789806":"nil","469789810":"nil","469789814":"nil"}'> </span></p><p data-ccp-border-bottom="0px none #000000" data-ccp-padding-bottom="0px" data-ccp-border-between="0px none #000000" data-ccp-padding-between="0px"><span data-contrast="auto">That’s why expectations matter from the start. How these systems are governed, where they’re deployed and how their behavior stays visible will shape their value across the security program.</span><span data-ccp-props='{"335559737":1440,"335572071":0,"335572072":0,"335572073":0,"335572075":0,"335572076":0,"335572077":0,"335572079":0,"335572080":0,"335572081":0,"335572083":0,"335572084":0,"335572085":0,"335572087":0,"335572088":0,"335572089":0,"469789798":"nil","469789802":"nil","469789806":"nil","469789810":"nil","469789814":"nil"}'> </span></p><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="0aa0f7095aa373a0f8040f9b-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="0aa0f7095aa373a0f8040f9b-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div><h3 aria-level="3"><b><span data-contrast="none">Five Tactical Ways to Harness Agentic AI With Structure and Confidence</span></b><span data-ccp-props='{"134245418":true,"134245529":true,"335559737":1440}'> </span></h3><p data-ccp-border-bottom="0px none #000000" data-ccp-padding-bottom="0px" data-ccp-border-between="0px none #000000" data-ccp-padding-between="0px"><span data-contrast="auto">The good news is that security teams can harness agentic AI without compromising visibility or trust. The following five practices help teams introduce these powerful tools in a way that reinforces their security posture.</span><span data-ccp-props='{"335559737":1440,"335572071":0,"335572072":0,"335572073":0,"335572075":0,"335572076":0,"335572077":0,"335572079":0,"335572080":0,"335572081":0,"335572083":0,"335572084":0,"335572085":0,"335572087":0,"335572088":0,"335572089":0,"469789798":"nil","469789802":"nil","469789806":"nil","469789810":"nil","469789814":"nil"}'> </span></p><p><b><span data-contrast="auto">1. Assign a specific task to each system</span></b><span data-ccp-props='{"335559737":1440,"335572071":0,"335572072":0,"335572073":0,"335572075":0,"335572076":0,"335572077":0,"335572079":0,"335572080":0,"335572081":0,"335572083":0,"335572084":0,"335572085":0,"335572087":0,"335572088":0,"335572089":0,"469789798":"nil","469789802":"nil","469789806":"nil","469789810":"nil","469789814":"nil"}'> </span></p><p data-ccp-border-bottom="0px none #000000" data-ccp-padding-bottom="0px" data-ccp-border-between="0px none #000000" data-ccp-padding-between="0px"><span data-contrast="auto">Every AI system should support a single, well-defined objective. That could include organizing log data, automating low-risk report generation, or filtering first-level alerts. A clear task keeps scope tight and risk contained.</span><span data-ccp-props='{"335559685":720,"335559737":1440,"335572071":0,"335572072":0,"335572073":0,"335572075":0,"335572076":0,"335572077":0,"335572079":0,"335572080":0,"335572081":0,"335572083":0,"335572084":0,"335572085":0,"335572087":0,"335572088":0,"335572089":0,"469789798":"nil","469789802":"nil","469789806":"nil","469789810":"nil","469789814":"nil"}'> </span></p><p data-ccp-border-between="0px none #000000" data-ccp-padding-between="0px"><span data-contrast="auto">With defined responsibilities, teams can assess performance with ease, identify misalignment faster and apply updates without disrupting unrelated systems.</span><span data-ccp-props='{"335559685":720,"335559737":1440,"335572071":0,"335572072":0,"335572073":0,"335572075":0,"335572076":0,"335572077":0,"335572079":0,"335572080":0,"335572081":0,"335572083":0,"335572084":0,"335572085":0,"335572087":0,"335572088":0,"335572089":0,"469789798":"nil","469789802":"nil","469789806":"nil","469789810":"nil","469789814":"nil"}'> </span></p><p><b><span data-contrast="auto">2. Use governance models already embedded in your workflows</span></b><span data-ccp-props='{"335559737":1440,"335572071":0,"335572072":0,"335572073":0,"335572075":0,"335572076":0,"335572077":0,"335572079":0,"335572080":0,"335572081":0,"335572083":0,"335572084":0,"335572085":0,"335572087":0,"335572088":0,"335572089":0,"469789798":"nil","469789802":"nil","469789806":"nil","469789810":"nil","469789814":"nil"}'> </span></p><p data-ccp-border-bottom="0px none #000000" data-ccp-padding-bottom="0px" data-ccp-border-between="0px none #000000" data-ccp-padding-between="0px"><span data-contrast="auto">Established frameworks like the secure development life cycle (SDLC) and NIST’s AI Risk Management Framework provide tested, structured approaches for governing new tools. These models help teams standardize how systems are deployed, reviewed and managed over time.</span><span data-ccp-props='{"335559685":720,"335559737":1440,"335572071":0,"335572072":0,"335572073":0,"335572075":0,"335572076":0,"335572077":0,"335572079":0,"335572080":0,"335572081":0,"335572083":0,"335572084":0,"335572085":0,"335572087":0,"335572088":0,"335572089":0,"469789798":"nil","469789802":"nil","469789806":"nil","469789810":"nil","469789814":"nil"}'> </span></p><p data-ccp-border-between="0px none #000000" data-ccp-padding-between="0px"><span data-contrast="auto">Applying these frameworks allows AI to fit within your existing security infrastructure rather than operate outside of it. Familiar processes also make it easier for cross-functional teams — spanning security, IT and compliance — to stay aligned.</span><span data-ccp-props='{"335559685":720,"335559737":1440,"335572071":0,"335572072":0,"335572073":0,"335572075":0,"335572076":0,"335572077":0,"335572079":0,"335572080":0,"335572081":0,"335572083":0,"335572084":0,"335572085":0,"335572087":0,"335572088":0,"335572089":0,"469789798":"nil","469789802":"nil","469789806":"nil","469789810":"nil","469789814":"nil"}'> </span></p><p><b><span data-contrast="auto">3. Match access to the job, not the system’s full capabilities</span></b><span data-ccp-props='{"335559737":1440,"335572071":0,"335572072":0,"335572073":0,"335572075":0,"335572076":0,"335572077":0,"335572079":0,"335572080":0,"335572081":0,"335572083":0,"335572084":0,"335572085":0,"335572087":0,"335572088":0,"335572089":0,"469789798":"nil","469789802":"nil","469789806":"nil","469789810":"nil","469789814":"nil"}'> </span></p><p data-ccp-border-bottom="0px none #000000" data-ccp-padding-bottom="0px" data-ccp-border-between="0px none #000000" data-ccp-padding-between="0px"><span data-contrast="auto">Agentic AI systems often have broad technical capabilities. That doesn’t mean they need broad access. Grant privileges based strictly on what’s necessary for the defined task.</span><span data-ccp-props='{"335559685":720,"335559737":1440,"335572071":0,"335572072":0,"335572073":0,"335572075":0,"335572076":0,"335572077":0,"335572079":0,"335572080":0,"335572081":0,"335572083":0,"335572084":0,"335572085":0,"335572087":0,"335572088":0,"335572089":0,"469789798":"nil","469789802":"nil","469789806":"nil","469789810":"nil","469789814":"nil"}'> </span></p><p data-ccp-border-between="0px none #000000" data-ccp-padding-between="0px"><span data-contrast="auto">This approach limits the risk of data exposure and simplifies auditing. It also supports better troubleshooting, since access boundaries are easier to evaluate and control.</span><span data-ccp-props='{"335559685":720,"335559737":1440,"335572071":0,"335572072":0,"335572073":0,"335572075":0,"335572076":0,"335572077":0,"335572079":0,"335572080":0,"335572081":0,"335572083":0,"335572084":0,"335572085":0,"335572087":0,"335572088":0,"335572089":0,"469789798":"nil","469789802":"nil","469789806":"nil","469789810":"nil","469789814":"nil"}'> </span></p><p><b><span data-contrast="auto">4. Test against unpredictable, real-world inputs</span></b><span data-ccp-props='{"335559737":1440,"335572071":0,"335572072":0,"335572073":0,"335572075":0,"335572076":0,"335572077":0,"335572079":0,"335572080":0,"335572081":0,"335572083":0,"335572084":0,"335572085":0,"335572087":0,"335572088":0,"335572089":0,"469789798":"nil","469789802":"nil","469789806":"nil","469789810":"nil","469789814":"nil"}'> </span></p><p data-ccp-border-bottom="0px none #000000" data-ccp-padding-bottom="0px" data-ccp-border-between="0px none #000000" data-ccp-padding-between="0px"><span data-contrast="auto">Systems behave differently when stress-tested in realistic conditions. Scenario-based testing introduces inputs that mimic how real users — or adversaries — might interact with the AI. These include ambiguous queries, contradictory data, or edge-case logic chains.</span><span data-ccp-props='{"335559685":720,"335559737":1440,"335572071":0,"335572072":0,"335572073":0,"335572075":0,"335572076":0,"335572077":0,"335572079":0,"335572080":0,"335572081":0,"335572083":0,"335572084":0,"335572085":0,"335572087":0,"335572088":0,"335572089":0,"469789798":"nil","469789802":"nil","469789806":"nil","469789810":"nil","469789814":"nil"}'> </span></p><p data-ccp-border-between="0px none #000000" data-ccp-padding-between="0px"><span data-contrast="auto">Comprehensive testing reveals how systems respond under pressure. It uncovers weak spots in reasoning, context interpretation, or escalation behavior. These insights allow teams to tune the system for reliability before it enters production.</span><span data-ccp-props='{"335559685":720,"335559737":1440,"335572071":0,"335572072":0,"335572073":0,"335572075":0,"335572076":0,"335572077":0,"335572079":0,"335572080":0,"335572081":0,"335572083":0,"335572084":0,"335572085":0,"335572087":0,"335572088":0,"335572089":0,"469789798":"nil","469789802":"nil","469789806":"nil","469789810":"nil","469789814":"nil"}'> </span></p><p><b><span data-contrast="auto">5. Build knowledge around AI operations across your team</span></b><span data-ccp-props='{"335559737":1440,"335572071":0,"335572072":0,"335572073":0,"335572075":0,"335572076":0,"335572077":0,"335572079":0,"335572080":0,"335572081":0,"335572083":0,"335572084":0,"335572085":0,"335572087":0,"335572088":0,"335572089":0,"469789798":"nil","469789802":"nil","469789806":"nil","469789810":"nil","469789814":"nil"}'> </span></p><p data-ccp-border-bottom="0px none #000000" data-ccp-padding-bottom="0px" data-ccp-border-between="0px none #000000" data-ccp-padding-between="0px"><span data-contrast="auto">Security teams benefit from understanding how agentic AI systems operate — not just how to configure them, but how to monitor, interpret and manage their behavior. Analysts, engineers and risk leaders all interact with these systems differently, and each role needs tailored training.</span><span data-ccp-props='{"335559685":720,"335559737":1440,"335572071":0,"335572072":0,"335572073":0,"335572075":0,"335572076":0,"335572077":0,"335572079":0,"335572080":0,"335572081":0,"335572083":0,"335572084":0,"335572085":0,"335572087":0,"335572088":0,"335572089":0,"469789798":"nil","469789802":"nil","469789806":"nil","469789810":"nil","469789814":"nil"}'> </span></p><p data-ccp-border-between="0px none #000000" data-ccp-padding-between="0px"><span data-contrast="auto">Strong internal knowledge ensures teams can recognize drift, adjust scope and maintain confidence in system outputs. It also prepares teams to respond quickly when changes in behavior appear.</span><span data-ccp-props='{"335559685":720,"335559737":1440,"335572071":0,"335572072":0,"335572073":0,"335572075":0,"335572076":0,"335572077":0,"335572079":0,"335572080":0,"335572081":0,"335572083":0,"335572084":0,"335572085":0,"335572087":0,"335572088":0,"335572089":0,"469789798":"nil","469789802":"nil","469789806":"nil","469789810":"nil","469789814":"nil"}'> </span></p><h3 aria-level="3"><b><span data-contrast="none">A New Layer of Infrastructure — With New Expectations</span></b><span data-ccp-props='{"134245418":true,"134245529":true,"335559737":1440}'> </span></h3><p data-ccp-border-bottom="0px none #000000" data-ccp-padding-bottom="0px" data-ccp-border-between="0px none #000000" data-ccp-padding-between="0px"><span data-contrast="auto">Agentic AI adds capacity where security teams need it most. When deployed tactically, these systems take on repeatable tasks, support faster workflows and create space for deeper investigation and analysis.</span><span data-ccp-props='{"335559737":1440,"335572071":0,"335572072":0,"335572073":0,"335572075":0,"335572076":0,"335572077":0,"335572079":0,"335572080":0,"335572081":0,"335572083":0,"335572084":0,"335572085":0,"335572087":0,"335572088":0,"335572089":0,"469789798":"nil","469789802":"nil","469789806":"nil","469789810":"nil","469789814":"nil"}'> </span></p><p data-ccp-border-bottom="0px none #000000" data-ccp-padding-bottom="0px" data-ccp-border-between="0px none #000000" data-ccp-padding-between="0px"><span data-contrast="auto">AI systems with clearly defined roles and trusted governance contribute to better oversight, faster escalation and more consistent outcomes. These benefits matter most in environments where speed and accuracy drive both security and business continuity.</span><span data-ccp-props='{"335559737":1440,"335572071":0,"335572072":0,"335572073":0,"335572075":0,"335572076":0,"335572077":0,"335572079":0,"335572080":0,"335572081":0,"335572083":0,"335572084":0,"335572085":0,"335572087":0,"335572088":0,"335572089":0,"469789798":"nil","469789802":"nil","469789806":"nil","469789810":"nil","469789814":"nil"}'> </span></p><p data-ccp-border-between="0px none #000000" data-ccp-padding-between="0px"><span data-contrast="auto">With the right foundation, agentic AI enhances decision-making, reduces burden and supports security programs built to adapt and grow.</span><span data-ccp-props='{"335559737":1440,"335572071":0,"335572072":0,"335572073":0,"335572075":0,"335572076":0,"335572077":0,"335572079":0,"335572080":0,"335572081":0,"335572083":0,"335572084":0,"335572085":0,"335572087":0,"335572088":0,"335572089":0,"469789798":"nil","469789802":"nil","469789806":"nil","469789810":"nil","469789814":"nil"}'> </span></p><div class="spu-placeholder" style="display:none"></div>