A Realistic Take on AI Agents in Security
WTF is an AI Agent and what do they mean for security?
'Agentic AI' or 'AI Agents' seem to have become THE buzzwords in security over the last few weeks.
There's a lot of hype but, when I talk to security folks about AI Agents, the most common response I get is still 'I don't want another agent on my endpoints!'.
Let me explain what an AI Agent is and give a realistic take on what they mean for security.
So, what is an AI Agent?
An AI Agent is a pipeline of Large Language Models (LLMs) that work one after another to get something done.
Agents are a more powerful (but complex) way to use LLMs than the chat interfaces most people are familiar with (like ChatGPT).
If ChatGPT is a naive intern who can only do one thing at once and often gets things wrong, then a well designed AI Agent is more like an experienced pro who can handle complex tasks and rarely slips up.
Agents are similar to data pipelines and workflow automations used in normal software. The difference is that instead of all the logic being defined up front as IF THIS THEN THAT, Agents pass data, instructions, and actions back and forth between LLMs dynamically to get things done. Agents start with an objective and then access 'tools' (data sources or actions) that they use to advance their task. The premise is simple, but the power of LLMs combined with the flexibility of tools gives agents the ability to do things that weren’t possible before.
Agents are powerful for two reasons:
Agents give LLMs time to think. ChatGPT tries to answer immediately, Agents can take minutes. Through this process, Agents can reason about complex problems and challenge their own assumptions. With enough time and effort invested into building Agents, it’s possible to reduce hallucinations to almost zero, even on the most complex of problems.
Agents can traverse almost infinitely complex decision trees. Because Agents use LLMs to dynamically decide on each next step in their workflow, the number of different branches of a decision tree they can traverse is exponentially larger than what is possible with a rule-based workflow or even with a traditional machine learning model.
As a simple example, we could build an Agent that has the objective of booking me a vacation. The tools could be a spreadsheet of the my recent trips (data source) and the internet (where it can gather data or take actions). It would then pass data and instructions back and forth between LLMs to help it decide what sort of trip I might enjoy, that I haven't been on recently, and is within my budget range. It could then either provide me with suggestions or go ahead and book the trip for me automatically.
Of course something similar could be built without LLMs using regular logic in something like Zapier. The problem with this is context. Without LLMs, the workflow would badly misunderstand the context of the my situation, and I’d end up with a pretty bad vacation...
What does all this mean for security?
Almost every security product ever made is essentially a decision making machine. Give it data from 1-n places and it tells you if something is good, bad, or somewhere in between.
As a result, almost every security product struggles with the same problem - inaccuracy. Too much noise, not enough signal etc. etc. Even the most successful products tend to be simply the ones that are the least inaccurate, they still create plenty of noise.
The reason almost every security product struggles with accuracy can be put down to an inability to fully understand the context of the situation they are analyzing. This is where a lot of human time is spent today - using our advanced reasoning skills to understand context and fix inaccuracies.
It’s still early days, but it’s not unrealistic to expect that AI Agents can resolve the context problem across many sectors of security. Their ability to process unstructured, semi-structured, and machine-readable data combined with the ability to traverse complex decisions trees gives them a real chance.
I expect AI Agents to transform security but I think the revolution will more subtle than some expect. Many people see Agents and think 1-1 replacement for human work. Across many industries we are seeing ‘AI Digital Workers’ pop up - you can employ ‘Betty’ the SDR or ‘Mike’ the Support Agent. Jensen at Nvidia thinks IT Departments will become HR departments for Digital Workers. I’d be shocked if this is where things end up, especially in security.
We need to stop seeing AI Agents as 1-1 replacements for humans. Instead we should see them as a way to fundamentally change the way we build software. We won’t be hiring ‘Bob’ the digital worker into our security team, our tools will just get a lot, lot better.
It’s still early for AI Agents in security. Agents aren’t easy to build with, which is probably why we haven’t seen much of them so far. They also aren’t easy to layer into older products (although expect vendors to try this year…). We’re just starting to see some interesting early products using AI Agents like Ghost in AST, SevenAI in the SOC, and from Dylan Williams and co in Detection Engineering. And, who knows, there might be more to come in 2025 too 🤫