Menu
Become a Client
Fernando Montenegro
Request an Analyst Session

“The broad evolution of and interest in agentic AI is extremely important to cybersecurity teams. As a new technology, the adoption of agentic AI across the organization means that security teams must quickly understand the technology, analyze the impact it may have on security posture, determine how to secure it, and implement these changes while supporting innovation and experimentation. That same technology, however, can potentially be a boon to security teams themselves, as they use it selectively to assist with well-defined security tasks.”

Fernando Montenegro

Vice President & Practice Lead, Cybersecurity & Resilience

Linkedin

Agentic AI Is a Focus for Cybersecurity Teams

As we reach the halfway mark for 2025, our initial prediction about increased efforts around agentic AI in cybersecurity was accurate: we saw and continue to see significant activity around agentic AI in security, both in terms of “securing agentic” and “using agentic for security.” We expect increased adoption of agentic workflows in security operations teams, particularly as large vendors fine-tune their agentic offerings.

  • Widespread Popularity Within the Business: The emergence of agentic technology is of great interest to businesses seeking efficiencies across numerous processes, and technology vendors have responded in earnest, with numerous announcements in the past few months.
  • Securing Agentic AI Is a Complex Undertaking: Agentic technology includes several aspects that must be addressed, including code security, identity management, data security, and more. The emergence of protocols such as Model Context Protocol (MCP) and Agent2Agent (A2A) brings new challenges for security teams to tackle.
  • Technology Can Be Applied to Security Use Cases: On the flip side, agentic technology has increasingly been seen as well-suited for well-defined use cases in cybersecurity, including scenarios in application security, security operations, and more.
  • Enrichment for Security Events and Alerts: Agents can be beneficial in aggregating information from multiple sources based on a deeper understanding of the underlying content. This can be applied to time-sensitive investigations where security analysts must understand the context of possible incidents. Releases from security operations vendors, including but not limited to CrowdStrike, SentinelOne, Microsoft, Cisco, Palo Alto Networks, Trend Micro, and others, evidence this.
  • Better Event Triage: Agentic AI is proving particularly useful in scenarios where the domain model, which describes how complex the context the agent needs to understand, is relatively well-defined. This works well in many security operations scenarios where automated triage can help reduce the analyst workload. A good example of this has been Microsoft’s release of a suite of agents that, among other things, automatically handle lower-level email alerts.
  • Scale Up Threat Hunting: Many security teams proactively look for signs of potential intrusion through threat hunting, but this can be a time-consuming activity requiring deep domain knowledge. Agentic technology can potentially assist here by offloading well-defined tasks from the human threat hunters. The recent advancements with the use of MCP servers connecting agents to existing security tools can be particularly useful here.

Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice’s growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.

Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.

Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.

Recent Insights, News & Research

Do AI Factories Signal a New Mandate for Certified Security - Report Summary
February 25, 2026

Do AI Factories Signal a New Mandate for Certified Security? – Report Summary

Fernando Montenegro at Futurum explores how the rise of AI factories mandates a shift toward hardware-enforced security and validated reference architectures to protect intelligence workloads without degrading GPU performance....
Fernando Montenegro
Palo Alto Networks Q2 FY 2026 ARR Accelerates as Platform Strategy Scales
February 23, 2026
 

Palo Alto Networks Q2 FY 2026: ARR Accelerates as Platform Strategy Scales

Fernando Montenegro, VP & Practice Lead for Cybersecurity & Resilience at Futurum, analyzes Palo Alto Networks’ Q2 FY 2026 results, highlighting platformization momentum, SASE and AI SOC traction, and identity/observability...
Fernando Montenegro
No More Playing Koi Can Palo Alto Networks Secure the Modern Supply Chain
February 18, 2026
 

No More Playing Koi: Can Palo Alto Networks Secure the Modern Supply Chain?

Fernando Montenegro, VP at Futurum, analyzes Palo Alto Networks' acquisition of Koi Security, a move that shifts endpoint defense from file scanning to marketplace governance....
Fernando Montenegro
Can Proofpoint Secure the Intent of the Autonomous Agent
February 17, 2026
 

Can Proofpoint Secure the Intent of the Autonomous Agent?

Fernando Montenegro, VP at Futurum, analyzes Proofpoint’s acquisition of Acuvity and the strategic move to secure autonomous AI agents and "Read-Write AI" workflows....
Fernando Montenegro
Commvault Introduces Geo Shield. Can One Platform Meet Sovereign Needs?
February 9, 2026
 

Commvault Introduces Geo Shield. Can One Platform Meet Sovereign Needs?

Fernando Montenegro, VP & Practice Lead for Cybersecurity & Resilience at Futurum, examines Commvault Geo Shield and its focus on sovereign deployment models that retain control over data location, operations,...
Fernando Montenegro
Is 2026 the Turning Point for Industrial-Scale Agentic AI?
February 5, 2026
 

Is 2026 the Turning Point for Industrial-Scale Agentic AI?

VP and Practice Lead Fernando Montenegro shares insights from the Cisco AI Summit 2026, where leaders from the major AI ecosystem providers gathered to discuss bridging the AI ROI gap...
Fernando Montenegro
All Content by this Analyst

Welcome to The Futurum Group

Login to The Futurum Group
Login to Futurum Intelligence Platform
Login to Futurum Labs Research Library

Book a Demo

Newsletter Sign-up Form

Get important insights straight to your inbox, receive first looks at eBooks, exclusive event invitations, custom content, and more. We promise not to spam you or sell your name to anyone. You can always unsubscribe at any time.

All fields are required






Thank you, we received your request, a member of our team will be in contact with you.