PRESS RELEASE

How Should We Consider Agentic AI Workflows in Cybersecurity? – Report Summary

Analyst(s): Fernando Montenegro
Publication Date: May 8, 2025

Beyond securing agentic AI systems themselves, cybersecurity represents a prime domain for applying agentic technologies. Futurum examines how organizations can leverage these autonomous systems within security operations while navigating the challenges they present.

Key Points:

  • Agentic AI for security is in many ways a natural evolution of existing automation and analytics capabilities.
  • The most effective use cases operate within well-defined boundaries, have clear success criteria, and address high-volume scenarios.
  • Major providers such as Microsoft and Google, along with established vendors and numerous startups, are already integrating agentic capabilities into security offerings.

Overview:

Agentic AI combines large language models with supportive tools to create autonomous systems that can analyze data, make decisions, and take actions with minimal human supervision. Within cybersecurity, these capabilities represent the next step in a continuum of increasing automation and reasoning that has evolved from simple signature matching to sophisticated behavioral analysis.

The technology continues to evolve rapidly, with optimized models from providers such as OpenAI and NVIDIA, integration frameworks such as Anthropic’s Model Context Protocol (MCP), and Google’s Agent2Agent (A2A) framework facilitating inter-agent communication. These developments enable increasingly sophisticated applications within security operations.

Effective cybersecurity applications for agentic AI fall into four primary categories. Security alert enrichment, triage, and resolution represent the most common use case, where agentic workflows accelerate context gathering and initial response decisions. Agents can also encode specialized domain knowledge, helping teams handle complex requests outside their primary expertise. Enhanced human communication workflows leverage language capabilities to improve user interactions, security training, and even deception operations against attackers. Finally, agents can perform proactive security tasks such as threat hunting, data discovery, and permission validation.

Organizations implementing these capabilities must carefully consider governance, integration with existing workflows, and clear communication about the capabilities and limitations of agentic systems. The line between advanced automation and truly agentic behavior remains fluid, requiring vendors to be transparent about their offerings.

Key points to watch include:

  • Efficacy concerns, particularly regarding false negatives, as AI agents will be held to high standards
  • Cost-benefit analyses justifying investments in agentic technology for security operations
  • Evolution of multi-agent, multi-party systems requiring coordination across vendor boundaries
  • Security implications of integration protocols such as MCP and A2A require further scrutiny.

The full report is available via subscription to Futurum Intelligence’s Cybersecurity IQ service—click here for inquiry and access.

Futurum clients can read more in the Cybersecurity Intelligence Portal. Non-clients can learn more here: Cybersecurity Practice.

About the Futurum Cybersecurity Practice

The Futurum Cybersecurity Practice provides actionable, objective insights for market leaders and their teams so they can respond to emerging opportunities and innovate. Public access to our coverage can be seen here. Follow news and updates from the Futurum Practice on LinkedIn and X. Visit the Futurum Newsroom for more information and insights.

Disclosure: While preparing this work, the author used Anthropic Claude Sonnet to summarize the original report. After using this service, the author reviewed and edited the content as needed. The author takes full responsibility for the publication’s content.

Author Information

Fernando Montenegro

Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.

Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.

Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.

Book a Demo

Thank you, we received your request, a member of our team will be in contact with you.