Monica Landen, Chief Information Security Officer at Diligent.
After more than 20 years in cybersecurity, I’ve learned to be skeptical. I’ve seen countless vendors promise to “revolutionize security,” only to deliver another dashboard we barely have time to check. I’m not easily impressed by the latest buzzwords, and I’ll admit I’m not the type who looks forward to sales demos.
But even for a skeptic like me, it’s becoming clear that cybersecurity teams need to fundamentally rethink how we work, as evidenced by our late arrival to the cloud transformation.
I remember when engineering teams were already deploying workloads to AWS while my security engineers—myself included—could barely spell “EC2.” It wasn’t because we were lazy or uninterested. We were overwhelmed and buried under alerts, chasing system owners for remediation and fighting for time just to keep up with the basics.
Meanwhile, our engineers and attackers moved faster. They automated, scaled and adapted while we stayed buried in manual tasks. It’s time for that to change.
From Doing The Work To Directing The Agents
The next evolution in cybersecurity isn’t another tool; it’s a shift in how we operate.
We’re entering an era where cyber teams will manage agentic AI helpers: intelligent digital agents capable of performing complex workflows under human supervision. These aren’t chatbots that summarize reports. They’re more like tireless digital apprentices that can execute tasks, communicate across systems and even interact directly with engineers or employees to confirm ownership, request updates or validate remediation progress.
These agents can coordinate with one another, push and pull data through APIs and maintain continuous context across conversations and platforms while guided by human analysts who set priorities, review outputs and ensure accuracy.
It’s a fundamental shift from doing the work ourselves to directing a team of digital AI operators. (Cue the nervous laugh.)
A New Model For Vulnerability Management
Consider one of the most tedious and critical workflows in our field: vulnerability management.
Today, that process looks something like this:
- Ingest vulnerability data—scan data, penetration test findings, red team reports, etc.
- Map those vulnerabilities to systems and asset owners (the hardest and most time-consuming part).
- Create tickets in Jira or ServiceNow.
- Set criticality levels.
- Chase down remediation status and report progress to leadership (the second hardest and most time-consuming part).
For many teams, this process consumes more time than actual risk reduction.
Now imagine the same workflow handled by a fleet of AI agents.
One agent correlates vulnerabilities with system owners and creates the necessary tickets. Another prioritizes them by exposure and business impact. A third monitors remediation progress and sends follow-ups to owners automatically. A fourth aggregates the data into executive dashboards and board reports.
Meanwhile, the human analyst remains in charge: validating decisions, setting thresholds, interpreting nuance and providing oversight.
Agents aren’t replacing analysts, but they are amplifying them. They allow us to deploy our scarce human expertise where it matters most (on strategy, context and creative problem-solving) while the agents handle the repetitive, process-driven work that drains our time and morale.
This Is A Cultural Shift, Not Just A Technological One
This evolution isn’t simply about adopting new tools; it’s about reimagining our workflows, roles and culture. Cybersecurity has long operated in a reactive mode, constrained by staff shortages and legacy processes. To thrive, we must transition from firefighting to orchestration.
That means redefining workflows around agentic automation instead of human bandwidth, training analysts to manage and validate AI output instead of manually executing every step, changing success metrics from “tickets closed” to “risk reduced” and building governance and transparency into every agentic process.
Skepticism remains healthy and essential. We must demand that AI systems in cybersecurity are explainable, auditable and trustworthy. Blind automation is dangerous, but guided automation is transformative.
Guardrails For The Digital Army
As we rethink how cyber teams work, we also need to question how we’ll control this new digital army. These agentic systems won’t just process data. They’ll act on it, access resources and make decisions that can have real-world impact.
If one of these agents is compromised, what’s the blast radius? Who grants or revokes its privileges? How do we ensure that elevated actions like deploying a patch, disabling an account or modifying configurations follow a verifiable, human-in-the-loop process?
This revolution must be as much about security architecture as automation. We’ll need to design agent access models that limit damage, enforce identity and require human validation for sensitive tasks. Agentic AI won’t eliminate the need for oversight; it will make that oversight even more critical.
Lessons From Zion
At times, cybersecurity feels like the final battle in The Matrix Revolutions, where humans in Zion are outnumbered and overwhelmed by machines. Every day brings a new wave of threats, alerts and regulatory demands, and there are never enough hands to hold the line.
But in this story, our machines can now fight for us.
Agentic AI represents a turning point where we can finally shift from constant reaction to proactive defense if we learn how to lead these systems effectively. The teams that master this orchestration will move faster, respond smarter and, ultimately, reduce real-world risk.
The rest will keep fighting the same fight with fewer people and more demands.
The Road Ahead
The move toward AI-assisted cybersecurity will be uncomfortable. It will challenge our pride, our habits and our sense of control. For those of us who’ve lived through the evolution from mainframe to distributed systems and data centers to the cloud, it’s a familiar story. We resist, we adapt and, eventually, we lead.
The future of cybersecurity isn’t humans versus AI. It’s humans with AI and managing intelligent agents that handle the work no one has time for, so we can finally focus on the mission that matters: protecting the business, enabling innovation and staying one step ahead.
If we can make that leap, maybe, just maybe, we won’t need to dodge bullets forever.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?