The continued rise of autonomous security agents such as XBOW, and the more recently launched Aardvark from Open AI shows how quickly agentic AI has moved from the lab into real-world workflows at security operations centers (SOCs). These agents can gather context, test hypotheses, and drive investigations forward in seconds instead of hours, giving security teams a powerful edge in speed and scale. This capability couldn’t come at a more critical time for defenders as adversaries continue to become more sophisticated. However, greater agent autonomy also expands the attack surface that SOC teams must secure, with a whole new wave of machine identities coming online. Our researchers observed a fourfold increase in identity-based threats in the past year, revealing just how prominent these forms of attack have become. The same agentic capabilities that accelerate threat hunting for defenders can just as easily be used by adversaries to augment their own capabilities.

Full commentary : How to use agentic AI for cyber security operations.