What is Agentic AI?
Agentic AI refers to artificial intelligence systems that can autonomously set goals, plan, and execute tasks with minimal human intervention.
Agentic AI technology is emerging very quickly.
The promise is amazing.
If I could create a digital version of you with the same rights and privileges to your network, desktop, and cloud resources, and could train the digital you to act independently as you, without prompting you, how much more efficient could you be?
Then the Agentic agent could theoretically copy itself and produce an army of clones of "digital yous"—all working on tasks you want and need done, independently, each with the same rights and privileges as you.
Wow!
That is what is coming, and in some cases, is already here.
However, in my opinion, the industry has not yet adequately addressed some serious questions.
How do I know a good digital you from a fake, threat actor masquerading as you?
How do I keep track of a number of digital users signing on to various local and cloud systems, performing tasks you are allowed to do, without asking you?
How do we validate that these independent agents are, in fact, doing what you want done?
If agents are spawning agents, how are all the agents shut down once the tasks are completed?
How do these autonomous agents interact with your security practices?
How is this not a security nightmare?
We might be in the middle of that dilemma.
Listening to industry experts, there are a whole lot of "I don't knows" in their presentations on this topic.
Yet vendors are rushing to market with technically amazing promises before the security and management questions are fully thought out.
Recently, Palo Alto bought an AI security company. Then SentinelOne bought an AI security company. Then CrowdStrike bought an AI security company.
They are all trying to protect and defend this new AI Frontier. They all realize the current tools don't protect against malicious use of this technology.
We continue to struggle with basic blocking and tackling security issues, and now we have to add this to our defense-in-depth security stack.
There are certainly more questions than answers.
My initial suggestion is that when you hear some marketing blather about Agentic AI, be extremely thorough in your vetting, understanding the scope, security, and management process.
If the government shutdown doesn't mess us up, my fellow Acture CISSP, Cole, and I will be getting on an airplane next week and spending a few days listening to and interacting with the finest security minds in industry, business, government, the military, and academia on this and other security topics.
We hope to have some answers to some of these questions once we get back.
We expect to share some of that at our 10th annual Cybersecurity event in December. Contact Lisa to register.
Stay tuned...