Agents fighting agents on cyber-security's new battleground 

Aaron Momin at Synechron explores the consequences of agentic AI for information security 

 

The next phase of cyber-warfare is already here: autonomous agents attacking and defending at machine speed. What was once a game of human hackers versus human defenders has evolved into something far more sophisticated. AI-powered attacks cost organisations $2.5 billion globally in 2024 alone, with 87% of enterprises experiencing incidents in some capacity.

 

These autonomous agents have gone from cutting-edge to ubiquitous in a rapid timeframe, creating a fighting force of self-replicating reinforcements, capable of reproducing until the other side collapses in exhaustion. AI agents can now collaborate and coordinate scalable attacks, surpassing traditional detection systems. New cyber-attacks are overwhelming the defences of even some of the most prepared organisations. Understandably, confidence in organisations defending themselves continues to dwindle.  This has become a key concern for most CISOs.

 

We see three primary consequences for CISOs as they adapt to the agentic age in cyber-security: the necessity to respond faster, meet new regulatory considerations and accelerate AI adoption timelines.  

 

Speed is now the new security currency 

The explosion of available data and communication means the scale of what needs to be protected is far beyond what was previously required. For instance, Microsoft processes 84 trillion security signals daily. At this volume that renders human analysis of even a very small amount of the data both impractical and impossible. When offensive agents can enumerate thousands of vulnerabilities at once, defensive systems need to match that speed.  

 

Enter defensive AI agents. They can identify patterns across this enormous data landscape and respond to threats in ways that would leave traditional security teams scrambling. We’re talking about systems that can isolate infected computers and launch countermeasures within milliseconds of detecting a problem. 

 

These systems don’t just react — they anticipate, using historical data and predictive analysis to identify activity such as unusual logins, malicious malware and potential breaches before they fully materialise. Humans could easily miss these subtle correlations. Thankfully AI excels at this multi-factor pattern recognition.  

 

One early example is Google’s AI-powered cyber-agent, Big Sleep, which correctly predicted and flagged an underlying SQLite threat, preventing it from being deployed.   

 

Regulatory frameworks for autonomous decisions 

Another consideration is how to leverage AI cutting-edge technologies in cyber-security despite limited regulatory guidance. A recent survey indicates that over 50% of companies are either using or planning to deploy AI agents in the next six months across cyber-security.  

 

Here’s what is known: The EU’s AI Act is the first comprehensive legal framework for AI deployment, offering firms clear risk categories and compliance pathways that reduce regulatory uncertainty. Britain and the United States, along with major economies elsewhere, are also in the process of drafting similar legislation. The main challenge is meeting regulatory requirements without slowing down the fast decision-making that makes AI agents valuable in cyber-security..  

 

Building infrastructure for the agent era

For financial institutions, building AI agents from the ground up may not be beneficial given the speed of technology change. Instead, success depends on integrating proven, best-in-class AI solutions into existing architectures to quickly deliver business value.

 

AI-powered accelerators can integrate predictive analytics, large language models, and agentic architectures to deliver real-time automation across key security domains such as vulnerability management, security operations and infrastructure monitoring, vendor risk management, or data security. These agentic systems can then be integrated with existing infrastructures while providing the flexibility to evolve with emerging threats. 

 

Defensive agents only work if the infrastructure beneath them evolves just as quickly. That means moving away from centralised SOC models towards distributed agents capable of decision-making at the edge. It also means building secure pipelines that let agents retrain continuously on new threat data. Hyperscalers are already embedding these capabilities into cloud-native platforms. For instance, Microsoft Sentinel and AWS GuardDuty now deploy AI-driven anomaly detection at global scale. Financial institutions must decide whether to build, buy, or federate such capabilities across their enterprise.

 

This will require a major change as only 26% of firms are highly confident in their ability to detect attacks. Success requires robust data pipelines, secure communication channels, and computing infrastructure that scales dynamically with threat levels. 

 

For CISOs, the challenge is less about acquiring the latest tools and more about embedding them into the daily rhythm of operations. AI agents must be linked through business process integration (BPI) to workflows like access management, compliance reporting, and incident response so that decision-making is not delayed by silos. A defensive system that triggers an alert but cannot inform procurement, legal, or customer-facing teams in real time will still leave the organisation exposed. BPI ensures that agent-driven actions ripple seamlessly across business units, so that containment, communication, and recovery move in lockstep.

 

Equally important is cultural adoption. Security teams have long operated on the basis of manual expertise and hierarchical escalation. The agent era forces a shift toward machine-initiated actions, which many executives may find uncomfortable. When combined with strong BPI, however, defensive AI can plug directly into governance structures and business continuity processes, giving agents clear authority to act without paralysing human oversight. The firms that succeed will be those that view BPI not as a back-office efficiency play, but as the foundation for embedding AI into compliance, risk management, and customer trust.

 

The implementation advantage 

It is worth quoting one of the famous tacticians of all, Sun Tzu. “The general who wins the battle makes many calculations in his temple before the battle is fought. The general who loses makes but few calculations beforehand.” 

 

CISOs need to act as quartermasters, equipping human and machine teams alike. Those who build agent-based security today will outmanoeuvre novel AI-powered cyber-threats tomorrow. 

 

---

 

Aaron Momin is Chief Information Security Officer at Synechron

 

Main image courtesy of iStockPhoto.com and Sansert Sangsakawrat