Agentic security is quickly becoming one of the biggest conversations in cybersecurity as organizations evaluate how AI agents can automate security operations.
The debate is no longer whether AI belongs in the security operations center (SOC), but whether organizations can trust AI agents to make decisions inside production environments.
Threat actors have already embraced AI to accelerate phishing campaigns, reconnaissance, and malware development, allowing attacks to unfold at machine speed.
Meanwhile, many defenders continue to rely on workflows designed for a much slower era.
According to Strike48’s State of Agentic Security report, 84% of security leaders believe AI agents should perform Level 1 (L1) security operations, yet only 36% have deployed agents for even a single production use case, and just 22% are ready to automate basic L1 tasks.
That disconnect highlights the defining challenge facing agentic security today: trust.
Tim Leehealey, Founder and VP of Strategy & Operations at Strike48, said enterprise adoption remains largely experimental despite growing executive support.
“Once teams start testing and see that they can trust an agent to take real action, everything changes,” Leehealey explained. “Setting up an AI agent is trivial. Standing up an agent that you’d trust to take unsupervised action at 3 a.m. is a completely different sport.”
Key Takeaways of AI Agent Security
- Agentic security adoption is accelerating, but trust remains the biggest barrier. While 84% of security leaders believe AI agents should handle Level 1 security operations, only 36% have deployed them in production and just 22% are ready to automate basic L1 tasks.
- Organizations should begin with low-risk SOC workflows. Alert triage, threat hunting, and investigation are among the security operations most suited for AI agents, while higher-risk actions should continue to include human oversight.
- Data visibility is essential for effective AI agents. Incomplete access to security telemetry limits an AI agent’s ability to make accurate decisions, making unified visibility a foundational requirement for agentic security.
- Trust must be earned through governance and transparency. Deterministic workflows, audit trails, explainable decision-making, and configurable human oversight help organizations confidently adopt AI agents while reducing operational risk.
Why trust is the biggest challenge in agentic security
Many security leaders recognize the operational benefits AI agents could deliver, especially for repetitive, high-volume security operations.
However, confidence in autonomous decision-making remains limited.
Strike48’s research found that 52% of organizations cite insufficient trust in AI outputs as the primary reason they have not broadly deployed AI agents.
Security leaders worry agents could perform unintended or harmful actions (71%), hallucinate incorrect conclusions (69%), or make decisions using incomplete data (57%).
Leehealy believes those concerns are entirely rational.
“When agents are wrong, they exude confidence,” he said. “One confident wrong answer and the analyst stops believing any of them. Trust here is an engineering problem, not an emotional one.”
Rather than asking organizations to blindly trust AI, Leehealey suggests that vendors must build agentic security platforms that earn confidence through deterministic workflows, transparent reasoning, complete audit trails, and clearly defined guardrails.
Why AI agents still need human oversight
Stories about AI making mistakes have reinforced concerns around autonomous security operations.
However, Leehealey argues those incidents often reflect unrealistic expectations rather than failures of the underlying technology.
“Agents need to be coupled with deterministic workflows, toolsets, scripts, and playbooks if you want them to be technically precise,” he said.
Instead of removing humans entirely, organizations should shift toward what Leehealey describes as “human on the loop” rather than “human in the loop.”
Security teams establish governance policies, determine which actions require approval, and continuously monitor outcomes while allowing AI agents to handle lower-risk, repetitive work.
This approach enables organizations to gradually increase automation while maintaining human oversight for higher-risk decisions, creating a practical path toward trusted SOC automation.
Where to start with AI agents in the SOC
Security leaders seem to agree on where AI agents can provide immediate value.
According to the survey, 60% would automate alert triage and prioritization first, followed by threat hunting across historical data (39%) and investigation and root cause analysis (36%).
These SOC workflows involve gathering, correlating, and summarizing large amounts of information rather than making irreversible operational decisions, making them well suited for AI-assisted security operations.
“The moment a task can do something you can’t easily undo, like containment or remediation that touches production, a human belongs in the loop,” Leehealey said.
He also cautioned against automating isolated tasks without redesigning the surrounding workflow.
The greatest efficiency gains come when AI agents can complete an entire Level 1 or Level 2 workflow and escalate only incidents requiring human judgment.
Data visibility is essential for agentic security
Trust is only part of the equation. The report also identifies data visibility as a major obstacle to successful agentic security.
Eighty-four percent of security leaders report that their current security tools cannot access all available log data, while 65% say investigations have stalled because critical information was trapped in systems their tools could not reach.
Leehealey noted that AI agents inherit the same blind spots as the infrastructure supporting them.
“Our research found that 84% of security teams can’t access all of their log data,” he said. “Any agent built on a partial picture inherits the same blind spots as the underlying infrastructure.”
Improving visibility across SIEM platforms, cloud environments, archived logs, and other security tools allows AI agents to reason over a more complete picture of the environment, reducing blind spots and improving the quality of automated security operations.
How to evaluate AI agents before production
Organizations should evaluate AI agents the same way they would evaluate a new security analyst before allowing them to participate in security operations.
Leehealey recommends validating whether agents consistently produce the same results for identical inputs, recognize when they lack sufficient information, and appropriately escalate uncertain situations instead of guessing.
“I typically suggest treating an agent like a new analyst you don’t trust yet,” he said. “Let it make calls without the ability to act, and grade it against your team. Trustworthy doesn’t mean impressive. It means predictable.”
As AI capabilities continue to mature, Leehealey expects routine L1 and much of today’s L2 work to shift toward AI agents, allowing analysts to focus on investigations, decision-making, governance, and higher-value security work.
Organizations are no longer debating whether agentic security will become part of the modern SOC.
Instead, the challenge is deploying AI agents responsibly through transparent governance, complete data visibility, auditable workflows, and measured increases in autonomy.
Those organizations that build trust into their agentic security strategy today will be better positioned to defend against increasingly AI-enabled adversaries operating at machine speed.





