A Survey of Agentic AI and Cybersecurity: Challenges, Opportunities and Use-case Prototypes
Sahaya Jestus Lazer, Kshitiz Aryal, Maanak Gupta, Elisa Bertino
TL;DR
Agentic AI extends GenAI with planning, memory, and tool use to enable long-horizon cybersecurity workflows, spanning defense, offense, and governance. The paper synthesizes a holistic view across four security domains, surveys threat models, security frameworks, and evaluation pipelines, and presents three prototype implementations to illustrate practical deployment. It highlights dual-use risks, including accelerated reconnaissance, autonomous exploitation, and social engineering, as well as systemic threats like collusion, memory poisoning, and oversight evasion. The work argues for bounded autonomy, runtime safeguards, continuous assurance, and human oversight as foundational for safe, effective adoption in cyber operations, and outlines concrete directions for frameworks, benchmarks, and future research.
Abstract
Agentic AI marks an important transition from single-step generative models to systems capable of reasoning, planning, acting, and adapting over long-lasting tasks. By integrating memory, tool use, and iterative decision cycles, these systems enable continuous, autonomous workflows in real-world environments. This survey examines the implications of agentic AI for cybersecurity. On the defensive side, agentic capabilities enable continuous monitoring, autonomous incident response, adaptive threat hunting, and fraud detection at scale. Conversely, the same properties amplify adversarial power by accelerating reconnaissance, exploitation, coordination, and social-engineering attacks. These dual-use dynamics expose fundamental gaps in existing governance, assurance, and accountability mechanisms, which were largely designed for non-autonomous and short-lived AI systems. To address these challenges, we survey emerging threat models, security frameworks, and evaluation pipelines tailored to agentic systems, and analyze systemic risks including agent collusion, cascading failures, oversight evasion, and memory poisoning. Finally, we present three representative use-case implementations that illustrate how agentic AI behaves in practical cybersecurity workflows, and how design choices shape reliability, safety, and operational effectiveness.
