Table of Contents
Fetching ...

A Survey of Agentic AI and Cybersecurity: Challenges, Opportunities and Use-case Prototypes

Sahaya Jestus Lazer, Kshitiz Aryal, Maanak Gupta, Elisa Bertino

TL;DR

Agentic AI extends GenAI with planning, memory, and tool use to enable long-horizon cybersecurity workflows, spanning defense, offense, and governance. The paper synthesizes a holistic view across four security domains, surveys threat models, security frameworks, and evaluation pipelines, and presents three prototype implementations to illustrate practical deployment. It highlights dual-use risks, including accelerated reconnaissance, autonomous exploitation, and social engineering, as well as systemic threats like collusion, memory poisoning, and oversight evasion. The work argues for bounded autonomy, runtime safeguards, continuous assurance, and human oversight as foundational for safe, effective adoption in cyber operations, and outlines concrete directions for frameworks, benchmarks, and future research.

Abstract

Agentic AI marks an important transition from single-step generative models to systems capable of reasoning, planning, acting, and adapting over long-lasting tasks. By integrating memory, tool use, and iterative decision cycles, these systems enable continuous, autonomous workflows in real-world environments. This survey examines the implications of agentic AI for cybersecurity. On the defensive side, agentic capabilities enable continuous monitoring, autonomous incident response, adaptive threat hunting, and fraud detection at scale. Conversely, the same properties amplify adversarial power by accelerating reconnaissance, exploitation, coordination, and social-engineering attacks. These dual-use dynamics expose fundamental gaps in existing governance, assurance, and accountability mechanisms, which were largely designed for non-autonomous and short-lived AI systems. To address these challenges, we survey emerging threat models, security frameworks, and evaluation pipelines tailored to agentic systems, and analyze systemic risks including agent collusion, cascading failures, oversight evasion, and memory poisoning. Finally, we present three representative use-case implementations that illustrate how agentic AI behaves in practical cybersecurity workflows, and how design choices shape reliability, safety, and operational effectiveness.

A Survey of Agentic AI and Cybersecurity: Challenges, Opportunities and Use-case Prototypes

TL;DR

Agentic AI extends GenAI with planning, memory, and tool use to enable long-horizon cybersecurity workflows, spanning defense, offense, and governance. The paper synthesizes a holistic view across four security domains, surveys threat models, security frameworks, and evaluation pipelines, and presents three prototype implementations to illustrate practical deployment. It highlights dual-use risks, including accelerated reconnaissance, autonomous exploitation, and social engineering, as well as systemic threats like collusion, memory poisoning, and oversight evasion. The work argues for bounded autonomy, runtime safeguards, continuous assurance, and human oversight as foundational for safe, effective adoption in cyber operations, and outlines concrete directions for frameworks, benchmarks, and future research.

Abstract

Agentic AI marks an important transition from single-step generative models to systems capable of reasoning, planning, acting, and adapting over long-lasting tasks. By integrating memory, tool use, and iterative decision cycles, these systems enable continuous, autonomous workflows in real-world environments. This survey examines the implications of agentic AI for cybersecurity. On the defensive side, agentic capabilities enable continuous monitoring, autonomous incident response, adaptive threat hunting, and fraud detection at scale. Conversely, the same properties amplify adversarial power by accelerating reconnaissance, exploitation, coordination, and social-engineering attacks. These dual-use dynamics expose fundamental gaps in existing governance, assurance, and accountability mechanisms, which were largely designed for non-autonomous and short-lived AI systems. To address these challenges, we survey emerging threat models, security frameworks, and evaluation pipelines tailored to agentic systems, and analyze systemic risks including agent collusion, cascading failures, oversight evasion, and memory poisoning. Finally, we present three representative use-case implementations that illustrate how agentic AI behaves in practical cybersecurity workflows, and how design choices shape reliability, safety, and operational effectiveness.
Paper Structure (47 sections, 8 figures, 9 tables)

This paper contains 47 sections, 8 figures, 9 tables.

Figures (8)

  • Figure 1: Single-agent architecture: the agent processes user input through an internal execution loop (planning, action, tool calling), supported by short-term memory, external services/APIs, an LLM model with function calling, and a long-term vector datastore.
  • Figure 2: Multi-agent architecture: application layer, agent layer (coordinator plus task agents sharing short-term memory), and infrastructure/memory layer with tools and long-term storage.
  • Figure 3: Overview of applications of agentic AI to cybersecurity. Figure maps core research and operational domains, such as autonomous defense, threat intelligence, enterprise automation, and simulation and training, together with representative subcomponents.
  • Figure 4: Comparison of traditional and agentic AI-enabled cyber attack chains.
  • Figure 5: Four-Layer Model of agentic AI security (Wong & Saade wong2025rise), illustrating threats and mapped defenses across Perception, Reasoning, Action, and Memory layers.
  • ...and 3 more figures