As cyber threats become more complex, security companies face ever-increasing workloads while struggling to hire qualified analysts.
In response, some are hiring a new type of worker: AI agents.
Unlike generative AI tools that rely on prompts like ChatGPT, AI agents are assigned specific roles and trained to perform multi-step workflows.
The transition to agent workflows has already begun. In a 2025 McKinsey survey, 62% of respondents said their organization was experimenting with AI agents. It is also being introduced in cybersecurity. According to a study by cybersecurity nonprofit ISC2, 30% of professionals report incorporating AI security tools into their work. Many of these systems have evolved into agent-like tools that can execute multi-step workflows after processing by human analysts.
Cybersecurity companies are now tasked with implementing these systems across their teams.
Early results show promise. However, there are still limitations to the technology’s capabilities, raising questions about how quickly AI agents can scale in high-risk environments and what that means for workers and their jobs.
Work on threat detection
Cybersecurity platform Huntress has deployed just under 20 AI agents across its security operations center (SOC), which manages threat alerts for 240,000 customers, said Eric Stride, the company’s chief security officer.
Stride says its agents are now automating investigations that were once done manually by a 50-person SOC team. During the identity threat detection and response process, agents detect suspicious signals such as anomalous login activity or invalid inbox rules. This signal triggers the Orchestration Agent, an AI “supervisor” for task delegation, which launches 12 subagents to retrieve data, analyze activity, and identify evasion techniques.
Orchestration agents determine whether activity is malicious or benign and escalate unclear cases to human analysts. After the quality check, the system creates a draft incident report for the client.
Stride told Business Insider that the process typically takes 20 to 30 minutes manually, but can now be completed in minutes. According to Stride, the system reduces analyst workload by 90% on more than one-third of investigations and generates approximately 10,000 incident reports each month.
For analysts, this change means spending less time prioritizing alerts and more time investigating complex attacks.
“Our SOC analysts are now wearing ‘Iron Man suits’ so they can more effectively deal with adversaries,” Stride said.
Agent transitions to customer support
Mikey Pruitt, head of DNSFilter’s AI lab, said the company has launched AI agents across its customer support team of less than 10 engineers and is now handling all inbound Tier 1 tickets.
When a customer submits a ticket, agents categorize the email based on the level of complexity. Then use internal documentation to resolve day-to-day issues such as confusion about product functionality. More complex tickets are escalated to human staff.
The process takes about four minutes, Pruitt said.
While humans typically handle 35 tickets a week, agents can complete 60 requests, saving support engineers up to three hours a week, Pruitt said.
“They love it,” he said. “They don’t want to be bothered with mundane tasks.”
Where AI agents fall short
Despite early achievements, AI agents still have clear limitations.
Huntress’ Stride said agents struggle with ambiguous missions, which can lead to inconsistent or inconclusive answers. While it works well for repeatable tasks, it is less effective at identifying and stopping complex threats such as ransomware attacks. They also cannot make risky decisions without human supervision.
Pruitt said DNSFilter’s agents are limited to internal documents and can struggle without specialized knowledge. Early on, the company incorrectly advised customers to bypass their primary point of contact, a reseller partner, to resolve issues.
“That was definitely a mistake and we had to work around it,” Pruitt said.
Why companies are betting on AI agents
Still, the economics is persuasive.
Pruitt said the AI agent costs about $15,000 to $16,000 a year to run and performs the workload of two full-time support engineers.
“This one agent saves the company $200,000 a year,” Pruitt says. “Reducing headcount is definitely part of the strategy.”
As a result, Pruitt expects DNSFilter to reduce hiring of entry-level staff. As the capabilities of AI agents evolve to handle more complex support tasks, we envision a future where customer support teams transition into roles as in-house engineers or quality assurance specialists.
For now, the companies are looking at agents as a way to expand production without adding staff.
“What we’re trying to do is allow a team of about 150 people to perform as well as a team of 500 people,” Pruitt said. “We’ll get there by the end of the year.”