As threats become more sophisticated, agent AI will help cybersecurity teams work smarter by handling mundane tasks and helping junior analysts level up faster.
In cybersecurity, the narrative around artificial intelligence (AI) is shifting from replacing jobs to redefining jobs. Industry leaders believe that the real value of AI lies not in replacing analysts, but in empowering them to handle data-intensive tasks at a scale that human teams cannot match.
Mandy Andress, Chief Information Security Officer (CISO) at Elastic, argues that AI will create new AI-enabled roles. At the same time, experienced professionals can manage AI-enhanced teams to strengthen an organization’s cybersecurity posture as talent shortages continue.
Agent as an agent that amplifies power
Cyber security teams are now moving towards real-time cyber defense, monitoring systems around the clock to discover and respond to threats as they occur.
To do this effectively, many organizations use something called micro-threat modeling. This essentially means keeping a close eye on small changes to your digital infrastructure, whether it’s program code or server configuration.
Modern IT systems run on many layers of hardware and software, so it can be difficult to determine whether an event or sudden change is a genuine threat or just a harmless glitch. This wears down cyber security teams’ vigilance and ultimately allows hackers to gain entry.
That’s where “agent AI is a game changer,” Andres explains.
“Organizations can go a step further with agent AI, where collections of agents autonomously perform specific roles, such as parsing large data sets or log files, allowing junior analysts to move up the value chain faster,” says Andres.
AI agents can sift through thousands of logs (with perhaps only 10 potentially indicating an actual attack) and aggregate important alerts into a single dashboard. This reduces alert fatigue and frees analysts from the tedious task of retrieving information from disparate systems.
Unlike older systems that only rely on detection, the new wave of agent AI can understand the context of an attack, make decisions, and take immediate action to contain it.
Instead of a team of senior experts constantly monitoring every system change, junior analysts can now work with AI agents to discover, investigate, and escalate potential threats early.
Junior analysts can use this free time to learn from AI analytics insights, identify patterns in vast amounts of data, and find potential loopholes and hacker tracks. This technology can manage time-consuming tasks, allowing new employees to fill roles that previously required more experienced analysts.
context is key
For AI agents to operate autonomously and reliably, they need the right information at the right time, a practice known as context engineering.
Relevance is at the heart of context engineering, and this requires a search platform that can find relationships across an organization’s private data, which is often messy, multifaceted, and fragmented across systems.
Unified search platforms such as Elasticsearch are essential for context engineering. It provides the core search, orchestration, and governance capabilities needed to achieve relevance at scale.
This foundation ensures that “security agents” can provide security insights and take trusted actions.
Will AI take away jobs?
One can’t help but wonder what will happen to human experts as these AI systems become smarter and take on more complex tasks.
Andres is optimistic that cyber security will continue to grow and that there will be a need for professionals to join the field, especially given the increasing number of threats, including those generated by AI.
“When I first entered the security industry in the late 1990s, CISOs didn’t exist,” she recalls. “Look at how big the industry has become.”
With the disruption caused by AI, there is much for everyone, both experienced and new cybersecurity professionals, to learn so that AI can add value to what it is already automating.
“Acknowledge that you won’t always be an expert, and approach things like a beginner,” she emphasizes. “You will be most successful in your transition if you are a leader in change and help others.”
Learn how Elastic can help manage your organization’s cybersecurity needs.
