Originally published in Cyber Defense Magazine’s June edition page 190.
Cybersecurity has entered a new acceleration cycle, and models like Anthropic’s Mythos are warning shots for defenders. AI is shortening the path from vulnerability discovery to exploitability, compressing a timeline that security teams were already struggling to manage.
In enterprise environments, the natural response is to deploy defensive agents of our own: agents that can triage faster, prioritize better, remediate, and close exposures before attackers can move. But the goal should not be to simply build agents that act autonomously. The goal is to build agents that act safely inside the messy reality of the enterprise.
In a demonstration, remediation may look straightforward. Find the vulnerability. Prioritize it. Patch it. Verify the fix. But in a real enterprise, every one of those steps is shaped by ownership, uptime, crossteam dependencies, maintenance windows, compensating controls, and exceptions that may never appear in the system of record. This is the real challenge for defensive agents. They can follow the rule and still make the wrong decision.
Security decisions need business context
Consider a security agent monitoring a customer-facing payment service. It detects a critical vulnerability. The company policy states that the issue must be remediated with a strict window. The asset is internet-facing, and the exploitability is high. The agent has clear instructions, a measurable risk, and a clock that is already running.
From the agent’s point of view, the answer looks obvious: patch it. But the business context may be less obvious. The service may be entering peak transaction volume. The database team may be in a change freeze. A legacy dependency may turn a standard patch into a complex coordinated change. A compensating control may reduce the practical risk long enough to wait for a safer window.
From a security policy perspective, patching was the right thing to do. However, from a business perspective, it may have just caused an outage during peak transaction volume.
The vulnerability still matters, but the remediation decision is not only a security decision, it’s also an operational, business, and ultimately an accountability decision.
This is why the next generation of security agents needs to be judged differently. Full autonomy sounds attractive because security teams are overloaded, and speed matters. But the question is not only whether an agent can detect, decide, and act. The better question is: where should it execute, where should it coordinate, and where should it stop and ask for judgment?
The hardest security decisions rely on knowledge that was never written down
Distinction matters because enterprise security work is full of decisions that are not purely technical. Exposure management is not just a severity score, and remediation is not just patch deployment. A remediation decision is a judgment about timing, ownership, cross-team dependencies, and business impact – whether the technically correct action is safe in the current business moment.
Much of the knowledge behind that judgment is explicit but scattered. It lives in policies, asset inventories, CMDBs, tickets, and Slack conversations. Each source is useful, but each is partial. No single system contains the whole truth, and by the time that truth is normalized into a single view, some of its operational meaning may already be stale.
Some of the most important knowledge is practical and unwritten. This is tacit knowledge: the judgment people use every day but cannot fully turn into rules, tickets, or policy documents. In cybersecurity, it is the difference between knowing what the dashboard says and what the environment will actually tolerate.
This isn’t an argument for slowing everything down. Defensive agents are necessary precisely because human-paced workflows are no longer enough. Agents should enrich findings, map exposures, identify likely owners, open tickets, coordinate responses, recommend remediation paths, and verify completion. The agent should remove as much manual friction as possible.
The right Agentic AI model is controlled autonomy, not blind autonomy
When the path is clear, the agent should move. If the asset is low-risk, the owner is known, the remediation is standard, and no conflicting signal appears, execution should not wait for another approval meeting. In those cases, automation is not only efficient; it is safer than a delay.
But when signals collide, the agent should behave differently. If the security policy says “patch now,” business policy says, “no downtime,” the asset owner is uncertain, and the dependency map suggests possible downstream impact, the agent should not guess. It should escalate intelligently.
The quality of that escalation is the difference between useful automation and a new source of noise.
A weak escalation says, “What should I do?” that simply hands the problem back to a human and forces the expert to reconstruct the context from scratch. A strong escalation arrives as a briefing: what changed, what is exposed, which signals conflict, what options exist, and what remains uncertain.
The human then does what humans are still uniquely responsible for in enterprise environments: applying judgment under ambiguity and accepting accountability for the tradeoff.
This is where many agentic security programs will succeed or fail. Autonomy without escalation becomes overconfidence. Escalation without context becomes noise. The value is in designing systems that know the difference.
For cybersecurity executives, this changes how agent maturity should be measured. The question is not only “How autonomous is it?” because autonomy by itself is a blunt metric. The better questions are: what decisions is the agent allowed to make, when does it escalate, and who remains accountable when the action affects the business?
In the age of Mythos-class vulnerability discovery, speed is no longer optional. Defenders need agents that can operate at machine scale, but speed without context becomes a new kind of exposure.
The best security AI agents will not be the ones that pretend to know everything. They will be the ones that move fast when the path is clear, slow down when context is missing, and bring human judgment into the decision before a security win becomes a business loss.
