A lot is being thrown around right now about agentic systems, AI agents, autonomous SOCs, and everything in between. Vendors are hyping capabilities – some that are here and now and many more that are far off in the future. Many of the clients I work with are confused about which capabilities are real now and what will come down the road. 

Read below for a breakdown of common questions we get about generative AI To bring a little clarity to a confusing topic.

What is generative AI? 

Generative AI (or genAI) is a type of artificial intelligence that is incredibly good at identifying the next most likely token in a complex sequence. This is one reason why it handles human language so well, and why other, earlier iterations of machine learning did not; human language is extremely complex. It can mimic the qualities of its training data, and most of the most popular models on the market are trained on a LOT of human language.  

In security tools, we see three common use cases for generative AI: 

  1. Content creation (creating incident summaries, converting query languages) 
  2. Knowledge articulation (chatbots for threat research, product documentation) 
  3. Behavior modeling (triage and investigation agents) 

What are genAI chatbots most useful for in security? 

AI chatbots like Claude, Gemini, ChatGPT (or the security equivalents like Security Copilot, Gemini, Charlotte, and Purple AI) are powered by large language models and are able to respond to open-ended questions, create nuanced language, provide contextually aware replies, and adapt to topics – especially security topics – without needing explicit programming for each scenario.  

While this is novel and unique, we find that practitioners just don’t use it that often. When they do, it’s especially useful for asking questions about product documentation or doing research on particular threats or vulnerabilities.  Outside of this, however, there’s not often a lot of reason to go to the chatbot, so it doesn’t get used.  

What is considered table stakes for genAI capabilities in security tools? 

Outside of the chatbot use case, there are a few common ways genAI is implemented in security tools today; in most cases, they are directly integrated into the analyst experience. Most often, this looks like:  

  • Summarization: Providing a summary of alerts, vulnerabilities, and risks. 
  • Report writing: Writing up reports on threat intelligence, incidents, the latest risks, etc. 
  • Code writing: Generating patches, exploits, queries, or other code.  
  • Script analysis: Understanding and explaining code or a script.  
  • Language translation: Translating between natural languages, query languages, or code. 

What are AI agents used for in security? 

The past year and a half was a true step-change in genAI use cases for security. The introduction of AI agents, particularly for triage and investigation, is paving the way for major changes to how practitioners work.  

AI agents are narrowly focused tools that follow strict instructions to carry out specific tasks. The agent is limited in what it can do, and it reacts to defined triggers, like receiving a specific alert or indicator of compromise to evaluate.  

It’s very important to note that invoking AI in a function is not the same thing as an AI agent. For example, if a vendor has a feature in their product that builds an incident summary using generative AI, that is not necessarily an AI agent. It could simply be an invocation of an LLM in a particular function. The specific focus, task, its ability to manage state (AKA, perform multiple steps while maintaining memory), and encapsulation is what makes an AI agent differentiated from an invocation in a function.  

There are many examples of AI agents on the market today, like those from CrowdStrike, ReliaQuest, Intezer, and Red Canary, among others. These AI agents are task agents – they accomplish specific tasks, often within the incident response process.  Task agents are very good at doing one particular thing because they are trained on specific data and are given a series of prompts that are tested and validated to ensure that they accomplish the correct task each time. For example, a triage agent for phishing may have built-in prompts that tell it to evaluate any email it is provided by extracting all IOCs, checking them for reputation, and then providing a verdict and summary of its findings. Through thorough training, rigorous testing, and iterative improvement of the prompts used, early data shows that triage agents like these have been very successful at resolving false positives automatically (in specific cases). 

Importantly, the combination of use case (triage, investigation, etc.) AND domain-specific (endpoint, identity, email, etc.) task agents must come before trying to solve bigger problems like building an AI that can complete the entire incident response lifecycle. It’s a lot like the transition we faced when moving to the cloud…instead of building a monolith, building microservices resulted in a more scalable, reliable, and accurate result. Similarly, task agents that are specific to the use case they accomplish and domain they are built for result in better outcomes.  

This also leads us to the next phase: agentic. 

What is agentic AI used for in security tools? 

Agentic AI is a system of AI task agents working and communicating together to accomplish a broader goal. The agents communicate via agent-to-agent communications.  

An agentic system for security operations could look like a combination of triage agents, investigation agents, and response agents.  For example, an agentic system could orchestrate a phishing triage agent to validate a true positive phishing attack, then work with an endpoint triage agent and an endpoint investigation agent to verify that the phishing attack landed on an endpoint and escalated privileges.  From there, the agents can provide context to a endpoint response agent, which will then provide the analyst with all the information they need to make an informed decision for response. 

Don’t trust the hype: this is a work in progress and far from ready today 

While agentic systems may sound like a panacea, right now, security tools are not able to do this across use cases and domains. Most are limited to a handful of use cases and a handful of domains (if that!), and many of these capabilities are not generally available.  

Even those that do still have limitations. Getting the right data at the right time to do triage and investigation well is still difficult. Getting MCP servers to work together well and securely is difficult – and that is far from seamless. Beyond that, ensuring AI agents deliver trusted and accurate output consistently is not a solved problem – it is very difficult to ensure the quality of a non-deterministic system at scale.  

Over the next few months, we will be releasing a series of reports and blogs on how to evaluate genAI capabilities in security tools and where the market is headed. Stay tuned! 

Connect with me

Or, if you’re a Forrester client, schedule an inquiry or guidance session with me to get your questions answered.  

Join us at Forrester’s Security & Risk Summit from November 5–7. I’ll be leading a certification workshop on protecting your organization with genAI and presenting track sessions on use of AI agents in security operations. Check out the full agenda to learn more about other sessions on securing genAI, Zero Trust, GRC, AppSec, and many more topics.