It took just a few years for generative AI tools such as ChatGPT to become ubiquitous in business and it’s easy to see why. Generative AI has brought measurable benefits in terms of productivity, efficiency and speed.
As we enter 2026, however, there’s a new kind of AI that’s the focus of business and security attention: Agentic AI. And agentic AI will deliver a far deeper transformation.
Principal Consulting Architect XDR for EMEA at Barracuda Networks.
Agentic AI is adaptive, automated and independent intelligence, capable of setting objectives, making real-time decisions and then adjusting its behavior. AI agents function as digital operators, gathering data, learning from their environments and executing complex tasks with minimal human input.
These capabilities are as compelling for cyberattackers as they are for defenders.
The new threat landscape
AI agents can be used by cyberattackers to run an entire campaign end to end. A malicious AI operator will conduct reconnaissance, gather the required data, design highly convincing lures, test intrusion paths, observe how defenses react, then adjust its tactics and timing in real time.
Coupled with specialized criminal platforms, it will analyze massive volumes of data to automatically identify vulnerabilities to exploit, while generating polymorphic malware able to rewrite its own code to evade signature based and behavioral detection.
These advanced tools will feel like a coordinated brain that strings steps together, learns from each obstacle and blends into normal activity.
Cyberthreats will also target benign AI agents used by organizations.
For example, AI agents are designed to work together towards a specific objective, with minimal or no human supervision. It may soon be possible for attackers to hijack or poison such agent-to-agent interactions, with the attackers controlling what the chain of agents does next.
The lack of humans in the loop could delay detection and mitigation.
In other words, with the rise of agentic AI, defenders should expect new attack types and tactics that don’t look like anything they’ve seen before and which may be hard to explain after the fact. The attack surface keeps expanding, creating both known and unknown gaps, and zero-day exploitation will rise.
The new business landscape
Within organizations, agentic AI can drive improvements in productivity and decision-making. Working as intelligent assistants or semi-autonomous team members, AI agents can manage repetitive administrative tasks, oversee workflows and deliver real-time insights from vast datasets.
The agent can plan, experiment, and revise its approach based on feedback, making it highly versatile and effective. In cybersecurity, agentic AI can handle software updates, monitor network health, and coordinate incident responses in IT operations, or autonomously track transactions for anomalies in finance to reduce fraud risks.
Integrated into security operations centers (SOCs), AI agents will be able to take over a large share of administrative tasks and security system management, freeing up time for threat hunting, research and detection engineering.
This will make it easier for security analysts to capture sophisticated attacks while reducing alert fatigue and false positives – building a safer, more cyber resilient environment.
The new defense needs
It will become essential for organizations to have dedicated security measures for agentic AI-based tools. Traditional defense mechanisms, such as static signatures and firewall rules may struggle to keep pace with the speed and adaptability of AI-driven threats. Security systems need to evolve as a matter of urgency.
The following list of new or enhanced security measures may be a good place to start:
- Implement behavior-driven AI defenses: Use AI-powered detection tools that learn normal behavioral patterns and identify anomalies in real time. Customize and continually refine these solutions.
- Build security around a unified platform with end-to-end visibility: Integrate security across identities, endpoints, SaaS, cloud, email, and network traffic for comprehensive monitoring and rapid threat detection.
- Keep humans in the loop: Ensure humans remain involved in critical decision-making, investigation, and response. AI should support, not replace, skilled professionals.
- Strengthen controls for AI: Treat each AI agent as an individual entity with its own identity and access privileges. Apply zero-trust principles to AI agents and require verification for every action.
- Secure agent-led communications: Authenticate, encrypt, and log all interactions between agents and users to detect and prevent tampering or poisoning attacks.
- Develop the next generation of business leaders: Equip managers with skills in AI management, data analytics, and natural language processing to ensure responsible integration of AI agents.
- Align with regulatory standards: Follow frameworks like the NIST AI Risk Management Framework for compliance and robust risk mitigation.
Conclusion
As agentic AI matures, the real shift won’t just be faster automation but a world where digital agents quietly negotiate, collaborate and even compete on our behalf.
We are moving toward an ecosystem where human decisions are increasingly shaped by conversations between machines that we never see, including security agents, fraud agents, productivity agents, and even malicious agents.
AI is no longer a future concept; it’s already here, and we need to embrace this era thoughtfully rather than pretend we can opt out.
I’m increasingly concerned about organizations that don’t start using AI to protect themselves: if attackers adopt agentic AI while defenders remain purely manual, the gap will grow into a systemic disadvantage.
The future of cybersecurity will be defined by how well we understand, govern and align these invisible AI-to-AI interactions with human values, not just by how quickly we block the next threat.
We've featured the best encryption software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.