Cloud Intrusions on the Rise: The Evolution of Agentic AI in Cybersecurity

Recent reports reveal a sharp increase in cloud intrusions, with a 136% rise in the past six months alone. North Korean operatives have successfully infiltrated 320 companies using AI-generated identities, showcasing the growing sophistication of cyber threats. Scattered Spider, a notorious cybercriminal group, has also stepped up its game by deploying ransomware in under 24 hours. However, the security industry has responded with a game-changing solution: agentic AI, delivering tangible results rather than mere promises.

CrowdStrike’s latest discovery of 28 North Korean operatives posing as remote IT workers within various organizations highlights the practical application of agentic AI in threat detection. At Black Hat 2025, industry players showcased the effectiveness of agentic AI in enhancing security operations, focusing on operational readiness and tangible outcomes over theoretical claims.

Security experts interviewed at Black Hat emphasized the efficiency gains achieved through agentic AI, with the ability to process more alerts and improve threat detection rates. The shift towards real-world outcomes marks a significant turning point in the cybersecurity landscape.

The Rise of Agentic AI in Cybersecurity

Black Hat 2025 was dominated by discussions around agentic AI, with a focus on how attackers exploit vulnerabilities in AI systems. Vendors unveiled a plethora of new agentic AI applications, platforms, and services, signaling a shift towards tangible results over empty promises.

Leading cybersecurity companies like CrowdStrike, Microsoft Security, Palo Alto Networks, and Cisco showcased their agentic AI capabilities, demonstrating how these technologies are transforming security operations. Cisco’s release of Foundation-sec-8B-Instruct, an open-source conversational AI model for cybersecurity, marked a significant milestone in the industry.

SentinelOne highlighted the predictive capabilities of its Purple AI, which goes beyond investigation to proactively anticipate adversary moves based on behavioral patterns. The industry is witnessing a shift from AI’s potential to its actual impact on security operations.

The North Korean Threat: A Game Changer

North Korean threat actors, particularly FAMOUS CHOLLIMA operatives, have significantly escalated their activities, infiltrating over 320 companies in the past year. These operatives leverage AI throughout their operations, from creating fake identities to performing tasks within organizations.

The sophisticated infrastructure supporting these operations extends beyond borders, with facilitators maintaining multiple laptops for remote access. CrowdStrike’s data reveals the extent of the threat, with a substantial increase in malicious insiders using AI-enhanced tactics to evade detection.

The Human Element in Cybersecurity

While agentic AI offers advanced capabilities, the consensus among vendors is that human analysts remain essential. Vendors like Splunk emphasize the collaboration between humans and AI, where AI serves as a force multiplier for analysts, handling routine tasks while humans handle complex decisions.

Competition and Collaboration in the Cybersecurity Space

Competition among cybersecurity vendors has shifted from features to results, with a focus on reasoning engines, action frameworks, and learning systems that continuously improve based on outcomes. Vendors are aligning on the need for operational excellence and autonomous response capabilities.

Google Cloud Security’s Chronicle SOAR exemplifies this shift, introducing an agentic mode that automates investigation processes and presents analysts with comprehensive packages. Industry giants like IBM and Microsoft are also incorporating autonomous investigation capabilities into their offerings, signaling a convergence towards operational excellence.

The Future of AI in Cybersecurity

Looking ahead, cybersecurity professionals anticipate AI-driven attacks to pose a significant threat across various surfaces. The industry is witnessing a rapid evolution in AI-powered attacks, necessitating a proactive approach to cybersecurity.

Despite the advancements in AI technology, the human element remains crucial in cybersecurity operations. Vendors are focusing on enhancing human-machine collaboration to maximize the effectiveness of agentic AI in threat detection and response.

As the cybersecurity landscape continues to evolve, organizations must adapt to the changing threat landscape and leverage advanced technologies like agentic AI to safeguard their assets and data.