Agentic artificial intelligence services – those that are designed to act with more autonomy than their generative or predictive AI forebears – drew a mixed reception today from lawmakers and witnesses who talked about the advantages of the latest AI flavor along with cybersecurity concerns during a hearing held by the House Homeland Security Committee’s Cybersecurity and Infrastructure Protection Subcommittee.
While the use of agentic AI is not nearly as widespread as that of generative and predictive AI systems, the consensus among hearing witnesses was that agentic AI is coming along quickly with its own use cases for cybersecurity in particular.
“Gen AI was always just … a helper,” Gareth Maclachlan, chief product officer at cybersecurity company Trellix, told lawmakers.
He explained that agentic AI has been assisting Trellix in streamlining security operations, and said the technology can “go find the evidence, run a series of investigative steps built from our own knowledge of what are the typical things to run a certain case and be able to present to that analyst [with] the set of what’s happened – here’s the evidence.”
Agentic AI helps to fill the gaps for individual users on things they may have not previously seen, Maclachlan explained, and said he uses agentic AI to “debate amongst itself and take different perspectives” to find the best conclusion to a problem.
Jonathan Dambrot, CEO of Cranium AI, told lawmakers that agentic AI also poses a significant threat via introduction of “a new and complex class of security risks.”
“A compromised or maliciously directed AI agent could autonomously conduct cyber operations at machine speed,” said Dambrot. He emphasized that security must be embedded throughout AI agents’ lifecycles.
“Relying on AI to stop AI is not a viable defense strategy,” Dambrot warned. “The threat of AI-enabled attacks necessitates layered in-depth and proactive defenses. Our best response is to double down … we need to be proactive and forward looking.”
That means using existing frameworks for secure-by-design tech development and applying them effectively for agentic AI systems, said Kiran Chinnagangannagari, chief product and technology officer at cybersecurity company Securin, in response to a question from subcommittee chairman Rep. Andrew Garbarino, R-N.Y., who referred to agentic AI as “the newest frontier.”
Another regulatory consideration for Congress includes putting more and better “technical” guidelines in place as industry begins using agentic AI more extensively, Maclachlan said.
Steve Faehl, federal security chief technology officer at Microsoft, told lawmakers that there needs to be “a lot of testing” run on agentic models and applications to look at “the model risks and biases that they are going to be introducing.”