Agentic AI—it’s the hot new thing in the tech space and drove much of the conversation at RSAC in April. But with the promise of technology comes, predictably, more threats, and an expanded threat surface.
IT Brew was on the show floor at RSAC and we talked to industry leaders about the potential of agentic AI and the possibility that its adoption could introduce new problems, as well as solutions.
Clarity on topic. For those unfamiliar, agentic AI is a deployment of generative AI wherein LLMs are used to interact with users as “agents” and make autonomous decisions within a limited framework. The effect can seem like AI agents acting on their own, though there is some amount of human oversight.
But in order to ensure the information is monitored safely and that the agents push out the right data, vigilance is crucial. CrowdStrike Field CTO for the Americas Cristian Rodriguez told IT Brew that in his view, the need for an overall visibility strategy over the information involved is key to ensuring agentic AI avoids external manipulation.
“Data governance, data protection, visibility, IAM assessments are all really part of that strategy to ensure that someone’s not taking advantage of an agentic model,” Rodriguez said.
CrowdStrike works with companies like Nvidia, the full-stack AI provider that’s become famous for its chips. Nvidia is keenly interested in the capabilities of agentic AI, CSO David Reber told us, “whether that’s from new detection techniques, to agentic workflows for the SOC, to agentic workflows for automated pen testing, to just incident response capabilities.”
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
“If we have to bake anything into the stack to help them mitigate those into the future, we will do that,” Reber said. “We also collaborate with a lot of industry peers, sharing information on threats, sharing things that are happening.”
Leaderboard. All that assistance is helpful, but it doesn’t change the fact that agentic AI, simply by existing as a new factor in the stack, presents an expansion of the threat surface. RSA CEO Rohit Ghai was clear about the danger, telling IT Brew that it could be a “game changer” for attackers and part of a “polymorphic threat”—that is, a threat that shifts and moves rather than stays static.
“Agentic AI will be very polymorphic, very shifty, and as such, our defenses need to evolve to tackle that new ilk of threat,” Ghai said.
Still, he added, the tech could be deployed for the benefit of defenders by managing identity.
“AI as an attacker, AI as a defender, and then AI as an attack surface,” Ghai said. “Those are kind of the three dimensions of AI that we need to be thinking about.”