Agentic AI could be the savior of cybersecurity budgets

With seemingly endless cybersecurity tools available to organizations, it can be difficult to determine what to invest in—whether tried and true tools or something newer like agentic AI. But with cybersecurity budgets in flux, experts say relying on agentic AI could prove a cost-efficient way to handle threats…with some caveats.

AI can help cybersecurity workflows with everything from natural language processing and data mining to predictive analytics and machine learning, according to CrowdStrike.

Experts like Loreli Cadapan, VP of product management at software delivery solutions provider for enterprises company CloudBees, said cybersecurity applications using agentic AI can reduce friction throughout code production. While she acknowledged the approach isn’t directly reducing infrastructure spend, it reduces cost from a “developers’ toil perspective.”

“There’s a lot less context switching on the developer side, and that also allows them to spend more time on innovation, rather than the mundane task of triaging build failures…or triaging a security vulnerability,” Cadapan said.

Kara Sprague, CEO of HackerOne, said she believes it’s smart to employ agentic AI in a cybersecurity context, “because we have surpassed the point where humans can scale to the level needed for security.”

However, it’s important for IT professionals to ensure AI-supported cybersecurity has proper guardrails in place. “A lot of times, those humans are going through some sort of background check, some sort of verification, there’s organizational data and information sharing policies that that human has to comply with,” Sprague said. “We need to think about similar controls around the AI agents that we’re implementing.”

How do we solve a problem like no money? The Institute for Applied Network Security (IANS) reported that in 2025 organizations have scaled back security budgets.The average annual security budget growth dropped to its lowest point in five years at 4%—compared to 2024’s growth level of 8%.

When funding levels drop, Vidya Shankaran, field CTO of emergencing technologies at Commvault, says that a strong business case needs to be made for cybersecurity solutions.

“It’s not as straightforward as saying, my antivirus tool is called, it’s going to cost me XYZ, so I’m just going to go all guns blazing and invest in the cheapest product,” Shankaran said. “Because sometimes that may not [be] correct, probably it does not meet all the risk parameters that you’re looking to offset within your organization.”

AI, can we shift left? Cadapan said that if an IT team isn’t focused on increasing efficiency in the project timeline, it gets more expensive to fix issues from a security and compliance perspective.

“With the rise of AI, more developers are actually producing code, leveraging AI…and many other tools out there that [are] available for developers today,” Cadapan said. “Where I’m seeing and hearing from customers, from developers out there, is the shift in mindset of, ‘How can we leverage AI to reduce this friction on the code review, on the testing, all the way down to the production perspective?’”

Taking the bad with the good. Cybersecurity pros can’t really check every single sensor or detecting tool every single day (or if they did, it would take too much time). Erin McFarlane, VP of operations at Fairmarkit, suggested that agentic AI can give an organization a guard who works around the clock.

“[AI] can really give you a best-practices view of whatever it is that you’re looking at from an agentic perspective,” McFarlane said. “So much of security tends to be reactive, and that’s always been the complaint, that we’re preparing for something after it happens rather than… for sensing various signals.”

In McFarlane’s opinion, AI should increase organization budgets because it presents new risks, even as it saves IT infrastructure from bad actors.

Sprague said that those who are looking to implement agentic AI into a cybersecurity stack on a budget should examine existing tools and ensure that the enterprise is taking advantage of the full set of capabilities already available.

“I would advocate for security leaders to be doing some amount of zero-based budgeting and really to…do an assessment of where are the biggest risks across my organization, and am I invested appropriately across my security tools and practices and solutions to mitigate those risks,” Sprague said.