Agentic AI: cybersecurity’s friend or foe? (www.techradar.com)

Agentic AI — autonomous systems that learn, infer, decide and act with minimal human oversight — is rapidly reshaping the cyber threat landscape. Unlike reactive generative models, these agents can operate in real time across text, image and audio modalities, interface with email, databases and wallets, and coordinate as multi-agent ecosystems to automate phishing, impersonation, zero‑day social engineering and credential theft. Practical threats are already emerging: AI-driven credential stuffing that mimics human typing and mouse patterns to evade CAPTCHAs and fraud detection, and commercially available PhaaS/FaaS kits (EvilProxy, Tycoon 2FA, Mamba) that include AI‑assisted AiTM MFA bypasses. Industry signals are worrying — one in four CISOs report experiencing AI-generated attacks, and many organizations plan to deploy agents soon — meaning attackers can scale fraud and exploitation faster than ever. The upside is defenders can also use agentic agents for threat hunting, rapid vulnerability scanning, real‑time mitigation and compliance monitoring, potentially cutting detection and response times dramatically. But safe adoption requires governance: human‑in‑the‑loop controls, sandboxing, clear role definitions, high‑quality data, and multi‑agent defender frameworks that create feedback loops to validate actions. CISOs must balance cautious, risk‑based rollouts and continuous testing to prevent misalignment or data leakage. If implemented with rigorous controls and hybrid human–machine workflows, Agentic AI could become a force multiplier for security — otherwise it risks becoming the attacker’s most potent teammate.