Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • The Security Leadership Issue
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityLogical SecuritySecurity Education & Training

The future of security operations depends on AI agents, not LLMs

By Ambuj Kumar
AI

Immo Wegmann via Unsplash

March 24, 2025

What are AI agents?

“Is it an Agent, or just a Program?” is a widely cited paper which has seen more than 5,000 citations, highlighting the complexity of this intuitive question. Stuart Russell and Peter Norvig, in their well-regarded AI textbook titled “Artificial Intelligence: A Modern Approach,” define an agent as “anything that can be viewed as perceiving its environment through sensors and acting upon that environment through actuators.” For example, a wall thermostat measures the environment temperature and turns on the heat when the temperature drops below a set value. Unlike programs, agents exhibit autonomy when interacting with their environment, using actions to achieve established goals. 

The terms agent, action and environment related to AI agents are also key to an important field of machine learning (ML) called reinforcement learning (RL). RL agents learn to optimize actions in an environment to achieve a goal. Challenged with a metric to optimize, RL agents evaluate their environment and often discover strategies that prove better than human approaches, sometimes sacrificing short-term rewards for long-term gains.

For example, RL together with deep learning has led to breakthroughs such as AlphaGo. AlphaGo defeated the human world champion in a game called Go, which has a substantially larger action space than chess. AlphaGo won by using techniques such as Monte Carlo Tree Search (MCTS) to explore sequences of actions and predict those most likely to win, without needing exhaustive search. 

Large language models (LLMs) also benefit from RL. For example, RL from human feedback (RLHF) helps align LLM outputs with human expectations. In addition, recent advances that use MCTS-like techniques can solve multiple solutions to math and coding problems with verifiable answers.

Stand-alone LLMs are generally considered as programs, even though they use agentic elements during training. Certain LLM architectures can be made deterministic by adjusting parameters, and the variability in outputs often results from artificial inputs or system factors such as batch processing on distributed systems. While LLMs lack true autonomy and learning, it can be argued they “learn” by being continuously retrained on new data and refined by user feedback. However, the point when LLMs can be connected to digital environments to track user behavior and adjust outputs to optimize metrics still seems a ways off, but not unreachable.

AI agents fixes for LLMs shortcomings

There are three inherent features of LLMs which result in shortcomings when used in stand-alone mode. However, AI agents can improve performance of these applications, particularly as they relate to security operations.

Sequential generation problems for LLMs

LLMs are limited by the way they generate responses. LLMs answer word-by-word (or token-by-token), with each word influenced by previous ones. If an LLM begins to hallucinate, it continues to build on this incorrect information until the end of its response. LLMs don’t truly “understand” their outputs, they simply predict the most probable next word. Contextual confusion is inevitable, particularly when words have different meanings in different fields. Unlike AI agents, LLMs cannot pause and correct themselves, so it’s important to restart or edit earlier parts of a conversation rather than continuing a faulty response.

AI agents on the other hand can work in pairs. While one generates an answer, the other validates its accuracy, regenerating content if hallucinations occur. The same LLM can be used under the hood to handle both roles, but from a human perspective it’s easier to model this as a pair of specialized agents. Optionally, different agents can use different LLMs to yield performance, latency and cost benefits. For example, a security summarizer AI agent could use a more simple and cost-effective architecture fine-tuned for the task.

LLM limited reasoning capabilities

Another problem with LLMs is they often go straight to a solution, often skipping steps. Users typically want concise answers, and the cost per token encourages brevity, but this approach can reduce the quality of the output.

Numerous studies show that asking LLMs to think step-by-step (chain of thought) significantly improves performance in answering logical questions. Some LLMs employ “scratch space” or memory tokens to track intermediate results or list pros and cons before giving a final input. But how much control one has over LLM outputs can be significantly affected by AI agentic flow. For example, an AI agent might prompt the generation-validation team to explore multiple perspectives, record intermediate steps, and assess progress. This approach is particularly valuable when LLMs struggle with problems that require iterative exploration, such as a security investigation, which does not have a well-defined path, since agents can interact with the environment using tools like a computer terminal or vision-language models and quickly test multiple strategies. This mirrors RL’s approach to optimizing actions.

Limited relevant knowledge and planning capabilities for LLMs

LLMs struggle to answer questions about data that was unavailable during their training. As a result, they often rely on retrieval-augmented generation (RAG), where they fetch external data and add it to the input question. AI agents, on the other hand, enhance RAG systems by validating and filtering relevant documents and providing multiple perspectives on the environment, including using graph-based approaches. AI agents are also more flexible than LLMs in constructing knowledge graphs from collections of unnormalized documents. AI Agents are advantageous in simplifying planning (which has proven challenging for LLMs) and breaking down complex tasks, leaving the smaller, more manageable subtasks to LLM agents.

AI agents in security operations 

Security operations, or SecOps, is an umbrella term for teams more popularly known as the SOC, NOC, AppSec, GRC, IAM operations, Threat Hunters, and a long tail of niche areas. These teams work 24/7 to keep their organizations secure by investigating and responding to security alerts, disrupting threat actors, patching vulnerabilities, conducting security training and reviews, assessing 3rd party risk, answering customers’ security questionnaires, etc. 

Traditional approaches to automation have had limited success in this area because security decisions need organizational context that is only in people’s heads and never written down, or is written in unstructured documents. In addition, the security landscape evolves rapidly, so decisions need to involve correlating and pattern matching across diverse data points in real time. Due to the limits of traditional automation, security operations has been heavily manual. But it is not easy to find trained SecOps personnel either, so organizations are caught between a rock and a hard place.

Enter AI agents. There are many SecOps tasks that AI agents are beginning to take on today. Some examples include triaging alerts like a SOC Analyst, behavior-based hunting for threat actors like a Threat Hunter, answering security questionnaires, and assessing vendor risk. As LLM generation costs decrease and speed improves, it will become feasible to have network environments where blue and red agent teams continuously hone their skills. Blue team AI agents could become ubiquitous and able to deliver cost-effective defense against increasingly complex red team attacks. Agentic flows will continue to enhance red teaming, particularly in areas such as jailbreaking, since regulations scrutinize offensive uses of LLMs. Security experts leveraging insights from blue team AI agents across multiple environments will be invaluable, especially as agentic tool risks diminish individual knowledge due to ease of use.

The potential of AI in security operations

GenAI has tremendous potential in automating laborious security operations. However, it takes expertise to get predictable results and contain the risks. The most promising path forward is AI agents built by security experts that use LLMs internally. Agents are not just an interesting technology, they are rapidly becoming a critical necessity in security operations because as the rate and complexity of attacks continues to rise rapidly and staffing remains limited, AI agents are the only way to close the gap. Security operations teams would be wise to evaluate and pilot AI agents in 2025. 

KEYWORDS: artificial intelligence (AI) security operations Security Operations Center (SOC)

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Ambuj kumar headshot

Ambuj Kumar is CEO and Co-Founder of Simbian. Image courtesy of Kumar

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Fountain pen

Trump Administration Executive Order Changes Cybersecurity Policy

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Colorful text on black screen

    The modern security operations center: Shaping the future of SOCs

    See More
  • cctv-geefac66e5_1920.jpg

    Why AI CCTV is the future of security and surveillance in public spaces

    See More
  • Lifeline Speedlane Vision_SFX Images_2880 x 1620px

    The future of AI integration with secured entrances

    See More

Related Products

See More Products
  • 9780367030407.jpg

    National Security, Personal Privacy and the Law

  • databasehacker

    The Database Hacker's Handboo

See More Products

Events

View AllSubmit An Event
  • December 12, 2024

    AI-Powered Security: Empowering Teams and Protecting Your Future

    ON DEMAND: Discover how artificial intelligence is revolutionizing modern security practices in this webinar “AI-Powered Security: Empowering Your Team, Protecting Your Future.”
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!