As cyber threats become increasingly sophisticated, security firms are grappling with an expanding workload while facing difficulties in hiring qualified analysts. To address these challenges, some companies are integrating a new type of workforce: AI agents. Unlike generative AI tools such as ChatGPT, which depend on user prompts, AI agents are designated for specific roles and trained to carry out multi-step workflows.
The trend towards agentic workflows is gaining traction. A 2025 McKinsey survey revealed that 62% of organizations are experimenting with AI agents. This shift is also evident in the cybersecurity sector; research from ISC2 indicates that 30% of professionals have begun incorporating AI security tools into their operations. Many of these systems are evolving into agent-like tools capable of executing multi-step tasks that were previously the responsibility of human analysts.
As cybersecurity firms implement these systems, early results appear promising. However, the technology’s current limitations raise concerns about the speed at which AI agents can scale in high-stakes environments and the implications for the workforce.
Taking on threat detection
Huntress, a cybersecurity platform, has deployed nearly 20 AI agents within its security operations center (SOC), which manages threat alerts for 240,000 customers, according to Chief Security Officer Eric Stride. These agents automate investigations that were manually conducted by its 50-person SOC team. In one such process, the agents detect suspicious signals like unusual login activity, triggering an orchestration agent to delegate tasks and launch 12 sub-agents that gather data, analyze activity, and identify evasion techniques.
The orchestration agent assesses whether the activity is malicious or benign, escalating ambiguous cases to a human analyst. After a quality control check, the system generates an incident report for the client. Stride noted that what typically takes 20 to 30 minutes manually can now be completed in mere minutes. The system has reportedly reduced analyst workload by 90% for over a third of investigations, generating approximately 10,000 incident reports each month. This transition allows analysts to devote more time to investigating complex attacks. “Our SOC analysts now have their ‘Iron Man suit’ to be more effective against the adversary,” Stride remarked.
Agents move into customer support
DNSFilter is also leveraging AI agents, having launched one within its customer support team, which consists of fewer than 10 engineers. The AI agent now manages all inbound Tier 1 tickets. Upon receiving a customer ticket, it categorizes the email based on complexity and resolves routine issues using internal documentation. More complex queries are escalated to human staff. According to head of AI labs Mikey Pruitt, this process typically takes around four minutes.
While a human support engineer typically handles 35 tickets per week, the AI agent can resolve 60 requests, saving support engineers up to three hours each week. “They love it,” Pruitt said. “They don’t want to be bothered by mundane tasks.”
Despite these early gains, AI agents still face notable limitations. At Huntress, Stride acknowledged that agents struggle with vague tasks and sometimes produce inconsistent or inconclusive responses. They excel at repeatable tasks but are less effective at tackling complex threats like ransomware attacks and cannot make high-risk decisions without human oversight. Similarly, Pruitt admitted that the DNSFilter agent relies heavily on internal documentation and can falter with specialized knowledge, having previously advised a customer to bypass a reseller partner, which was a significant misstep.
Nonetheless, the economic rationale for adopting AI agents remains compelling. Pruitt revealed that deploying an AI agent costs about $15,000 to $16,000 annually, performing the workload of two full-time support engineers. “We’re saving the company $200,000 a year by deploying this one agent,” he said, adding that this strategy includes reducing the hiring of entry-level staff. As the agent’s capabilities improve to handle more complex support tasks, Pruitt envisions a future where customer support roles transition into engineering or quality assurance positions.
For the time being, both companies view AI agents as a means to scale operations without increasing headcount. “What we are trying to do is make our team of about 150 perform like a team of 500,” Pruitt stated. “By the end of the year, we’ll get there.”
See also
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
Anthropic Reports AI-Driven Cyberattack Linked to Chinese Espionage
Quantum Computing Threatens Current Cryptography, Experts Seek Solutions
Anthropic’s Claude AI exploited in significant cyber-espionage operation
AI Poisoning Attacks Surge 40%: Businesses Face Growing Cybersecurity Risks
