The era of passive artificial intelligence (AI) is giving way to a new wave of agentic AI systems, which are designed to think, plan, and act autonomously. This shift is particularly significant in the field of cybersecurity, where AI has traditionally been limited to detecting malicious activities and anomalies. Now, agentic systems are automating many of the repetitive, time-consuming tasks performed by security analysts, allowing them to focus on higher-level decisions and deeper investigations. What is an Agentic AI System? An agentic AI system integrates large language models (LLMs) with tools, enabling the models to reason, plan, and take iterative actions. Unlike typical chatbot systems, which require human prompts, agentic systems can be event-driven, automating complex, multi-step tasks. This capability transforms the way cybersecurity operations are managed, reducing manual efforts and improving efficiency. Agentic AI Applications in Cybersecurity Transforming Alert Management Challenges in Alert Management: 1. Scalability: Handling a high volume of alerts manually is impractical. 2. Reliance on Expertise: Analyzing alerts often requires specialized knowledge. 3. Tedious Documentation: Manually generating investigation reports is time-consuming. Agentic Solutions: - Automation of Triaging: Agentic systems can scale the triaging process by automating the interpretation and investigation of alerts. - Encoding Knowledge: Expert knowledge is encoded into repeatable workflows, reducing the need for individual expertise. - Data Querying: Automatic retrieval of investigation context using data querying tools streamlines the process. - Report Generation: The system generates structured, clear reports, turning a tedious task into a built-in feature. Example: Server Alert Triage The Alert Triage Agent, built using the NVIDIA Agent Intelligence toolkit, automatically investigates server-monitoring alerts. It ingests alerts, analyzes data, and generates triage reports. The system uses a multi-agent design, where the Alert Triage Agent is supported by the Cloud Metric Analysis Agent, which specializes in data querying and pattern recognition. This modular approach enhances maintainability and evolution. Evaluation: - Classification Accuracy: The system achieved 84.6% accuracy in classifying root causes of alerts. - Human Review: Analysts rated the reports as Very Good for correctness and relevance, and Good for coverage and actionability. Despite its promise, the system requires further refinement to enhance report depth and clarity. Supercharging Software Vulnerability Analysis Challenges in Vulnerability Analysis: 1. Complex Dependencies: Enterprise software often has intricate dependencies that need thorough scanning. 2. Manual Triage Process: Vulnerability triage can be extremely time-consuming, taking hours or days. Agentic Solutions: - Automated Investigation: The Software Security Agent, another agentic system, accelerates the vulnerability triage process from hours to seconds. - Context Gathering: The agent searches the internet for broader context and uses available data sources to create a custom investigation plan. - Report Generation: It produces comprehensive reports that help analysts determine the exploitability of vulnerabilities in specific environments. Example: NVIDIA Vulnerability Triage NVIDIA has successfully deployed the Software Security Agent to streamline its vulnerability triage process. Analysts estimate time savings of 5 to 30 minutes per vulnerability, translating to several hours per week. This allows analysts to focus on more complex issues and prioritize high-risk vulnerabilities. Enhancing Accuracy and Efficiency: - Feedback Loop: An annotation tool helps analysts review and correct agent outputs, continuously improving accuracy. - Profiling Insights: The Agent Intelligence toolkit offers detailed profiling to identify and optimize performance bottlenecks. This has resulted in an 8.3x runtime improvement, reducing end-to-end latency from 20 minutes to just 3 minutes. Selecting the Correct Agentic Structure Designing an effective agentic system involves choosing the right architecture based on the complexity and variability of tasks. Options include: - Fixed Execution Path Workflow: Best for well-defined, single alert types. - Fixed Execution Path Workflow with Routing: Useful for multiple alert types with fixed investigation flows. - Adaptive Workflow: Ideal for highly variable or context-dependent tasks. - Hybrid Design: Combines deterministic logic with adaptive decision-making for balance and efficiency. Evaluating Complex Agentic Systems Creating high-quality datasets is crucial for success. Unlike traditional machine learning (ML) datasets, agentic systems benefit from capturing intermediate steps along the reasoning path. This trajectory evaluation helps identify where reasoning may break down or deviate from expectations. Additionally, LLM-as-a-judge is a powerful method for assessing natural language outputs, ensuring alignment with human expectations. The Agentic Future of Cybersecurity Agentic AI is poised to revolutionize cybersecurity operations by addressing the limitations of manual and passive AI systems. Beyond alert management and vulnerability triage, these systems have the potential to become trusted assistants for security analysts, handling repetitive tasks with ease and providing valuable insights. The community is encouraged to build on this foundation and explore new, impactful use cases. Industry insiders see agentic AI as a game-changer for cybersecurity, with significant benefits in terms of efficiency, accuracy, and analyst workload reduction. NVIDIA, a leader in AI and GPU technologies, continues to drive innovation in this area through its open-source Agent Intelligence toolkit and various resources designed to facilitate the development and deployment of agentic systems. The toolkit's modular architecture and built-in support for iterative system improvement make it a valuable resource for enterprises looking to enhance their cybersecurity operations with agentic AI. For those interested in exploring these applications further, NVIDIA offers interactive demos and reference code for deployment, and encourages participation in its upcoming Agent Toolkit Hackathon. watchers of the NVIDIA GTC 2025 session, "Transform Cybersecurity With Agentic Blueprints," can gain deeper insights into the workings and potential of agentic AI systems.