惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google DeepMind News
Google DeepMind News
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Security Latest
Security Latest
P
Palo Alto Networks Blog
AWS News Blog
AWS News Blog
NISL@THU
NISL@THU
T
Threatpost
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Latest news
Latest news
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
WordPress大学
WordPress大学
J
Java Code Geeks
P
Privacy International News Feed
阮一峰的网络日志
阮一峰的网络日志
S
Schneier on Security
博客园 - 聂微东
Project Zero
Project Zero
美团技术团队
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Scott Helme
Scott Helme
I
Intezer
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
H
Hacker News: Front Page
S
Security @ Cisco Blogs
博客园 - 司徒正美
O
OpenAI News
Last Week in AI
Last Week in AI
L
LINUX DO - 热门话题
酷 壳 – CoolShell
酷 壳 – CoolShell
SecWiki News
SecWiki News
月光博客
月光博客
S
Security Affairs
The GitHub Blog
The GitHub Blog
P
Privacy & Cybersecurity Law Blog
S
Secure Thoughts
V
V2EX
S
Securelist
F
Fortinet All Blogs
W
WeLiveSecurity
D
Docker
博客园 - 三生石上(FineUI控件)
Simon Willison's Weblog
Simon Willison's Weblog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
C
Cyber Attacks, Cyber Crime and Cyber Security
V
Visual Studio Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Webroot Blog
Webroot Blog
Engineering at Meta
Engineering at Meta

Vectra AI Blog

Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Why You Need an NDR to Protect Your Modern Network Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI named in Gartner hype cycle for security operations 2025 Vectra AI Vectra AI Vectra AI How Sanofi Detected and Stopped a Cyberattack How MITRE ATLAS Helps Detect LLM Attacks in Cloud AI Detecting Iranian APT identity attacks across hybrid environments Vectra AI Vectra AI Vectra AI Breaking down the axios supply chain incident Vectra AI Vectra AI Who’s Doing What on Your Network? FortiClient EMS Zero-Day: When the Control Plane Becomes Initial Access Detecting Compromise After the Axios Supply Chain Attack. Vectra AI Vectra AI Vectra AI AI Is Now the Attack Surface: Why Your Security Stack Must Adapt Fast Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI How attackers use Brute Ratel (BRC4) Vectra AI Vectra AI Vectra AI The Cutting Edge: AI’s Inevitable Rise in Offensive Security Vectra AI Vectra AI Is AI the Right Tool to Defend Against Modern Cyberattacks? Vectra AI Vectra AI Vectra AI Turns Out Network Security Is Cool Again – and It’s Called NDR Vectra AI Vectra AI Vectra AI Choosing the Right NDR: Gartner’s 5 Questions Every Security Buyer Should Be Asking Vectra AI Vectra AI Named a Leader and Outperformer in the 2025 GigaOm Radar Report for Identity Threat Detection and Response (ITDR) Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI You Have the Right Tools. So Why Are Attackers Still Getting In? Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Challenges in Microsoft Log Monitoring: Insights for Your SOC Vectra AI Platform Visualizes Multi-domain Modern Attacks with Attack Graphs Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Gartner Security and Risk Conference – Chaos meets Opportunity Vectra AI Named a Leader and Outperformer in the 2025 GigaOm Radar Report for Network Detection and Response (NDR) Presenting the 2025 Vectra AI Scholars Simplify Threat Investigation and Hunting with Pre-built Queries in Vectra Investigate The 2025 Gartner® Magic Quadrant™ for Network Detection and Response (NDR) - Why Vectra AI Stands Tall Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI How Black Basta Turned Public Data into a Breach Playbook Play’s New Tactics Bypass Traditional Defenses. Are You Ready? Charting a New Era of Network Security: Vectra AI at the Forefront Unlocking Operational Efficiency: How Vectra AI Drives 40% Gains in SOC Performance and 391% ROI Identity-Centric Attacks: The New Reality for UK Retail CISA Flags Fast Flux as a National Threat: Are You Covered?
AI Agents: What Do They Mean in Cybersecurity?
Zoey Chu · 2025-04-28 · via Vectra AI Blog

We know it’s there with us. It’s keeping track of things, learning our tendencies, assisting with various tasks, but it can still be difficult to pinpoint exactly what the AI technologies we use and exist with are doing? However, the conversation gets a lot more interesting when we look at the possibilities available and how they’re actually impacting our day-to-day lives or even the way we work. For this discussion, we’re mostly talking about what AI agents mean for those of us working in cybersecurity — a topic that also highlights the path we’re on as humans co-existing with AI and how we use it. But before we get into all that, we should probably consider updating the dictionary definition of ‘agent’ to something like:

A person, business or artificial intelligence authorized to act on another’s behalf.

Maybe we even add “service animal” to that definition? Can a dog or another type of service animal act on another’s behalf? Consider this scenario: your dog is trained to collect any dirty laundry it sees throughout the house and place it in the laundry room. Your dog is now the laundry agent, which you authorized. Now when you leave laundry on the floor, anyone who has a problem with that, can take it up with the laundry agent.  

While Merriam-Webster considers my request, here’s a definition from IBM more specific to AI agents:

An artificial intelligent (AI) agent refers to a system or program that is capable of autonomously performing tasks on behalf of a user or another system by designing its workflow and utilizing available tools. -IBM

Simple enough especially once you break down how an AI agent (or any agent) would be assigned to carry out certain tasks, however, if you read some of the recent articles on AI agents — and there are a lot — you’ll quickly see that there are a lot of questions being raised. Some articles suggest how, “no one can clearly define an AI agent.” And maybe that’s just a clever headline from Fortune that does a good job of getting us past what we call something and more to the point of the discussion, which is how it can actually help us or what we can do with it. Other articles, like this one in Wired, raise questions about AI agents by asking — “how much should we let them do?”

All valid considerations, however, one of the interesting realizations when digging into AI agents across cybersecurity, is that they help give us a more defined glimpse into the impact AI is having and can have across our workflows. We recently learned a lot about AI adoption across cybersecurity in Vectra AI’s 2024 State of Threat Detection and Response report, however, you have to get beyond the adoption numbers to learn how AI is actually making an impact and the tasks it’s helping complete.

AI Agents in Cybersecurity

So, what are we talking about with AI agents in cybersecurity? Let’s look at it from a threat detection, investigation, and response point of view where the faster a defender can see and stop an attack, the better off their organization will be. On average, defenders receive 3,832 security alerts per day, this according to the 2024 State of Thread Detection and Response report. That number is actually down from the year prior, but when you think about what that means in terms of being able to address each individual alert — it’s an outrageous ask. Put it this way, if you had nearly 4,000 emails in your inbox each day, how many would you answer? It’s really not that surprising that the practitioners who participated in the study reported only being able to respond to 38% of those alerts on average. This means as an industry, we’re not addressing potential real incidents because we don’t have the bandwidth. Enter AI agents.

How do AI agents help defenders see and stop attacks?

If we zero in on how security practitioners divide tasks up during the average workday, we start to see some areas where AI agents become useful. For example, according to Vectra AI’s Security Team Efficiency Benchmark, security practitioners spend 18.4% of their day investigating false positives, and 27.7% of their day managing alerts. This particular study collected responses from 538 practitioners to help understand which tasks take up time during the day, but for this discussion it’s also useful to see where an AI agent might make sense. Interestingly, the study also shared that a 10-hour work day was the norm for a six-person team average. In this scenario, where would an AI agent earn their keep? There are a number of ways, but AI agents can help remove much of the manual work associated with alerts, and perhaps most importantly, elevate the attack signal that teams receive from threat detection and response tools, so they know what events pose the biggest risk. Let’s get into how they work.

Can AI agents help reduce the time spent on false positive security alerts?

Every false positive alert needs to be triaged to determine its relevance by either a human analyst or through some form of automation (if available), which is why we’re seeing close to a fifth of an analysts’ day being spent on false positives. We need to know if something is malicious or benign — which can be a highly manual process taking time and expertise. But does it have to be? The ability to apply AI to handle triage isn’t anything new, but capabilities keep getting better and now with AI triage agents in the mix, security teams can easily offload triage duties. That means using AI to evaluate alerts and separate normal network behavior from what’s likely malicious or to help determine which detections are security relevant based on entity (host or account) importance.

Can AI agents help manage the high amount of security alerts teams receive?

It’s not just the amount of alerts teams receive (3,832 each day) that make things impossible, but the complexity of modern networks spanning data centers, campuses, remote workers, clouds, identities, etc. makes the possibility of stitching together alerts across each surface unrealistic without the right technology. Attackers thrive in these environments because of the latency introduced by the effort it takes to stitch together siloed alerts coming in from every possible direction. Correlating detections or alerts across various surfaces isn’t a new concept, however, AI agents make it easy because defenders no longer need to look at every alert across each individual surface. For example, an alert in AWS could be connected to an alert in Entra ID because they are associated with the same identity — AI would know this and automatically build an attack profile that includes both alerts or any number of alerts received associated with that identity from any surface within your environment. This cuts the number of alerts teams have to address.

Can AI agents help you stop a cyberattack?

Even with a fewer number of alerts, the information most useful to defenders is always going to be — knowing which alert(s) signal an attack that’s actually occurring. As we mentioned earlier, defenders need to be able to see and stop attacks, which is something AI agents can now help prioritize. An AI agent for attack prioritization can take detections of all types of attacker behaviors seen across an environment, factor in things like how fast an attack is moving along with the techniques being used and deliver urgency ratings for all the security alerts within an environment. An AI prioritization agent can basically take everything that’s happening across an environment into account and rank them in order of severity by what poses the biggest risk. Defenders then have all of the context about each alert in one place already triaged and stitched together so they can use their expertise to investigate further if needed or move forward with stopping the attack.

For defenders, AI agents are quickly becoming more than just a way to help clean up false positives and manage alerts, but a way to gain an accurate attack signal that can be used to see and stop attacks without the latency that is introduced by doing it manually. And besides all that good stuff, who doesn’t want to say the words, “take that up with my agent”?

To get more details about AI agents and how Vectra AI uses them, watch the podcast: Accelerating Threat Detection with AI Agents.

Or  

Read about how security teams are gaining real business outcomes from AI, including:  

  • 52% more potential threats identified
  • 51% less time spent monitoring and triaging alerts
  • 60% less time spent assessing and prioritizing alerts

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。