Enterprise Adoption and Governance of AI Agents in Security Operations
Organizations across industries are rapidly adopting agentic AI, with a significant shift in 2025 from experimental deployments to operational use in security operations. Companies are leveraging AI agents for tasks such as autonomous alert triage, threat hunting, and intelligent detection tuning, resulting in increased efficiency and productivity. However, this rapid adoption has highlighted the need for robust governance, observability, and lifecycle management to prevent potential risks associated with autonomous agents running unchecked.
Regulated industries like financial services are leading in implementing centralized governance and human oversight to ensure regulatory, ethical, and performance standards are met. Enterprises are also benefiting from advancements in AI models, such as Claude 4.5 and GPT-5, which offer improved reasoning and integration capabilities. Despite these advancements, organizations are still working to balance human and agent decision-making, emphasizing the importance of continuous monitoring and responsible deployment of AI agents in critical security operations.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Experts warn governance is lagging behind agentic AI adoption
By December 2025, multiple industry sources reported that enterprise adoption of agentic AI was outpacing governance, observability, authorization, and lifecycle management practices. Analysts and practitioners highlighted risks from shadow AI, unmanaged permissions, and 'zombie agents' left running without proper review or retirement.
Enterprise security teams scale AI agents into production in 2025
During 2025, organizations moved AI use in security operations from experimentation to production-scale deployments, using autonomous agents for alert triage, threat hunting, and detection tuning. The shift emphasized specialized agents, human oversight, transparency, and privacy-preserving workflows.
Okta releases Auth0 for AI Agents
Okta recently released Auth0 for AI Agents, a product intended to integrate AI agents into existing identity and access management frameworks with auditability, token vaulting, and least-privilege controls. The release reflects a broader industry push to treat AI agents as a new identity type requiring governance and authentication.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
How to keep AI plans intact before agents run amok
cio.com
Open sourceThe State of AI in Security Operations: 5 Patterns That Defined 2025
detectionatscale.com
Open sourceHow to answer the door when the AI agents come knocking
go.theregister.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Challenges in Securing Rapid Adoption of AI and AI Agents in Enterprise Environments
Organizations are rapidly integrating generative and agentic artificial intelligence into their cybersecurity and IT operations, with a particular focus on identity and access management (IAM) and security operations centers (SOC). While AI offers significant potential for proactive threat detection, adaptive authentication, and streamlined investigations through natural language interfaces, most enterprises are struggling to keep pace with the security, governance, and operational challenges that accompany this technological shift. Surveys indicate that the speed of AI adoption is outstripping the development of adequate security controls, governance frameworks, and incident response playbooks, leaving many organizations exposed to new and evolving AI-driven threats. Security leaders and practitioners report that building production-ready AI agents for security operations requires far more engineering rigor than prototyping or demos, with challenges such as context management, reliability, and multi-user execution. Despite the promise of AI as a productivity multiplier, nearly two-thirds of IT and business leaders acknowledge that their organizations are deploying AI faster than they can fully understand or secure it, and about half have already encountered vulnerabilities in their AI systems. The lack of mature governance and security practices around AI adoption is a growing concern, especially as the technology becomes more deeply embedded in critical enterprise workflows.
Mar 21, 2026
Security and Risk Management for Agentic AI in Enterprise Workflows and SOCs
Enterprises are rapidly adopting agentic AI technologies to automate and enhance both security operations and business-to-business (B2B) workflows, fundamentally transforming traditional IT and security architectures. Security Operations Centers (SOCs) are experiencing unprecedented alert volumes, with large organizations managing thousands of alerts daily, leading to significant alert fatigue and missed incidents. To address these challenges, organizations are shifting from legacy, manual SOC models to AI-augmented SOCs, where analysts oversee and validate AI-driven decisions rather than manually triaging every alert. This transition requires a mindset shift, as leaders must learn to trust AI systems to assist analysts without fully replacing human judgment. The adoption of AI in SOCs is accelerating, with 88% of organizations planning to evaluate or deploy AI-driven SOC platforms within the next year. However, the proliferation of AI-powered SOC automation introduces new risks, making it essential for security leaders to carefully assess architectures, implementation models, and phased adoption strategies. In parallel, agentic AI is revolutionizing SaaS and partner ecosystems by enabling autonomous, self-orchestrating integrations that move beyond traditional, human-mediated application networks. This shift is driving a critical pivot in enterprise technology, as routine, rules-based digital tasks become candidates for full automation by intelligent agents. As these autonomous AI agents automate complex B2B workflows, robust security and governance frameworks become paramount. Security experts emphasize the need to integrate AI agents with existing enterprise governance platforms, ensuring alignment with established security practices such as Role-Based Access Control (RBAC) and organizational policy management. The introduction of AI firewalls and guardrails—context-aware frameworks that verify both the inputs and outputs of AI agents—provides a foundational layer of security, ensuring that automated actions remain compliant with enterprise policies. Verifiable workflows are crucial, particularly in B2B environments, to maintain operational coherence and prevent unauthorized or unintended actions by autonomous agents. The convergence of these trends highlights the dual imperative for organizations: to harness the efficiency and scalability of agentic AI while implementing rigorous security controls and governance mechanisms. As AI becomes integral to both security operations and business workflows, the ability to measure real impact, manage risks, and select the right platforms will define organizational resilience. Security teams and platform architects must stay informed about evolving best practices for securing AI and large language models (LLMs) within their environments. Ultimately, the successful adoption of agentic AI in the enterprise hinges on balancing innovation with robust, context-aware security and governance.
Mar 21, 2026
AI Agent Adoption Outpacing Safety and Governance Controls
Organizations are rapidly expanding the use of **AI agents**—systems that can execute multi-step tasks with limited human supervision—while governance, safety, and oversight controls lag behind. Deloitte’s *State of AI in the Enterprise* survey of 3,200+ business leaders across 24 countries reported **23%** of companies already using AI agents “at least moderately,” projected to rise to **74%** within two years, while only about **21%** said they have robust safety and oversight mechanisms in place. Separately, commentary warning about AI-enabled intrusion acceleration cited a purported “**GTG-1002**” campaign in which AI agents allegedly automated most of the intrusion lifecycle and compressed response windows, arguing that traditional SOC processes struggle against autonomous, high-velocity adversary tradecraft. Multiple other items in the set focus on broader *responsible AI* and policy concerns rather than a single security incident: an interview-style piece describes how “responsible AI” functions inside a large vendor’s product process, and another report highlights expert concerns about deploying LLM tools in **law enforcement** workflows (e.g., summarizing body camera transcripts or generating crime scene photo descriptions) given risks like hallucinations and bias. A separate business-leadership article frames cybersecurity and AI as strategic imperatives amid geopolitical instability but does not provide incident-specific or vulnerability-specific details. Overall, the material is best characterized as **governance and risk posture** coverage around agentic AI rather than a unified, verifiable breach or vulnerability disclosure.
Mar 21, 2026