According to Gartner analyses, 15% of routine decisions in companies will be made autonomously by artificial intelligence (AI) agents by 2028. Data like this reinforce that this category of technology is becoming increasingly strategic for organizations' growth plans, as it helps to increase the level of productivity and accuracy of actions.
Felipe Thomé, co-founder and COO of CisoX, a startup of the Dfense group, explains that this growth reinforces the difference between these AI tools and assistants. "While Siri, Google Assistant, and corporate chatbots in general perform simple and reactive tasks, such as replying to emails or managing schedules, agents operate autonomously, capable of monitoring environments, detecting patterns, predicting scenarios, and acting strategically," he says.
Due to these characteristics, this branch of AI is capable of enhancing human action, allowing teams to focus on complex and high-impact tasks for the business, instead of operational and time-consuming activities. The company's specialist cites the cybersecurity sector as an example of a field benefited by this dynamic.
“It is possible to create more robust and precise information security strategies dynamically, without relying on entire teams and fragmented schedules. This frees up resources and allows companies to adapt their security plans in real time, ensuring relevance and alignment with the current scenario,” he says.
New Cybersecurity ChallengesAlthough innovative, the rise of AI agents also brings many challenges to the cybersecurity sector. The main one is accessibility, since until recently, detailed risk and vulnerability analyses were restricted to large corporations that had the resources to hire specialized consulting firms. However, small and medium-sized enterprises did not have access to these strategic diagnostics, making them more vulnerable to cyberattacks.
"Information security must be an accessible right, not a privilege for those who can pay dearly," emphasizes Thomé. "AI agents need to have this democratization bias in their development and implementation, reducing barriers and allowing any company to protect its data in a strategic and efficient way," he concludes.
In the market, some ways to ensure this accessibility are already standing out, such as reducing the signing deadlines for security master plans from three to one year. "At CisoX itself, we have significantly reduced the price of our service compared to traditional consulting firms due to the annual model, ensuring that companies review their strategies in real time, adjust investments, prioritize projects, and stay updated in a constantly evolving threat landscape," says the executive.
Leaving the traditional mindset aside
Besides the cost, the old model of hiring specialized consulting firms also presents other potential problems. This is the case of dependence on individual technical knowledge, which not only leaves room for human errors and inconsistent analyses but also involves a slower process of implementing defenses.
In this sense, companies that bring AI agents into their core business are gradually managing to transform this scenario. CisoX, for example, bases the operation of this technology on the NIST (National Institute of Standards and Technology) framework, which allows its platform to conduct assessments with more than 360 criteria to measure the maturity of each client's information security processes. Thus, the deadline for risk mapping and the production of approximately 300-page reports is reduced from four months to just two minutes.
“AI agents are proving that automation is not just a nice word, but rather a way to ensure efficient, fast information collection that is adapted to the context of each organization,” concludes Felipe Thomé.
