Agentic Adoption, the New Pattern for Cybersecurity
The question is not whether to automate security operations. The question is which decisions belong to machines, which belong to humans, and what happens when you get that boundary wrong in either direction.
There are two ways to get the human-machine boundary wrong in security operations. The first is keeping humans in every decision loop, ensuring that no action is taken without analyst review. Given the mean response times for detection and response within organizations is much longer than than the 29-minute adversary breakout times, these attacks can complete before containment begins. The second is removing humans from the decisions that require judgment and granting machines authority over ambiguous scenarios where the cost of a wrong decision is high. Both failures are common. Both should be considered cautionary tales.
The Adaptive Defense human-AI operating model is built around a single design principle: the right actor for each decision is determined by the speed at which that decision must be made and the degree of ambiguity it carries. Map every security operation onto those two axes, and four quadrants emerge, each with a different answer to the question of where the human sits.
The Four Quadrants
The first quadrant is machine autonomous. In this quadrant, the threat is high speed, low ambiguity. These decisions must be made in seconds and carry clear, well-bounded indicators. Examples include identity session revocation on confirmed anomaly breach, network micro-segmentation on high-confidence threat signals, and deception token triggers that lead to autonomous isolation. When the context is clear and the window is measured in seconds, human review is not a governance improvement, but rather a timing liability. The machine acts within approved thresholds; humans review outcomes, not decisions.
The second quadrant is human plus machine — high speed, high ambiguity. The machine surfaces context and generates a decision brief. The human decides, in under five minutes. Scenarios such as novel TTP alerts, insider threat signals, and lateral movement events carry genuine uncertainty that a confidence score cannot resolve. The analyst becomes a decision-maker, proactively informed by AI instrumentation. That is a fundamentally different role, and it requires a fundamentally different skill set. Over time, repeated responses to novel threats can be instrumented and moved into the autonomous quadrant as the threat becomes more defined.
The third quadrant is machine assisted, characterized by low speed and low ambiguity. Examples include vulnerability patch scheduling, AI-scored access certification reviews, and continuous compliance drift monitoring. The machine executes at scale; the human approves outcomes. This is where most practitioner bandwidth historically has been consumed and where automation returns the most working hours to higher-stakes work.
The fourth quadrant is solidly human. Low speed, high ambiguity. This is where operational posture is established. Security strategy and risk appetite. The governance of the autonomy boundary itself. The decisions about which actions machines are permitted to take. Board reporting and crisis decision-making. These cannot be delegated to a machine, not because the machine lacks capability, but because the accountability for these decisions cannot be delegated.
| Quad 1 — Machine autonomous | High speed • Low ambiguity | Reviews outcomes, not decisions | MTTC < 2 min |
| Quad 2 — Human + machine | High speed • High ambiguity | Decision-maker from machine brief | Analyst decision time < 5 min |
| Quad 3 — Machine assisted | Low speed • Low ambiguity | Approves outcomes at scale | NHI lifecycle compliance > 92% |
| Quad 4 — Human led | Low speed • High ambiguity | Owns the decision and its accountability | Quarterly boundary review |
The Skill Gap the Industry is Not Talking About
The operating model requires three competency profiles that did not exist as distinct disciplines five years ago in the SOC landscape. Security AI Engineers build, train, and adversarially red-team the detection and response models. They own the confidence scoring model and threshold calibration. The critical question they must be able to answer is not “Does the model work?” but “Can this model be evaded? Is the training data poisoned? Do the false positive rates hold at 3 a.m. on a Sunday?”
Identity Security Architects treat the full identity fabric — human accounts, machine identities, service principals, OAuth tokens, AI agent credentials — as a living attack surface to be modeled, monitored, and minimized continuously. Not managed periodically. Not reviewed quarterly. Continuously.
Agentic SecOps Leads design the autonomous playbook library, define the thresholds for machine action, manage human escalation paths, and conduct tabletop exercises on human-machine handoff points. This role carries a specific authority that no previous security role has carried: the authority to adjust the autonomy boundary under operational pressure. That authority must be explicitly documented because the organization that grants machines the ability to take autonomous action must have a human who is accountable for where that line sits.
“Cybersecurity has become an agentic arena, and there is no shortage of technology and platforms to ‘fight fire with fire.’ But for many organizations, this is new muscle. The Human-AI operating model helps our customers rationalize where, how, and how much to instrument for autonomous operation, and how to evolve as the organization matures.”
— David Malcom, In Balance IT cybersecurity practice lead
The Override Rate as a Calibration Signal
One of the most underappreciated metrics in the operating model is the analyst override rate — the percentage of machine-recommended actions that analysts reverse or modify. The target is 5 to 15 percent. Below 5 percent, analysts are rubber-stamping machine decisions without genuine review; the human governance layer has become theater. Above 15 percent, the confidence model is mismatched — machines are making recommendations that trained practitioners routinely reject.
The override rate is not primarily a performance metric for the AI system. It is a calibration signal for the boundary between Quadrant 1 and 2. When override rates drift above the threshold, it is evidence that actions classified as machine-autonomous carry more ambiguity than the model accounts for — and the boundary needs to move.
The Governance Infrastructure That Makes Autonomy Safe
Every autonomous action must carry a reasoning chain, a confidence score, a timestamp, and a reference to the governance policy that authorized it. This is the evidentiary foundation that makes machine-speed defense auditable. When a machine revokes an identity session in 60 seconds, the organization must be able to show the regulator exactly why, under what authority, and with what evidence. If it cannot, it will face a choice between moving fast or staying compliant. With the right governance infrastructure, it does not have to choose.
The autonomy boundary review is a quarterly minimum, not an annual obligation. In a threat environment that evolves on a weekly cadence, a governance policy that has not been reviewed in six months is already stale. The Agentic SecOps Lead is accountable for triggering a review within 30 days of any material threat landscape change or any autonomous incident that produced an unexpected outcome.
The Velocity Gap is Not Optional
Organizations that maintain fully human-gated security operations in 2026 are not making a conservative choice. They are opting out of the fight. Adversary breakout timelines do not pause for analyst availability. Technology will always promise outcomes, but a bad actor only has to be right once to be successful. Adoption and maturity of agentic operations will determine how an organization prevents and responds over time to novel threats.
The question is not whether to adopt the operating model, but whether to adopt it before or after the incident that makes the case for change unmistakably clear.
About This Series
This post is the second in the Adaptive Defense series. Each article addresses a specific domain where traditional frameworks fall short of today’s agentic AI threat landscape.
Post 1 — Why NIST, ISO 27001 & COBIT Can’t Keep Up With AI Threats
Post 3 — Non-Human Identity Security: An Attack Surface You Can’t See
Post 4 — Your Coding Agents Have Admin Rights and Trust Issues