The Cyber Security Workforce in the Age of AI Agents

The Cyber Security Workforce in the Age of AI Agents

Artificial intelligence is changing every sector, and cyber security is no exception. Although change is nothing new, AI feels different because it is not simply another category of tool. AI agents can take on pieces of work that, until recently, required human judgement, language, reasoning and workflow execution.

That does not mean the cyber workforce is about to disappear, but it does mean cyber work is going to change. Some tasks will be replaced by AI, many roles will change and new responsibilities will emerge around governing and securing AI itself.

From outputs to outcomes

Traditional security tools produce outputs: alerts, vulnerability lists, compliance evidence and dashboards. AI agents, at least in principle, can be given a goal and asked to deliver an outcome, involving both analysis and decision-making.

Foundational AI models can already perform limited cyber security tasks, particularly in security operations and application security testing. As AI model capabilities improve, they may go further. For example, in security operations, AI agents might autonomously triage alerts, gather context, check affected devices, and implement solutions. In application security, they might review code, identify vulnerabilities, make code changes and help a developer understand why a particular pattern is risky.

We are still in the "hype" phase of AI adoption

We are seeing a wave of SaaS security vendors and security start-ups claiming to provide AI capabilities. Some of this is real but some of it is marketing and if you scratch beneath the surface, things are not always what they seem. An AI chatbot bolted on to an existing service offering may be of little value and you may find a substantial reliance on human involvement.

That does not imply there are no benefits to AI-powered solutions, it simply means buyers and security leaders need to validate claims carefully. What exactly does the system do? What actions can it take and who approves those actions? How is it monitored? How is it stopped if it goes wrong?

The current limitations of AI

Generative AI is powerful because human knowledge is represented in language and LLMs can extract and act upon that knowledge and associated contextual data. That is why large language models can be so useful in cyber security.

But cyber security operates in the live, changing state of the world, not all of which is documented. Some of it is ephemeral. Some of it sits in people's heads.

Today's LLMs are limited by a lack of real-world context beyond the datasets on which it has been trained or has access to: the undocumented, constantly changing reality of an organisation's staff, systems, priorities and constraints. That is where human involvement cannot be replaced.

Can AI be Intelligent?

We should also remember that current Gen AI models do not perceive the world as we do. They generate plausible responses through probabilistic algorithms, without understanding of the reality or truth of those responses. That distinction matters in cyber security. A model can produce an answer that looks coherent, technical and authoritative while still being wrong in a way that matters operationally. It may look like reasoning, but it does not carry human responsibility, situational awareness or commitment to truth.

So, for now at least, that is another reason AI cannot simply replace the human in cyber work. It can support analysis, speed up workflows and surface useful possibilities, but people still must judge, verify and be accountable for the outcome.

So, what happens to cyber roles?

It is likely that the impact will not be evenly distributed. Routine, repeatable and document-heavy tasks are more suited to AI than work that depends on judgement, context, accountability, stakeholder management or deep technical investigation.

Entry-level and some mid-tier knowledge-based roles are likely to feel the most pressure, especially where work consists of following a known process, gathering information from known sources, producing a standard output or escalating according to predefined criteria.

Even when tasks are taken on by AI the cyber skills shortage does not disappear, and the extent of any job cuts is hard to predict. A good employer should offer cyber analysts the opportunity to take on higher level work as AI becomes deployed: from processing alerts to understanding systems, root cause and assessing business risk. From using tools to shaping how AI-enabled workflows should operate.

Figure 1 summarises a prediction of the impact of AI on cyber roles. Only jobs where significant impact is expected are listed.

This last role is especially important. If AI becomes part of the security operating model, then the AI stack itself becomes part of the attack surface. That means security teams will need people who understand not only traditional controls, but also model behaviour, prompt and interface risks, API exposure, agent identity and permissions, orchestration layers such as MCP servers, and the quality, provenance and sensitivity of source datasets.

Figure 1
Figure 1

Advice for staff

Entry-level roles will reduce. Demand for knowledge and skills in securing the Gen AI stack will increase. If you are working in a career in cyber, supplement your cyber knowledge, skills and experience accordingly. For example:

  • Keep an eye on AI developments.
  • Learn how AI tools can support investigation, summarisation, code review, threat modelling and documentation.
  • Develop judgement to know when to trust an AI output, when to challenge it and when to escalate to a human expert.
  • Broaden skills in areas like cloud security, application security, data protection and risk assessment.

Consider formal training but be wary of the plethora of AI security courses and certifications being offered. The whole field of Gen AI is a rapidly moving target and is still evolving. Training and certifications written today are unlikely to be the same next year.

The people who thrive will not be those who "compete" with AI but those who can combine cyber fundamentals, AI fluency and human judgement.

Advice for CISOs and security leaders

If you are a CISO or responsible for a security function, the challenge is not simply to see where AI could replace manual effort. A better way is to rethink your operating model and develop a strategy for deploying AI to secure the business. It means considering where AI genuinely improves speed, quality or coverage, where it introduces unacceptable risk, the need for human oversight and upskilling of staff. It also means being realistic about cost. AI can be expensive to run, especially when deployed at scale across high-volume workflows.

You should also validate vendor claims on the effectiveness of AI security agents, understand the human element behind AI-enabled services and apply least privilege to agents, monitor their behaviour, and ensure there is a clear owner for any AI system that can access data, use tools or take actions.

Conclusions

In the short to medium term, three things are likely to happen in cyber security:

  • Some routine tasks will decline rapidly.
  • Many more roles will be enhanced, accelerated or reshaped by AI.
  • New roles will be created because of AI.

The cyber workforce is not going to vanish, but it is going to change in scope and skillsets. The best response for security leaders is to think strategically. For individuals, it means developing AI-enabled skills while deepening the human capabilities that AI lacks: judgement, accountability, context and communication. For leaders, it means designing operating models where AI improves security outcomes without weakening oversight, resilience or trust. The world is not going to end for the cyber workforce, but it is being radically changed by AI and there is now an opportunity is to make that change work for us, rather than simply happen to us.