The emergence of the agentic era in cybersecurity has ushered in unprecedented challenges as AI-driven threats become increasingly sophisticated. Notably, a significant incident occurred in November 2025 when Anthropic reported that a Chinese cybercriminal used AI to execute an autonomous cyberattack. This attack involved advanced techniques like reconnaissance, exploit development, and data theft, all performed rapidly by AI.
The Evolution of Vulnerability Management
Despite the growing complexity of cyber threats, vulnerability management remains crucial, albeit in need of evolution. Cisco’s recent decision to discontinue Kenna Security underscores the shift from traditional exposure management to dynamic solutions. Historically, vulnerability management relied on static scans, but these are now inadequate as they cannot keep pace with the evolving threat landscape.
As the sector transitions to vulnerability management 10.0, continuous telemetry and contextual prioritization become essential. The aim is to achieve agentic remediation, where AI systems autonomously address vulnerabilities, enhancing both speed and precision.
Addressing the Speed Disparity
The agentic era highlights a significant disparity in speed between malicious actors and cybersecurity defenses. AI-driven threats operate with autonomy, capable of executing complex operations at computational speeds. OpenAI predicts a threefold increase in computational capabilities by 2026, emphasizing the urgency for advanced security measures.
Traditional vulnerability management, with its reliance on periodic scanning and manual processes, struggles to keep up. Older programs focus more on the quantity of vulnerabilities rather than timely remediation or risk reduction, leading to inefficiencies.
Bridging the Security Gap
The divide between DevOps and SecOps is widening as AI-assisted development becomes more prevalent. Tools like Cursor facilitate the generation of vast amounts of code daily, yet security concerns remain. A significant proportion of developers express distrust in AI-generated code, with many failing to verify it prior to production.
Reports indicate that AI-generated code often contains security vulnerabilities, such as hardcoded secrets and misconfigurations. The rapid adoption of AI in 2026 necessitates a reevaluation of security metrics, as traditional methods become obsolete.
Security teams are encouraged to adopt resilience strategies, utilizing comprehensive security data fabrics that integrate telemetry from various IT and cloud sources. This approach allows for prioritized remediation, focusing on business-critical risks.
Future Outlook on Vulnerability Management
The transition to vulnerability management 10.0 involves a phased approach to agentic remediation. Initially, AI will assist in vulnerability discovery and management, with human oversight maintaining control. As trust in these systems grows, AI will autonomously handle clear-cut security issues.
Ultimately, the goal is to leverage AI to continuously monitor and sanitize networks, addressing known vulnerabilities efficiently. This shift will enable human experts to focus on strategic cybersecurity challenges, ensuring resilience against AI-driven threats.
The advancement of AI in cybersecurity presents both challenges and opportunities. By integrating AI-driven solutions with human expertise, organizations can enhance their defensive capabilities in the agentic era.
