In short
Ideco tested AI agents on real-world information security tasks: auditing firewall rules, analyzing IPS and DNS logs, and red teaming. We’ll examine where the agent saves hours of work and where it remains a source of risk.
A “championship” of its own is unfolding in cybersecurity—AI vs. AI. Attacking agents accelerate reconnaissance, generate exploits, and move within the network. Defensive agents read configurations, analyze logs, and help specialists make decisions faster.
The company Ideco conducted its first 18 audits using AI agents on real-world information security tasks. The authors’ main point: this is not about some magical “human-free” automation. Value is created when a specialist provides the agent with context, rules, access permissions, and verification criteria.
The authors emphasize that everything described here can be applied to any security solution with a standard machine interface. This is not about a specific product, but rather a new layer of automation that transforms the work of security professionals.
It is not the AI itself that needs to be restricted, but rather the agent’s data, permissions, and actions. Without expert validation and properly configured security measures, the agent remains a source of potential errors. Security is still ensured by control processes and human oversight.
The authors provide a brief timeline: from the simple chatbots of 2022 to autonomous agents capable of acting independently within the infrastructure. It is precisely now that technology has reached a level where agents have “taken off” in practical information security scenarios.