The conversation around AI is moving faster than most security teams can keep up. We’ve barely wrapped our heads around securing the use of Large Language Models (LLMs), meanwhile the use of AI Agents and Agentic workflows is rapidly gaining traction within corporate networks.

This isn’t just an upgrade; it’s a fundamental paradigm shift. In a recent presentation at FutureCon Atlanta, Richard Foltak, SVP and CISO at Dito, laid out a compelling case for the “Agentic Era” – one defined not just by AI-driven insights, but by autonomous AI-driven actions.

This shift moves our primary concern from data privacy to a much more complex challenge of trust, autonomy, and oversight. 

The Old vs. The New: Way Beyond RPA

We’re all familiar with Robotic Process Automation (RPA), which was designed to automate simple, repetitive, rule-based tasks.

Agentic automation is an entirely different species.

“Agentic automation is not just the next version of RPA – it’s a paradigm shift. Where RPA automated repetitive steps, agents understand intent. They collaborate with people, dynamically orchestrate systems, and continuously refine process logic. This transforms operations from deterministic execution to adaptive intelligence.”

The Evolution From Prediction to Action

This new era didn’t appear overnight. In his presentation, Richard outlines a clear four-stage evolution, with each step building on the last at a blistering pace:

1. LLMs (2022-2023): Gave us conversational intelligence and advanced prediction.
2. Co-pilots (2023-2024): Provided task-based assistance.
3. RAG (2023-2024): Grounded AI responses in facts via Retrieval-Augmented Generation.
4. Agents (2024-2025): Enable autonomous reasoning and goal-seeking.

It’s helpful to think of these not just as steps, but as a “stack” of capabilities. An Agent is the overall system (the “actor”), the LLM is its reasoning “brain,” and RAG is the “long-term memory” it uses to ground its decisions in your company’s facts.

This progression represents the most critical shift in modern technology:

“The shift is from prediction → decision → action.”

And this isn’t a “what if” scenario. The reality is that your organization is almost certainly part of this shift, whether you have an official policy or not.

“Most organizations are already using AI, regardless if they are approved or not!”

What Makes an Agent Different?

So, what truly separates an AI agent from a co-pilot or an LLM? It’s not just about intelligence, but also empowerment. Agents are force multipliers that can automate entire complex workflows, driving efficiency gains of 30-60%.

They can do this because they possess three key components that previous technologies lacked:

• Persistent memory and contextual awareness.
• The ability to use tools and integrate with other systems.
• Goal-oriented and autonomous behavior.

This leads to the most crucial takeaway of the entire presentation:

“Agents don’t just assist… THEY CAN ACT.”

The New Security Challenge: Who is Responsible?

When an AI can act autonomously, it creates a world of new security and governance problems. The core challenge, as Richard notes, is that AI capability is accelerating far faster than our governance to control it.

This “governance gap” forces us to ask questions that were, until now, theoretical:

• How do you monitor and audit “Agent-to-Agent” (A2A) interactions? This A2A risk can be as simple as one agent (on your behalf) scheduling a meeting, which then triggers a second agent (on a colleague’s behalf) to autonomously accept and book a conference room, all without any human intervention. Now, imagine that same interaction with access to financial systems or customer data. The audit trail vanishes.
• How do you approve an agent’s access to tools and sensitive data?
• What happens when agents, “taking on a person’s identity to complete tasks on their behalf,” go rogue?

This last point is compounded by the “Agentic Shift Left,” where non-technical users can “self-automate,” creating new “shadow agents” with access to sensitive data and APIs, completely bypassing traditional IT and security.

This new reality poses the ultimate question of accountability:

“If an AI Agent, acting on behalf of an employee, behaved in an unapproved manner, who is responsible?“

This is no longer a problem for the CISO to solve alone. It’s a leadership challenge for the entire C-suite:

• CIO: Must define the AI architecture and its boundaries.
• CISO: Must establish agent security baselines and, most importantly, observability.
• CDO: Must govern what data and context agents can share.
• CFO: Must balance the massive ROI with this new “residual risk.”

The Future is Now: Trust, but Verify

This new world is not all doom and gloom. The future is already here, and when governed correctly, its potential is staggering.

Richard shares a Google SecOps use case where Dito is leveraging agents for autonomous alert correlation and threat intelligence. The results? A 70% decrease in Mean Time to Resolution (MTTR), an 85% decrease in false positives, and a massive reduction in analyst fatigue.

The path forward requires a new security model. We must evolve our thinking from “code integrity” (is the code safe?) to “behavioral integrity” (is the agent’s behavior safe?).

“In the Agentic world, trust isn’t built through code reviews — it’s built through behavior monitoring.”

As we integrate these powerful new “employees” into our organizations, we must adopt a new mindset, one perfectly captured by the classic adage:

“Don’t forget the HUMAN IN THE LOOP! Trust – But always Verify!“

Watch the Full Presentation

Richard Foltak’s 30-minute presentation is a masterclass on the next frontier of cybersecurity. To dive deeper into the Agentic Development Lifecycle, the “shadow agent” problem, and the security operations use case, watch the full video here.