Introduction: The Evolving Cyber Threat Landscape
The contemporary digital landscape faces a complex and high-volume wave of cyber threats, outpacing traditional security measures. As digital interactions and data volumes surge, there’s a pressing need for intelligent, automated systems to detect vulnerabilities, analyse malware, and respond to attacks. Artificial intelligence (AI)—especially advancements in Large Language Models (LLMs)—offers a transformative edge in cybersecurity. This article explores the integration of Agentic AI, often powered by LLMs, into cybersecurity operations, highlighting both its vast potential and the critical security and privacy risks it introduces.
What is Agentic AI in Cybersecurity?
In cybersecurity, Agentic AI refers to autonomous AI systems that make decisions without requiring explicit human oversight. Unlike traditional, rule-based security systems, it leverages machine learning and behavioural analysis to learn from new data and adapt to new threats in real-time. Its core functions include automated threat detection—spotting anomalies that indicate compromise—and initiating incident responses such as isolating devices or blocking malicious traffic.
The Role of LLMs in Enabling Agentic Cybersecurity
LLMs, powered by advances in Natural Language Processing, are key to developing intelligent security agents. With billions of parameters and extensive training data, LLMs excel at processing unstructured data like logs and threat reports. Techniques like Retrieval-Augmented Generation (RAG) and prompt engineering (e.g., Chain-of-Thought) enhance their reasoning and task execution. Fine-tuning on domain-specific data further adapts LLMs for tasks like bug fixes and vulnerability detection.
Key Security and Privacy Risks Introduced by LLMs
While LLMs offer immense potential in cybersecurity, they also pose security and privacy risks, as outlined in the OWASP Top 10 for LLM Applications 2025*.
Prompt Injection is a major concern, where malicious user inputs can manipulate LLM’s behaviour, leading to unauthorized actions or ignored instructions – even through indirect data source.
Sensitive Information Disclosure is another risk, with LLMs potentially leaking memorized private data from training datasets or user inputs. This risk grows with model size due to increased memory capacity.
Misinformation and Hallucinations are also problematic, as LLMs may generate convincing but false information, affecting security decisions. Mitigation efforts like context expansion have had limited success.
In Agentic LLMs, Excessive Agency is a key issue—overly autonomous agents can perform unintended actions due to broad permissions, such as deleting emails when only reading access was intended. To prevent this, extension functionality and permissions should be tightly controlled, and agent activity should be logged and rate-limited.
Other threats include Adversarial Attacks like jailbreaking, and Model Extraction attacks to steal valuable model information.
Supply Chain vulnerabilities can be introduced if malicious developers inject backdoors into models during pre-training or fine-tuning.
Finally, Prompt Extraction attacks target the sensitive or valuable prompts used to elicit specific LLM behaviors42 .
Conclusion
The integration of Agentic AI, heavily reliant on LLMs, offers substantial potential to enhance cybersecurity through automation, real-time analysis, and proactive threat mitigation However, the unique security and privacy risks introduced by LLMs, including Prompt Injection, Sensitive Information Disclosure, Misinformation, and crucially, Excessive Agency in autonomous applications, demand rigorous attention and mitigation. Safely and responsibly leveraging these powerful technologies requires a deep understanding of their vulnerabilities and the implementation of robust security measures throughout their lifecycle and deployment in agentic systems.
