Closing The Two-Hour Incident Response Time Requires Security That Moves At The Speed Of Machines

Enterprise adoption of agentic AI is rapidly outpacing the traditional security perimeters designed to govern human users and static software. Because these autonomous entities make independent decisions and access sensitive APIs without constant oversight, they represent a fundamental shift in the corporate attack surface. This new reality forces a move away from legacy identity management toward a framework that treats AI agents as distinct, verifiable identities.

Working to secure the global agentic frontier is Mohamed Mousa, the Director of AI Cybersecurity and Risk at MAGNA AI. Mousa is an executive leader and cybersecurity expert with over two decades of experience designing air-gapped sovereign AI environments and secure multi-agent systems for state and private organizations. He explains that today’s deployments of autonomous systems expose gaps in traditional security models, particularly around identity, governance, and incident response.

"With agentic AI, the attack surface has become very wide and very wild. Innovation is happening faster than our capability to govern it." Companies are rushing to deploy autonomous AI, he says, without installing or even considering proper safety measures. Because agents are configured to follow prompts, threat actors can now compromise systems without a single line of code by using persuasive conversations. "Technically speaking, hacking agents has become much easier than hacking a normal network or cloud because it's done using our own language."

• All gas, no brakes: Mousa says while agentic AI is a big innovation, for security professionals it can also be a nightmare because of the massive, unmonitored expansion of permissions granted to these tools. "People are giving agentic AI access to everything inside the organization: financial information, emails, data. I'm sometimes very shocked when I test their security. It's like we invented a car but forgot to configure the brakes."

In Mousa's view, enterprise leaders need to bring security into the design of these systems from the start. That means treating agents as first-class identities, not invisible helpers bolted onto existing applications. To fix the blind trust issue, he pointed to a non-human identity triad: distributing cryptographic keys to authenticate each agent, setting strict permissions to authorize actions, and implementing comprehensive logging to trace behavior over time. Without directory and lifecycle controls, these entities can proliferate across internal networks in ways many security teams currently struggle to see or govern. "Today, you might have four agents. Maybe after one week, you have seven or eight agents inside your network, becoming agents and sub-agents. They communicate inside and outside without any expectations or permissions. We don't know exactly who is doing what, or which specific agent is responsible," he explains.

• Malice at machine speed: The transition to automated attacks has the potential to expose a massive gap between human response times and machine-speed operations. The global average Mean Time To Respond (MTTR) is two hours. Against a machine-speed swarm, that’s an eternity. Mousa views the discrepancy as a call to action for security leaders. "We need to improve our incident response to operate on machine speed, not human speed," he says. Recent industry commentary echoes Mousa's concern, with some CISOs pointing out that machine-speed threats are forcing them to rethink how much decision-making they can safely automate in the SOC.

• Swarm warning: The same orchestration capabilities that make AI an efficiency powerhouse for other business functions are what can make it an unprecedented threat for security leaders. Traditional defense-in-depth strategies are designed to catch a single intruder moving laterally through a network, but they aren't equipped to handle hundreds of coordinated entities attacking every vulnerability simultaneously. "I just found a new commercial tool that is promoting a service where they have 200 agents performing penetration testing," Mousa shares. "Two hundred hackers working at the same time, each with its own experience, its own workflow, and only one job to do. We call that a swarm of agents. They are completely synchronized. If one agent discovers something, the other 199 agents instantly know." This swarm approach allows a threat actor to overwhelm an SOC by launching a multi-front assault that moves faster than any human-led response team can track.

Despite the risks, Mousa stresses that he does not see AI as purely negative. He expects that the same technologies reshaping enterprise workflows will be used to strengthen defenses. "If we have agents acting as hackers, we need agents working in incident response." Some security teams are beginning to do just that, experimenting with agentic SOC or agentic SIEM models where AI agents assist with detection, correlation, and response tasks under tight governance. Ultimately, Mousa would like to see investment in AI security keep pace with AI capability development through secure-by-design engineering practices, non-human identity governance, and more automated SOC workflows. In his view, organizations are only beginning to define guardrails for agents, even as deployments accelerate. "This area needs a lot of research and development. It's still early, and we need innovation and resources in AI security now more than ever." The way security leaders handle the gap, he suggests, could determine how quickly enterprises capture the upside of agentic AI without being overwhelmed by its risks.