Hybrid Cloud
Cybersecurity
Data & AI
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities
Banking and Finance
Smart Cities
Public Sector
Webinar on agentic AI and Cybersecurity: when the threat comes from outside and from within operations
As we saw in the RSA Conference 2026 recap, agentic AI has become an immediate priority for Cybersecurity, both because of its business impact and the changes it introduces to defence models.
This shift is taking place across two areas. On the one hand, adversaries are incorporating AI to automate tasks, reduce timescales and improve their ability to evade detection. The data shared during our webinar, available with English subtitles, points in that direction: shorter attack cycles, faster propagation and less time to detect and respond.
On the other hand, companies are adopting agents within internal processes. This goes beyond the occasional use of tools and extends to systems with access to data, applications and the ability to execute actions within the business, as we explored in the post on shadow AI and agentic AI.
This is where the turning point emerges: agents need context, authorisation and a certain degree of autonomy to be useful. In other words, they need access to identities, data and the ability to interact with systems, which are precisely the elements attackers are looking for.
■ This introduces a new asymmetry. Defenders must respond to a faster adversary while also understanding and governing internal operations that are no longer entirely human. That combination marks a shift in how we approach Cybersecurity from now on.
The risk surface is no longer only expanding outwards. It is now being redefined from within.
The external threat: how attackers are evolving with AI
We are already seeing attackers using AI in real-world operations, with a direct impact on speed and scale. In fact, during our webinar we shared some figures that help illustrate this: the average propagation time within a network has fallen to 29 minutes, while in the fastest cases it can be as little as 27 seconds. This significantly reduces the window available to detect and contain an incident.
This increase in efficiency is not limited to process automation alone. It also involves a transformation in attack strategies.
For example, techniques such as phishing and disinformation are becoming more refined. More advanced cases are also emerging, such as the use of AI to identify valuable information on devices, dynamically generate scripts for lateral movement or deploy malware that delegates part of its logic to external models.
Added to this is a pattern that is becoming more pronounced: attackers are diversifying their entry points. There is less dependence on the traditional endpoint and greater focus on identity, Cloud, SaaS applications and the supply chain.
The result is a combination of speed, adaptability and reduced friction throughout the attack process.
We should not lose sight of the fact that this evolution is taking place simultaneously and in parallel with the adoption of AI within businesses. This means attackers are improving their capabilities while also exploring new attack surfaces linked to these environments.
■ The external threat is no longer limited to compromising systems and is now also beginning to interact with complex ecosystems where models, agents and data are interconnected.
The internal threat: risks of agentic AI within operations
During our webinar, we addressed this quite directly: the issue is no longer only who is attacking, but also how we ourselves are operating.
Here, we are not only talking about shadow AI or the uncontrolled use of AI tools, because we are now facing a different level of exposure that requires a broader and more comprehensive framework.
Unlike generative AI, which is based on responses, AI agents are active and integrated into business processes: they connect to systems, query data, interact with applications and execute actions. This changes the nature of risk: they may receive manipulated instructions, access unclassified and overshared information, use tools out of context or act without supervision and validation.
—The example mentioned during the webinar is particularly illustrative: a financial agent processing invoices could approve a fraudulent payment if manipulated input, lack of supervision and additional validation, and the autonomy to execute the action all come together.
With agentic AI, the impact is no longer centred on access, but on execution.
Moreover, these systems do not operate in isolation. As soon as we move into multi-agent environments, complexity multiplies. Each agent introduces its own risks, as do the interactions between them. This makes overall behaviour much harder to anticipate.
■ At this stage, Cybersecurity must stop focusing solely on compromised systems and begin to understand whether what is happening within operations is consistent with what should be happening.
The risk turning point in autonomous AI
Up to this point, it might seem like we are dealing with two separate issues: more sophisticated attackers and businesses becoming more exposed through the way they adopt AI.
In practice, these two areas converge at a turning point that increases the overall impact:
- An attacker who gains access no longer moves through traditional systems alone. They can now interact with agents, manipulate instructions, exploit integrations or escalate actions through automated processes.
- A poorly governed agent can amplify an incident. If it has permissions, context and execution capabilities, it can become a risk multiplier and trigger cascading business actions.
■ This approach transforms our perception of risk: it is no longer enough to detect an intrusion. Organisations must also understand internal activities, analyse the behaviour of autonomous systems and verify whether their actions align with what was intended.
The question shifts from “is there an attacker?” to “is this behaviour legitimate?”
None of this is always obvious, because an agent may do something that is technically correct but occurs out of context. It may access valid data, but at the wrong moment. It may execute an expected action, but within an altered workflow. Detecting these deviations requires more than rules or signatures.
Context is essential. For this reason, during the webinar we emphasised that Cybersecurity is evolving towards behavioural oversight, rather than focusing solely on monitoring technical events.
■ This trend requires a deeper understanding of business processes and how agents are expected to operate under normal conditions, which demands a shift in the protection model.
The SOC as the control centre for the agentic business
At this stage, the Security Operations Centre (SOC) must evolve beyond event correlation and technical incident handling to understand operational dynamics.
In the post on the SOC of the future, we already highlighted the need for this evolution: more context, automation and response capabilities. Agentic AI adds an additional layer to everything we already know. It is now necessary to interpret signals and behaviours.
Since detecting an anomaly in an agent first requires knowing what it should be doing, Cybersecurity must move even closer to the business. This means understanding processes, workflows, dependencies and operational logic, not in abstract terms but in practical detail: what inputs an agent receives, what decisions it makes and what actions it can execute.
From there, several key elements begin to change:
- Identity. Agents operate with non-human identities, often with broad permissions distributed across systems. Governing those identities is essential.
- Access. The Zero Trust approach remains valid, but taken to the extreme. Continuous validation, least-privilege access and real-time control at machine speed are required, because agents are fast and do not wait.
- Observability. Technical logs alone are not enough. Organisations need end-to-end traceability of decisions, context and actions. It is necessary to understand what happened and why.
- Response. In many cases, timelines no longer allow for manual intervention. Containment must be automated, permissions adjusted or behaviours blocked as soon as a deviation is detected.
■ Applying all of this does not mean replacing the existing SOC, but rather complementing it and expanding its role with new capabilities so it can oversee autonomous processes, protect infrastructure and govern agent-based business operations.
Conclusion
The adoption of agentic AI will continue to grow, as it is becoming essential for business competitiveness and efficiency. The question is how to implement it securely and with control: visibility, governance and the ability to respond to deviations.
Cybersecurity therefore becomes a layer of trust that manages complexity, identifies behaviours, governs non-human identities and applies dynamic controls in real time. This requires technology, expertise and capabilities, alongside the right operating model.
At Telefónica Tech, we approach this from a dual perspective: architecture and operations. On the one hand, by covering the entire AI Security lifecycle. On the other, by evolving our SOC to adapt it to environments where agents are part of day-to-day operations, enabling companies to advance their adoption without losing control and making Cybersecurity the essential mechanism for ensuring this evolution remains sustainable for businesses.
■ We invite you to download our report Secure Journey to AI ⇣ and move forward with AI adoption through a structured approach focused on security, governance and compliance.
A framework that combines risk identification, protection of models, data and identities, and an integrated response makes it possible to control both exposure to external threats and the behaviour of AI systems within business operations themselves.
