The problem is that the cybersecurity systems overseeing those networks were never built to monitor software that behaves like an employee but is not one. “Today's security tools don't look at [AI] behaviour. But we've gone from malware and running software and patching to one or more AI agents doing all sorts of activities,” Mandy Andress, chief information security officer at Elastic, tells DigitalEdge on the sidelines of the ElasticON conference in Singapore earlier this week.
For years, corporate cybersecurity was fundamentally about people. Stop employees from clicking the wrong link. Keep hackers from exploiting software flaws. Make sure sensitive data stayed inside the organisation. The tools built for that job — from network monitoring software to login analysis and malware detection — were designed around human behaviour, whether the threat came from inside the company or outside it.
Now, a different kind of actor is spreading across corporate networks. AI agents are software programmes that can be assigned a goal and left to pursue it autonomously, querying databases, drafting and sending communications, and carrying out multi-step workflows without a human directing every action. Companies across industries are deploying them to automate operations from customer service to financial analysis.

