Agentic AI for Cyber Resilience: A New Security Paradigm and Its System-Theoretic Foundations

TL;DR

This paper advocates for a paradigm shift in cybersecurity towards agentic AI-driven resilience, emphasizing autonomous, adaptive systems capable of sensing, reasoning, and responding to cyber threats in real-time.

Contribution

It introduces a system-theoretic framework and architecture for agentic AI workflows, integrating game theory and case studies to enhance cyber resilience.

Findings

Game-theoretic models unify autonomy and information flow design.

Case studies demonstrate improved resilience through autonomous workflows.

Equilibrium-based design enhances system adaptability and recovery.

Abstract

Cybersecurity is being fundamentally reshaped by foundation-model-based artificial intelligence. Large language models now enable autonomous planning, tool orchestration, and strategic adaptation at scale, challenging security architectures built on static rules, perimeter defenses, and human-centered workflows. This chapter argues for a shift from prevention-centric security toward agentic cyber resilience. Rather than seeking perfect protection, resilient systems must anticipate disruption, maintain critical functions under attack, recover efficiently, and learn continuously. We situate this shift within the historical evolution of cybersecurity paradigms, culminating in an AI-augmented paradigm where autonomous agents participate directly in sensing, reasoning, action, and adaptation across cyber and cyber-physical systems. We then develop a system-level framework for designing agentic AI workflows. A general agentic architecture is introduced, and attacker and defender workflows are analyzed as coupled adaptive processes, and game-theoretic formulations are shown to provide a unifying design language for autonomy allocation, information flow, and temporal composition. Case studies in automated penetration testing, remediation, and cyber deception illustrate how equilibrium-based design enables system-level resiliency design.