Notifications
Clear all
Topic starter
08/06/2026 4:21 pm
TL;DR: Traditional cybersecurity still reacts after incidents, but agentic AI can observe, plan and execute responses in real time, a shift Twine Security says is needed as 3,158 U.S. data compromises and UK enterprise breach rates keep pressure on defenders. The model changes the speed and governance assumptions behind IAM, access review and remediation.
NHIMG editorial — based on content published by Twine Security: From Reactive to Proactive Cybersecurity
By the numbers:
- In 2024 alone, U.S. organizations reported 3,158 data compromises.
- Across the UK, nearly half of medium-to-large enterprises were hit in the last 12 months.
- Breaches take an average of 258 days to identify.
Questions worth separating out
Q: How should security teams use agentic AI in IAM without losing control?
A: Security teams should limit agentic AI to well-bounded identity workflows first, such as entitlement cleanup, anomaly triage and policy validation.
Q: Why do reactive security models struggle against AI-driven attacks?
A: Reactive security models assume defenders can detect, interpret and respond before the attack gains momentum.
Q: What breaks when identity reviews happen only on a fixed schedule?
A: Fixed-schedule reviews miss access that is created, used and abused between review cycles.
Practitioner guidance
- Map which security tasks can be delegated safely Classify identity and security workflows by whether they require recommendation, human approval or autonomous execution.
- Rebuild IAM for continuous validation Replace quarterly or annual entitlement reviews with policy checks that run continuously against live access data.
- Set explicit guardrails for autonomous response Define which tools an agent may use, which actions require approval and which events must halt execution before remediation is completed.
What's in the full article
Twine Security's full blog covers the operational detail this post intentionally leaves for the source:
- How the vendor frames agentic AI as a digital employee for IAM tasks and where that framing changes governance expectations.
- Examples of the operational burden created by legacy IAM deployment, upkeep and deprovisioning workflows.
- The vendor's specific explanation of how autonomous execution is supposed to reduce remediation workload.
- The full article's positioning on proactive cybersecurity as a response model for identity management teams.
👉 Read Twine Security's analysis of agentic AI and proactive cybersecurity →
Agentic AI in cybersecurity: are your IAM controls keeping up?
Explore further
08/06/2026 5:57 pm
Reactive defence is now an identity governance problem, not just an operations problem. Security teams are not failing because they lack intelligence; they are failing because their control model assumes that detection and response can happen after the attack has already scaled. In identity programmes, that assumption shows up as delayed access review, delayed remediation and delayed containment. Practitioners should treat speed as a governance variable, not only a SOC metric.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: How can organisations tell whether autonomous security automation is helping?
A: They should look for shorter time to containment, fewer stale entitlements and less manual effort spent on repetitive identity work. If automation is still generating review backlog, creating unclear ownership or widening access without traceability, it is adding governance debt rather than reducing risk.
👉 Read our full editorial: Agentic AI shifts cybersecurity from reactive defense to proactive action
