AI Security Agents Get Persona Makeovers - Dark Reading

CYBERSECURITY OPERATIONS APPLICATION SECURITY REMOTE WORKFORCE CYBER RISK News, news analysis, and commentary on the latest trends in cybersecurity technology. AI Security Agents Get Persona Makeovers New synthetic security staffers promise to bring artificial intelligence comfortably into the security operations center, but they will require governance to protect security. Robert Lemos,Contributing Writer November 7, 2025 5 Min Read SOURCE: IMAGEFLOW VIA SHUTTERSTOCK A handful of cybersecurity firms are leaning heavily into wrapping artificial intelligence (AI) agents in synthetic personas, creating digital AI employees that interact with security teams and act as entry-level analysts that autonomously investigate and resolve issues. But while this makes humans more comfortable with their agentic co-workers, it opens security issues that organizations will need to address.  Startup Cyn.Ai introduced Ethan, one of many synthetic intelligence (SI) workers that the company plans to develop to take on specific tasks for customers, such as brand protection, vulnerability management, and asset discovery. The digital workers aim to replace other providers' security-as-a-service offerings and have personas that wrap the AI agents. The synthetic cybersecurity specialist even has a LinkedIn page. The goal is to allow companies to be able to pull individual workers on an as-needed basis and gain a virtual security team that can assist and act as a guide, says Gil Levy, co-founder and CEO of Cyn.Ai. Digital employees promise to augment security teams, making them able to detect threats faster, respond to breaches more quickly, and have a better view of the status of a company's digital assets. Related:AI Dominates RSAC Innovation Sandbox "It's like your digital twin or your peer that you can talk to — you can ask questions, [and you are] not dealing with all these issues on your own," he says. Levy acknowledges these agents are "a markedly new psychological interface model for users," so the LinkedIn personas are an experiment to make users comfortable.  Yet current security controls will need to adapt to dealing with autonomous nonhuman identities to give humans the ability to understand what they are doing and manage them, says Geoff Cairns, a principal analyst in the security and risk group at business intelligence firm Forrester Research. "The biggest concern for organizations is how to move into that future without undermining trust and effectiveness in critical security operations," he says. "Although these types of AI agents will introduce new risks of their own, they can make security more effective by enhancing continuous monitoring and threat detection, automating incident response, enforcing least privilege dynamically, assisting with human risk management, and improving regulatory compliance." Digital Employees More Than Sum of Agents AI digital employees are not single agents but a group of AI agents working together to — in the case of a digital security analyst — find issues, investigate an incident, prioritize actions, and resolve the incident. Where AI agents complete well-defined tasks in a narrow area, an AI digital employee brings a great deal of context to its decisions and actions, says Benny Porat, co-founder and CEO of Twine Security, an AI-first security firm and finalist in Black Hat USA's startup competition. Related:ServiceNow Buys Armis for $7.75B, Boosts 'AI Control Tower' "Where a traditional AI agent might complete a single task or assist within narrow boundaries — what I call horizontal skills — an AI digital employee is deeply vertical in its expertise and operates with context," he says. "It doesn’t just understand the issue, it knows the full color and background surrounding it, enabling context-based decisions rather than static, predefined workflows." Twine's first AI digital employee is called Alex, a synthetic worker that focuses on identity and access management (IAM) tasks, can coordinate response activities, and report on results.  Cyn.Ai kicked off its offering with an SI-focused on a brand protection, which monitors its clients' online assets, scans for impersonations, and looks for information stealers — simplifying detection and aiding in response. The AI security agent reduces false positives by 85% and executes takedowns in under a minute, according to Cyn.AI's Levy. Related:Enterprises Gear Up Ahead of 2026's IT Transformation Shift "The nice thing here is that, first of all, the agent is learning, so that means if a certain pattern of problem follows the same playbook, the agent will offer to take the work off you and automate it, escalating on your behalf and following up on things," he says. While the agents are capable of automating a lot of work, it's not about replacing members of the security team, but augmenting their efforts, he says.  "We're not going to remove the human factor altogether, but we're definitely going to reduce the dependency" on employees for everyday tasks, Levy says. "We will see more and more agents taking an active role in day-to-day cybersecurity operations." A Less Privileged AI Agent However, such personas and agents bring risks. For one, while agents allow for more human interaction, and personas can camouflage the automation with context and personality, human workers need to limit their trust on digital AI workers. Companies need to make sure that they are managing security agents — and AI agents of all types — by implementing transparent audit trails and always keeping a human in the loop, says Forrester's Cairns. Digital employees taking on security roles need to be managed as first-class objects within IAM systems and using the principle of "least agency," he says. "Least agency builds on the principle of least privilege," Cairns explains. "AI agents within agentic architectures must receive the minimum set of permissions, capabilities, tools, and decision-making to complete specific tasks bound by time and scope of approval. Least privilege focuses on access; least agency places boundaries on decisions and actions." In creating the AI worker Alex, Twine focused on transparency and keeping a human in the loop, claiming that every action taken by the synthetic intelligence is transparent, traceable, and fully auditable, says Porat. "Managers can review not only what was done, but why it was done, with a complete record of the context, logic, and data sources behind each decision," he says. "This collaborative approach serves a dual purpose: It builds confidence by maintaining human control, while gradually demonstrating the AI's reliability." The hope is that as trust is gained, companies will delegate more responsibilities to the AI agents and digital employees. About the Author Robert Lemos Contributing Writer Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report The ROI of AI in Security Cybersecurity Forecast 2026 ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like CYBERSECURITY OPERATIONS Women Who 'Hacked the Status Quo' Aim to Inspire Security Careers by Elizabeth Montalbano, Contributing Writer JUL 16, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 CYBERSECURITY OPERATIONS Secure Communications Evolve Beyond End-to-End Encryption by Robert Lemos, Contributing Writer APR 04, 2025 CYBERSECURITY OPERATIONS Bridging the Gap Between the CISO & the Board of Directors by Michael Fanning MAR 31, 2025 Latest Articles in DR Technology THREAT INTELLIGENCE How a Large Bank Uses AI Digital Twins for Threat Hunting MAR 24, 2026 IDENTITY & ACCESS MANAGEMENT SECURITY Microsoft Proposes Better Identity, Guardrails for AI Agents MAR 24, 2026 CYBERSECURITY OPERATIONS AI Dominates RSAC Innovation Sandbox MAR 22, 2026 СLOUD SECURITY Native Launches With Security Control Plane for Multicloud MAR 19, 2026 Read More DR Technology Want more Dark Reading stories in your Google search results?