Are We Ready for Auto Remediation With Agentic AI?

APPLICATION SECURITY VULNERABILITIES & THREATS APPLICATION SECURITY CYBER RISK COMMENTARY Enterprise cybersecurity technology research that connects the dots. Are We Ready for Auto Remediation With Agentic AI? With the rapid innovations in AI, we are entering an exciting era of automated risk remediation. Learn about security team readiness to leverage agentic AI for threat and exposure management. Melinda Marks,Practice Director, Cybersecurity,ESG March 9, 2026 4 Min Read SOURCE: PATTARA VIA ALAMY STOCK PHOTO The key to security program effectiveness is optimizing remediation. This has become increasingly difficult as organizations strive to modernize their processes with innovative technologies, including artificial intelligence (AI). As employees gain capabilities to collaborate and work faster, cyber assets and attack surfaces proliferate, making it difficult for security teams to take the needed actions to mitigate risk. Now, as organizations look to leverage agentic AI in areas such as software development, instead of incrementally increasing productivity, we are expecting exponential gains in productivity, further proliferating attack surfaces. At the same time, the threat landscape will also evolve rapidly, with attackers taking advantage of AI to scale their attacks. Security teams need to keep the AI advantage on the defender side to win the AI arms race. The good news is that cybersecurity and asset context are accessible programmatically, allowing continuous API-based data collection. With AI-backed data analysis and agentic AI capabilities that can autonomously perform tasks, we are entering an exciting era of risk remediation in the age of AI. Related:GlassWorm Malware Evolves to Hide in Dependencies In fact, last week, we saw the introduction of Claude Code Security from Anthropic — using context and traces of data flows across files to identify vulnerabilities and aid in remediation. This offers many advances compared to traditional vulnerability scanning approaches, because the contextual data can help find security vulnerabilities that traditional scanning tools might miss. It was a smart move for Anthropic to release a security tool to support developers using Claude Code to build their applications. But how ready are security teams to embrace agentic AI? Omdia’s recent study on "Automating Risk Reduction in the AI Era" showed organizations are rapidly moving toward AI-driven auto remediation. Most organizations (88%) are currently using AI-driven remediation, including 44% who said they have implemented AI-driven automated remediation for a majority of exposure types and 44% who said they have deployed AI-driven automated remediation for some exposure types and are actively exploring additional deployment. The top types of fully automated remediation actions are: Cloud infrastructure configuration changes (53%) Network access controls (50%) Identity and account permission changes (50%) Host and operating system patch deployment (43%) Infrastructure as Code modification (42%) Lower on the list are important areas including application source code (35%) and isolation of compromised assets (32%).  Related:Real-Time Banking Trojan Strikes Brazil's Pix Users There is also a high growth rate for adoption of agentic AI for threat and exposure management and risk reduction, with 42% using it in some areas and 46% actively piloting or exploring agentic AI concepts. Those using agentic AI reported significant gains in efficiency for mean time to detection (MTTD) and mean time to remediate (MTTR): 77% reported significant improvement to MTTD, and 23% saw minor improvements to MTTD. For MTTR, 65% saw significant improvements, and 33% saw minor improvements. However, they reported multiple concerns preventing them from deploying or more pervasively deploying agentic-based threat and exposure management. For example, 49% are concerned with trust in AI decision-making, 48% worry about security risks of AI itself, including adversarial attacks and prompt injection. Other concerns include integration and deployment complexities (41%), security team skill gaps (38%), and regulatory issues (38%).  While fear and lack of trust may be slowing adoption, as AI technology rapidly evolves, trust can be built over time, helping teams gain more confidence in applying agentic AI for its benefits to help security teams scale. The respondents also indicated how they expect AI-backed solutions to provide advantages because they can see or leverage data that non-AI backed systems cannot. These include: Related:Xygeni GitHub Action Compromised Via Tag Poison Real-time attack surface changes Predictive indicators of compromise Sophisticated behavioral patterns of threats External threat actor profiles Code-level analysis for zero-day vulnerabilities The major challenge for risk management has been keeping up with increased scale and productivity. The good news is that AI can address this, as the majority of respondents (95%) agree (54%) or strongly agree (41%) that AI provides improved accuracy and speed of discovery. Also, alert fatigue and prioritization has been a major challenge with growth and scale. The research revealed that most organizations (90%), believe that AI-derived risk scoring and prioritization are more accurate, including 36% rating it as significantly more accurate. This is an exciting time, as AI holds the potential to solve many of our top challenges by actually performing security tasks in faster, more efficient ways than humans. The goals should be increased productivity, optimized efficiency, accuracy and elimination of errors. Organizations indicated the top challenges they must address to successfully utilize AI-driven processes: Data quality and availability Integration with existing tools Difficulty in validating the accuracy of the AI recommendations Regulatory compliance concerns Cost of implementation These are key areas to explore for security teams looking to leverage AI, including agentic AI, to automate remediation and risk reduction. This will be crucial, especially as organizations also increasingly leverage AI to boost their productivity. Security teams will need to work with vendors to gain trust and comfort in embracing auto remediation utilizing agentic AI. as this will be the only way for security teams to scale to support faster development and resulting business growth. Read more about: Omdia About the Author Melinda Marks Practice Director, Cybersecurity, ESG Analyst Melinda Marks leads ESG’s analyst team focused on cybersecurity. Melinda covers technologies that help organizations scale safely while adopting faster cloud-native development cycles. Melinda has over 20 years of experience in technology marketing and strategy, focusing on product value and revenue growth. She has held leadership roles at Soluble (acquired by Lacework), Armorblox, Styra, StackRox (acquired by Red Hat), Tenable, Qualys, and VMware, where she built the customer reference program and led product PR. She is a Synopsys Outreach Foundation board member and has a bachelor’s degree in English from UC Berkeley. More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report The ROI of AI in Security Cybersecurity Forecast 2026 ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like APPLICATION SECURITY Microsoft & Anthropic MCP Servers at Risk of RCE, Cloud Takeovers by Nate Nelson, Contributing Writer JAN 20, 2026 APPLICATION SECURITY Microsoft Fixes Exploited Zero Day in Light Patch Tuesday by Jai Vijayan, Contributing Writer DEC 09, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 APPLICATION SECURITY 10 Bugs Found in Perplexity AI's Chatbot Android App by Nate Nelson, Contributing Writer APR 11, 2025