Agentic AI and cyber crisis management: promises, interoperability and red lines.

In recent months, so-called “agentic” AI has emerged in technology discussions as the next step after generative models. Where generative AI produces content, agentic AI promises to orchestrate actions: chaining tasks, interacting with systems, consulting sources and proposing courses of action.

In cyber crisis management, this evolution naturally generates strong interest. It nevertheless deserves a rigorous analysis. Because agentic AI, even more than generative AI, raises a central question: where to draw the line between assistance and autonomy?

This reflection cannot, however, be separated from the question of tooling. An agent’s value depends above all on the quality of the information it accesses and its ability to contextualize it. From this perspective, platforms such as OpenCTI, capable of collecting, structuring and correlating data from multiple technical, operational or intelligence sources, are particularly relevant building blocks. They offer a coherent information foundation on which agents could tomorrow rely to accelerate analysis, enrich the understanding of a situation or support certain functions of the crisis cell.

This leaves a fundamental question: how far should these agents go in formulating recommendations, or even in executing actions, when an organization faces a major cyber crisis?

Understanding agentic AI: orchestration more than intelligence

Agentic AI is often presented as a disruption. In reality, it corresponds first and foremost to an orchestration capability: a system capable of mobilizing several tools, querying databases, triggering actions, and producing a structured recommendation.

In cyber crisis management, this concretely means: no longer just summarizing or drafting, but also:

• automatically collecting information;
• cross-checking sources;
• updating a crisis logbook;
• preparing supporting materials;
• proposing actions for validation.

This change is significant: it no longer concerns just text production, but the chaining of tasks. It therefore opens up real potential, but it also significantly increases the risks.

Interoperability: the decisive contribution of agentic AI

The main value of agentic AI in cyber crisis management does not lie in any supposed autonomy, but in its ability to interface with complementary building blocks.

In a cyber crisis, information is fragmented:

• technical data (SIEM, EDR, logs, IOCs, CTI);
• organizational information (actors, responsibilities, processes);
• methodological references (crisis plans, procedures, checklists);
• internal historical records (lessons learned, past crises, structuring decisions);
• legal, regulatory and contractual constraints;
• communication and reputation issues.

A properly integrated agentic artificial intelligence can play a pivotal role: aggregating these sources, connecting them, contextualizing them and producing more relevant recommendations than those from an isolated AI.

It is precisely in this interoperability that the promise lies: reducing fragmentation, accelerating the stabilization of the situation, and supporting teams in multi-stakeholder coordination.

Agentic AI: realistic and useful use cases

The most relevant use cases for agentic AI in cyber crisis management are those that remain within a logic of supervised assistance:

• collection and consolidation of multi-source information;
• automatic updating of the crisis logbook from exchanges;
• preparation of structured situation updates;
• proposal of evolution scenarios and action plans;
• methodological reminders based on the crisis phase;
• pre-drafting of communications tailored to stakeholders;
• orchestration of repetitive tasks (ticket creation, internal distribution, formatting).

In these uses, the agent does not replace the crisis cell: it helps it endure over time.

🔗 Read also: how AI can support decision-making in cyber crisis management

Red lines: what agentic AI must not do

But agentic AI introduces a major risk: the temptation to delegate not just tasks, but responsibilities.

In cyber crisis management, some boundaries cannot be crossed.

An agent must never:

• make an autonomous decision committing the organization;
• communicate externally without explicit human validation;
• act directly on critical systems without supervision;
• trigger irreversible or high-impact actions;
• access sensitive data without strict control of data flows.

These red lines are not a matter of mere principle. They are imperative operational and legal requirements.
In a digital crisis situation, the question is not only “is it effective?”, but “who is responsible?” and “who takes ownership?”.

🔗 Read also: why AI must never become an implicit authority in cyber crisis management

The risk of an illusion of control

Agentic AI can also reinforce an illusion already observed with generative AI tools: that of artificial readiness. Because an agent can quickly produce summaries, scenarios or recommendations, it can give the impression that the organization is prepared.

Yet cyber crisis management relies on non-automatable fundamentals: 

• training,
• governance,
• clarity of roles,
• decision-making culture,
• command of communications,
• ability to make trade-offs under pressure.

Agentic artificial intelligence does not compensate for a weak system. It can even weaken it by masking its gaps. Conversely, it strengthens a robust and trained organization.

🔗 Read also: Resilience in the age of AI: the delicate art of balance

Governing agentic AI: oversight, traceability, control

Integrating agentic AI into systemic crisis management programs requires a particularly strict governance framework.

Three principles appear non-negotiable.

1. Maintain continuous human oversight

The agent proposes. The human validates.

The system must be designed to prevent any drift toward uncontrolled autonomy, particularly in critical environments.

2. Ensure traceability of recommendations and actions

The agent must be able to explain:

• its sources;
• its actions;
• its assumptions;
• its limitations.

In cyber crisis management, the absence of traceability is itself a vulnerability.

3. Strictly control sensitive data

Agentic systems handle particularly critical information.

Their integration therefore requires:

• secure environments;
• segmented data flows;
• strong compliance requirements;
• mastery of digital sovereignty issues.
  

Conclusion: yes to agentic AI, but under strict discipline

Agentic AI can constitute a major advance for cyber crisis management, particularly by strengthening interoperability between technical, organizational and decision-making data. It can accelerate the consolidation of the situation, support coordination, and produce more contextualized recommendations.

But it can only be integrated under strict discipline: clear red lines, robust governance, continuous human control, non-negotiable data security.

In systemic crisis management, technology does not replace responsibility. Its value lies solely in strengthening the ability of organizations to decide, act and communicate with clarity.

And if it remains, in all circumstances, a tool in service of the human.

FAQ: Agentic AI and cyber crisis management

What is agentic AI?

Agentic AI refers to a form of artificial intelligence capable of orchestrating actions and interacting with several tools or sources of information. Unlike conventional generative AI, which primarily produces content, an agentic AI can chain tasks together, query databases, coordinate workflows and propose structured actions.

What is the difference between generative AI and agentic AI?

Generative AI mainly produces text, images or summaries from a prompt. Agentic AI goes further: it can mobilize several tools, interact with external systems and automate certain sequences of actions. In cyber crisis management, this makes it possible, for instance, to consolidate information, prepare situation updates or orchestrate repetitive tasks.

How can agentic AI be used in cyber crisis management?

In cyber crisis management, agentic AI can be used to:

• aggregate data from multiple sources,
• automatically update a crisis logbook,
• prepare operational summaries,
• propose evolution scenarios,
• orchestrate certain administrative or organizational tasks.

It acts as a supervised assistance tool, designed to support teams in complex and evolving environments.

What are the benefits of agentic AI in a crisis situation?

One of the main benefits of agentic AI lies in its ability to reduce the fragmentation of information. By centralizing and contextualizing scattered data, it can accelerate the stabilization of a crisis situation, improve multi-stakeholder coordination and reduce the operational load on teams.

What risks does agentic AI pose in cyber crisis management?

Agentic AI introduces several risks:

• loss of human control,
• excessive dependence on automated recommendations,
• traceability problems,
• uncontrolled access to sensitive data,
• triggering of inappropriate actions.

In a crisis situation, these risks can have significant operational, legal and reputational consequences.

Can an agentic AI make decisions in place of crisis teams?

No. In cyber crisis management, agentic AI must never replace human decision-making. It can assist teams, propose analyses or structure scenarios, but the trade-offs and decisions committing the organization must remain under continuous human control.

Why does human oversight remain essential with agentic AI?

Agentic systems can produce coherent recommendations that are nevertheless poorly suited to the actual context. Human oversight makes it possible to check assumptions, validate proposed actions and retain responsibility for decisions taken during a crisis.

Which tools can feed an agentic AI in cyber crisis management?

Agentic AIs can rely on several types of tools:

• CTI platforms,
• SIEM,
• EDR,
• log files,
• procedure references,
• crisis history records,
• collaborative tools.

Platforms such as OpenCTI can in particular help to centralize and correlate the information used by these systems.