Presented by Splunk
With its ability to reason, adapt, and take action autonomously at machine speed, agentic AI has the power and potential to dramatically change how enterprises maintain their digital resilience. It also redefines how they secure and deliver reliable performance for their digital ecosystems, where data pattern recognition and decision-making need to happen in real time and at machine speed.
With agentic AI, companies get the benefits of a conversational analysis experience from LLM reasoning and adaptation plus the automation of task execution from the agentic framework. Together these shift IT teams from reactive fire-fighting mode to proactive planning mode. Here’s how.
The promise of agentic AI for digital resilience
1. Pinpoint root-cause (almost) instantly
Agentic AI can cross siloed application boundaries to bring data insights together for more complete visibility.
For example, agentic AI can use LLMs to analyze logs, metrics, events, and trace data; call upon different monitoring systems in your ecosystem; apply reasoning to the data; and recommend or take actions to remediate. In minutes, the agentic AI can complete what used to take a site reliability engineer hours to pinpoint and troubleshoot potential issues.
For security threats, agentic AI can analyze data streams to identify threats in real-time, including zero-day exploits or insider threats; automate multi-step investigation workflows from multiple security applications; and execute appropriate remediation responses to contain the threat and prevent lateral movements. Investigations that took the SOC analyst hours can now be done in minutes.
2. Preempt disruptions and downtime
The power of agentic AI can prevent incidents and disruptions in more proactive ways.
By studying historical data and current trends, agentic AI can forecast vulnerabilities — such as unpatched software or weak encryption — before they are exploited. It can detect subtle user behavior anomalies and flag suspicious activity before damage occurs. It can also analyze real-time data streams — such as logs, metrics, and traces from multiple sources — to provide a comprehensive view of system health and detect issues such as resource bottlenecks or latency spikes before they escalate.
In short, the speed and scale at which root cause analysis can be done by agentic AI means more alerts can be analyzed — and resolved — before they become bigger issues.
3. Make better decisions with contextual, real-time insights
Agentic AI has the ability to process new information in its environment and adapt its reasoning and course of action in real time. Contextual data refers to the rich, multidimensional information about users, devices, applications, and environments — such as user behavior patterns, device states, network conditions, and data flows. Agentic AI can process contextual data and patterns to make rapid, informed decisions to detect and remediate incidents and optimize operational performance.
4. Upskill and optimize the workforce
With agentic AI, you get both a natural language interface and automated task execution through the agency framework. Workers at all levels can use it to upskill their knowledge across domains, whether identifying security threat vectors or navigating complex application stacks in observability.
Key deployment considerations for agentic AI
1. Keeping humans IN and ON the loop
Humans are ultimately responsible for managing AI agents. As more AI agents augment the work of analysts and managers, organizations will need technical analysts to learn new skills to manage agents and incorporate them into enterprise workflows (human-on-the-loop).
Automating the full detection–investigation–response workflow is appealing — but as workflows grow more complex, with multiple agents and steps, so does the risk of compounding errors and hallucinations.
Inserting humans at critical points in the automated analysis workflow (human-in-the-loop) enables you to ensure the agent(s) is on the right track, provide real-time feedback and use reinforcement learning to improve model performance.
2. Avoid hallucinations with domain-specific, specialized agents
There’s a real cost to model hallucinations. This McKinsey AI Report estimates $67.4B was lost globally due to hallucinated AI output. OpenAI’s o3 and o4-mini were shown to hallucinate between 51% and 79% of the time on reasoning tasks.
Narrowing the agent’s purpose — combined with fine-tuning and augmenting the model with RAG using domain-specific data — improves output accuracy. Specialized agents for areas like security and observability and even more targeted ones for detection, investigation, and response will deliver greater precision. These agents will also benefit from lower inference compute costs and latency compared to larger general-purpose LLMs.
3. Ensure seamless integration and compatibility in agentic ecosystems
Integrating agentic AI into your IT environment requires rethinking of data flows, processes, and security protocols, and adapting user interaction models to maintain system integrity while harnessing AI’s potential. Three emerging protocols will help accelerate this:
- MCP (Model Context Protocol) for LLMs to integrate with other applications and data
- A2A (Agent-to-Agent) allows agents to communicate and collaborate with each other
- AGNTCY (Agency) for vendor-neutral standardized agent orchestration across the enterprise
4. Agent access control and data privacy governance
The volume and speed for agent access management will far exceed the traditional human access management.
It’s critical to define clear access levels for autonomous agents that maintain compliance, and establish a plan of record for audits and governance. The goal: boost operational efficiency without introducing risk so AI acts as a secure, augmentative force within the IT ecosystem.
Splunk AI for digital resilience
Splunk, a Cisco company, is redefining enterprise security and observability with AI at its core to accelerate insights, automate critical workflows, and boost analyst productivity. Building on a long history of machine learning capabilities, Splunk is embedding generative and agentic AI across its industry-leading security and observability solutions. With a unified data platform for operational data, Splunk is building an AI-ready platform to turbocharge enterprise security and observability outcomes.
Visit www.splunk.com/ai to learn more.
Cory Minton is Field CTO – AI at Splunk. Sancha Norris is Product Marketing Leader at Splunk AI.
Sponsored articles are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. For more information, contact
