The cybersecurity majors are betting that the enterprise move to autonomous AI agents will speed up platform consolidation. The biggest takeaway may be that securing agentic AI may be a headache initially.
However, the destination is clear. Agentic AI will ultimately be secured by cybersecurity agents.
The big cybersecurity vendors--CrowdStrike, Palo Alto Networks and Zscaler--have been pitching platform consolidation for a year. And judging by recent earnings reports, enterprises are consolidating cybersecurity platforms. AI agents could be the accelerator to cybersecurity consolidation.
What remains to be seen is whether cybersecurity vendors are simply cribbing the playbook from SaaS vendors. Enterprise software vendors--Salesforce, SAP, ServiceNow and Microsoft to name just a few--are outlining agentic AI possibilities and not surprisingly these agents happen to work best if you're consolidated on their platforms. After all, the standards of communication, negotiation and the handoff between AI agents on different platforms aren't set.
Cybersecurity vendors also want you on their platforms to consolidate the data footprint. The reality is a bit messier. Yaron Singer, VP of AI and Security at Cisco, said at Constellation Research’s AI Forum in Silicon Valley that AI applications are expanding the attack surface. Singer said:
"What I think is interesting about AI security specifically, is that not only that the attack surface becomes much larger, but the nature of AI makes it such that the solutions are very different. You can very easily manipulate the classification piece and then trigger operations, right that cause unwanted behavior. It's so non-deterministic that traditional security solutions that we have just don't apply."
CrowdStrike CEO George Kurtz said agentic AI will require a new strategy. "More access to more third-party and in-house agentic applications and services requires rethinking identity and data protection," said Kurtz. "Who is accessing data and where is it traveling matters more now than ever before? Securing AI starts a broader enterprise data discussion. I'm seeing CISOs, CIOs, and CEOs going to the drawing board to reinvent their technology stack with AI-powered platforms of record. For security, it's even more pressing."
Kurtz indicated that securing agentic AI is going to require more cybersecurity agents. CrowdStrike features Charlotte AI, which works across its Falcon platform. The general idea is that Charlotte is a security analyst that can leverage CrowdStrike's first party data.
Palo Alto Networks CEO Nikesh Arora hit similar points when it came to securing agentic AI. Arora started cybersecurity's platformization push last year.
Arora said on Palo Alto Networks second quarter earnings call that companies need to harmonize data across the network and various enterprise systems. "Unless we can harmonize the data across the network, it will be challenging for customers to adopt AI-enabled security capabilities in the future," said Arora. "We have to believe that in the future, all solutions will need to integrate, harmonize data and use that to train AI agents to solve security."
The Palo Alto Networks CEO said that enterprises will move away from disparate cybersecurity tools in part because they'll need to consolidate data silos.
"These 1,150 customers who are platformized have data that is harmonized. We can run and build agents on top of that," said Arora.
In the future, you'll see AI security agents chasing down threats to AI agents focused on making decisions and automating workflows. Arora argued that one platform means you can harmonize data and security policies.
"I found a new raison d'etre for platformization. Our earlier sort of narrative was that you need a platform so you get a single pane of glass," said Arora. "As we go down this journey, we've been talking about deploying agents. Why do we need human beings trying to do these complex tasks and trying to understand how security you deploy it? Why can't we have agentic personas to be your network configurator or your phishing remediator. Why can't we design security agents? That's when you realize you can't design an agent unless you have the data."
Zscaler CEO Jay Chaudhry hit similar themes during the company's earnings call: "The growing adoption of AI is driving demand across multiple dimensions, including data protection and our AI-powered security products."
Zscaler is seeing strong demand for its data protection modules as generative AI is adopted. Enterprises are looking to prevent data loss to public AI apps.
Chaudhry added that cheaper foundational models will enable more attacks as well as productivity. "The release of DeepSeek R1 highlights advancements in model training, which can make Gen AI capabilities more widely available. Someone called it Jevons Paradox, which I agree with," he said. "In fact, I think this is the internet moment of AI, which will drive rapid adoption of AI in every aspect of our lives and will create a greater need for better security."
