ARTIFICIAL intelligence (AI) is evolving beyond chatbots and copilots. The next phase we’re looking at now is agentic AI: systems that do not just generate answers but also plan tasks, make decisions and act with limited human prompting. In business terms, AI is now moving from being an assistant to being an operator.
This shift matters deeply for cybersecurity. Trust is no longer shaped only by brand, service quality, or good intentions but also, increasingly, by an organization’s systems capability to behave reliably, safely and responsibly under pressure. In the age of agentic AI, trust is becoming a live operational test.
Cyberattack chain getting shorter
For years, cyberattacks followed a familiar pattern: attackers would study a target, identify weak points, test what worked and then move deeper into systems. This process often took time, skill and coordination. However, agentic AI is changing this equation.
Systems that can plan and adapt can help attackers move faster across the attack chain. They can help gather information, tailor deceptive messages, test multiple approaches and react quickly to results. The concern is not just that AI can generate more content — it is that AI can increasingly help drive action.
For Philippine organizations, this is not a distant issue. A bank managing digital transactions, a hospital protecting patient data, a retailer running online channels, or a telco supporting millions of users may all face the same reality: threats are becoming faster, more scalable and more persistent. For leaders, it is no longer a question of whether AI will shape the threat landscape. It already is.
Defense can move faster too
The shift in attacks can also strengthen defenders. Security teams today deal with growing volumes of alerts, fragmented tools and limited talent. Agentic AI can help analyze signals faster, investigate suspicious activity, surface likely priorities and support quicker response.
That matters because cybersecurity is no longer just a technical function but a business resilience issue. The ability to detect and contain threats quickly affects service continuity, customer confidence and brand value. When systems go down, payments fail, operations stall, or sensitive data is exposed, trust erodes quickly and the business cost becomes immediate.
This is also changing what clients expect from service providers. Organizations no longer want assurance only at a single point in time. They want confidence that their defenses, controls and processes can hold up in an environment where threats evolve by the hour. In practice, this means that the conversation is shifting from periodic review to continuous resilience.
This is where many organizations may misread the opportunity. The race to deploy AI agents can easily become a race to deploy new forms of exposure. In cybersecurity, speed without governance is not innovation. It is unmanaged risk.
If enterprises are going to use agentic AI in operations, customer experience, compliance, or cyber defense, then their systems must be designed with discipline from the start. They need clear limits, controlled access, strong monitoring and accountability for what they do. High-impact decisions still require human oversight. Just as important, these systems must be tested not only for performance, but also for failure.
This is the trust question leaders now need to ask: not only whether an AI agent can act, but whether it can be trusted to act safely. The organizations that will stand out in the next few years will not simply be those with the most advanced AI; they will be the ones with the most dependable AI.
Leadership will define the outcome
The real divide ahead will not be between companies that use AI and those who do not. It will be between those who govern autonomous systems seriously and those who treat them as shortcuts.
For business leaders and policymakers, the message is clear. Agentic AI should be viewed not only as a productivity opportunity but as a trust issue. Organizations need to invest in capability but also in controls. They need to move with urgency but not recklessly. And they need to ask tougher questions now about accountability, access and resilience before these systems become deeply embedded in critical operations.
Trust has always mattered in business. But in the age of agentic AI, trust is becoming more measurable and more fragile. It will be defined not just by what organizations promise but by how their systems behave when the stakes are real. In cybersecurity, this difference will determine who earns confidence and who loses it.
FJ Isleta is a director with the technology and transformation practice at Deloitte Philippines, a member firm of the Deloitte network.
