Agentic AI adoption in application security sees cautious growth

A new study conducted by Cycode has revealed changing attitudes towards the use of agentic artificial intelligence (AI) within application security, indicating both cautious uptake and notable benefits among early adopters.
The survey, compiled from respondents at RSA Conference 2025, found that 60% of cybersecurity professionals are still at the early stages of adopting agentic AI, while those who have begun implementation are already reporting tangible improvements in productivity and risk mitigation.
Adoption and anticipated growth
The study highlights a considerable proportion of the market preparing for broader adoption, with nearly 50% of respondents planning to integrate agentic AI tools within the next year. The incremental approach taken by organisations reflects a degree of caution, particularly around the concept of granting AI systems the autonomy to make decisions independently. This hesitancy is attributed to organisations seeking to adapt their security practices to rapidly evolving development requirements while weighing the associated risks and benefits of such technology.
The research points out that as awareness of agentic AI's capability within application security grows, the focus on educating the market about both its advantages and potential risks becomes more pronounced. The report suggests that clear communication around these factors may help overcome reservations among organisations still in the initial phase of AI adoption.
Impact on workflows and team dynamics
The survey results illustrate the impact agentic AI could have on software development pipelines. Thirty percent of respondents believe integrating agentic AI into continuous integration and continuous deployment (CI/CD) pipelines would significantly enhance the process. The increased speed and frequency of code deployment-termed "vibe coding" in industry parlance-has led to faster development cycles.
This acceleration does not necessarily alter the ratio of application security personnel to developers, but it can create the impression of a widening gap, with security teams struggling to keep up. The data indicates that whilst 45% of respondents maintain a 1:50 to 1:100 application security-to-developer ratio, 26% report a much wider 1:500 to 1:1000 ratio. This imbalance places considerable strain on security professionals who are responsible for oversight, with survey findings indicating that agentic AI solutions have the potential to alleviate these pressures.
Agentic AI capabilities in practice
Key findings from the survey reveal varied perceptions on the utility of agentic AI for security teams. Forty-four percent of those surveyed believe agentic AI's greatest benefit lies in supporting the identification, prioritisation, and remediation of vulnerabilities. Another 38% believe these systems will enhance application security testing (AST), highlighting the perceived value of collaboration between AI and human teams to streamline key security operations.
More than half (52%) of respondents agreed that, when integrated with AST tools, agentic AI's use of pre-commit hooks effectively sustains security checks during code commits, transforming what were previously overwhelming manual tasks into manageable automated processes. In addition, 44% of cybersecurity professionals highlighted the value of agentic AI in streamlining and enhancing secrets detection to help prevent data leaks, with many pointing to the importance of context-aware decision-making capabilities for the effectiveness of such solutions.
Industry commentary
Amir Kazemi, Director of Product Marketing at Cycode, commented on the findings: "It's fascinating to follow the industry's measured, yet rapid adoption to Agentic AI. Many interpretations and modalities of 'agent' exist, from simple chatbots to complex workflow automations to true autonomous agents. Our data underscores that educating the market on what agentic AI truly is, why it matters for AppSec, and its tangible value is paramount right now. Cycode is committed to leading this charge, empowering security teams and developers the ability to sense, reason, and act with context through agentic AI solutions."
Cycode's latest research also notes the company's continued work in this area, including its agentic AI framework, which aims to support developers and security staff through autonomous AI teammates and context-aware remediation capabilities.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

NZ Herald

4 days ago

• NZ Herald

Amid bleak news, community generosity shines through

Upheaval is occurring in myriad regions. It is enough to make one turn away in despair. Here at home, we have our own issues, even if we are spared the horrors of war. The economy continues to languish. In May, consumer confidence fell amid global tariff uncertainty. Put simply, we are not spending. NZME business editor Liam Dann explained it last week: we are not spending, deferring in favour of saving or paying down our mortgages – just in case. Many industries, he said, are facing structural upheaval as artificial intelligence (AI) and other technological advances shake up the workforce. The brunt of this is being felt by people who should be at the peak of their spending power – particularly older professionals who are now unsure about their career prospects to retirement. So, yes, things seem bleak. But there remains those good news stories that manage to pierce the gloom; stories that restore our faith in humanity, our communities and each other. NZME's On The Up (OTU) campaign has highlighted a lot of these. The national campaign showcases stories of inspiration, success, courage and possibilities. A number of stories in just the past week embody all of these: Rotorua joined the national drive to collect a million cans for foodbanks; a Kaitāia cafe is offering free meals to tackle homelessness; Central Hawke's Bay teen Eve Hunter fashioned her ball gown from feed sacks and baling twine. The Northern Advocate told the story of 64-year-old John, living in a tent and unable to get social housing, despite his situation being deemed seriously at risk and in need of immediate action. He has chronic obstructive pulmonary disease (COPD) and asthma and is on a sickness benefit. He also has two elderly dogs, Max and Rusta. After John's plight was highlighted – help poured in. He received a dozen emails with offers of cheap cabins and places to stay, along with donations of food and bedding for him and his dogs. One woman from Christchurch ordered new dog bedding, pet blankets, dog food and dog jackets for Max and Rusta, and a woman from Auckland donated $200 for the dogs. John also had offers of food and bedding for himself. Perhaps best of all, he now has a small cabin to rent, provided by a fellow Northland resident. So, if there was any doubt there is good in the world this should help. Despite all the bad, people will always reach out to help one another if they can. Sign up to the Daily H, a free newsletter curated by our editors and delivered straight to your inbox every weekday.

Techday NZ

4 days ago

• Techday NZ

Agentic AI adoption in application security sees cautious growth

A new study conducted by Cycode has revealed changing attitudes towards the use of agentic artificial intelligence (AI) within application security, indicating both cautious uptake and notable benefits among early adopters. The survey, compiled from respondents at RSA Conference 2025, found that 60% of cybersecurity professionals are still at the early stages of adopting agentic AI, while those who have begun implementation are already reporting tangible improvements in productivity and risk mitigation. Adoption and anticipated growth The study highlights a considerable proportion of the market preparing for broader adoption, with nearly 50% of respondents planning to integrate agentic AI tools within the next year. The incremental approach taken by organisations reflects a degree of caution, particularly around the concept of granting AI systems the autonomy to make decisions independently. This hesitancy is attributed to organisations seeking to adapt their security practices to rapidly evolving development requirements while weighing the associated risks and benefits of such technology. The research points out that as awareness of agentic AI's capability within application security grows, the focus on educating the market about both its advantages and potential risks becomes more pronounced. The report suggests that clear communication around these factors may help overcome reservations among organisations still in the initial phase of AI adoption. Impact on workflows and team dynamics The survey results illustrate the impact agentic AI could have on software development pipelines. Thirty percent of respondents believe integrating agentic AI into continuous integration and continuous deployment (CI/CD) pipelines would significantly enhance the process. The increased speed and frequency of code deployment-termed "vibe coding" in industry parlance-has led to faster development cycles. This acceleration does not necessarily alter the ratio of application security personnel to developers, but it can create the impression of a widening gap, with security teams struggling to keep up. The data indicates that whilst 45% of respondents maintain a 1:50 to 1:100 application security-to-developer ratio, 26% report a much wider 1:500 to 1:1000 ratio. This imbalance places considerable strain on security professionals who are responsible for oversight, with survey findings indicating that agentic AI solutions have the potential to alleviate these pressures. Agentic AI capabilities in practice Key findings from the survey reveal varied perceptions on the utility of agentic AI for security teams. Forty-four percent of those surveyed believe agentic AI's greatest benefit lies in supporting the identification, prioritisation, and remediation of vulnerabilities. Another 38% believe these systems will enhance application security testing (AST), highlighting the perceived value of collaboration between AI and human teams to streamline key security operations. More than half (52%) of respondents agreed that, when integrated with AST tools, agentic AI's use of pre-commit hooks effectively sustains security checks during code commits, transforming what were previously overwhelming manual tasks into manageable automated processes. In addition, 44% of cybersecurity professionals highlighted the value of agentic AI in streamlining and enhancing secrets detection to help prevent data leaks, with many pointing to the importance of context-aware decision-making capabilities for the effectiveness of such solutions. Industry commentary Amir Kazemi, Director of Product Marketing at Cycode, commented on the findings: "It's fascinating to follow the industry's measured, yet rapid adoption to Agentic AI. Many interpretations and modalities of 'agent' exist, from simple chatbots to complex workflow automations to true autonomous agents. Our data underscores that educating the market on what agentic AI truly is, why it matters for AppSec, and its tangible value is paramount right now. Cycode is committed to leading this charge, empowering security teams and developers the ability to sense, reason, and act with context through agentic AI solutions." Cycode's latest research also notes the company's continued work in this area, including its agentic AI framework, which aims to support developers and security staff through autonomous AI teammates and context-aware remediation capabilities.

Techday NZ

12-06-2025

• Techday NZ

SMBs overestimate cyber readiness as tools & AI uptake lag

A new global survey shows a significant gap between small and medium-sized businesses' confidence in their cybersecurity readiness and the actual measures they have in place to defend against evolving threats. The "State of IT Security for SMBs in 2025" report, released by Devolutions, draws on responses from 445 IT, security, and executive professionals around the world. It finds that while 71% of SMBs say they feel confident in handling a major cybersecurity incident, only 22% report having an advanced cybersecurity posture. This disparity suggests that many organisations may be at greater risk than they believe. PAM practices The report highlights privileged access management (PAM) as a particular area of vulnerability. More than half of SMB respondents (52%) still depend on manual solutions—such as spreadsheets or shared digital vaults—to manage privileged credentials. This reliance on manual methods has actually increased since 2023, raising concerns about efficiency and security. "Manual access management isn't just inefficient – it's dangerous," notes Maurice Côté, VP Product at Devolutions. "The human is often the weakest link – and spreadsheets don't make us stronger. SMBs need lightweight, easy-to-deploy PAM tools designed for their reality." Despite the increasing risks, many SMBs have not adopted automated or fit-for-purpose tools to manage sensitive access rights, potentially exposing them to insider threats and credential misuse. Slow uptake of AI Artificial Intelligence (AI) is being discussed widely as a potential game-changer for cybersecurity. The report finds that 71% of SMBs intend to increase their use of AI-driven tools, which can aid in threat detection, anomaly identification, and predictive analysis. However, only 25% of respondents are currently leveraging AI in their cybersecurity practices, and 40% say they have not started at all. The slower pace of adoption is partly attributed to concerns about cyber threats targeting AI systems themselves, issues of data privacy, and a shortage of in-house expertise to implement advanced technology. "Artificial intelligence is a powerful advancement, but like fire, it must be handled with care," said Martin Lemay, CISO at Devolutions. "It's not without flaws, and its reliance on vast amounts of data makes strong governance and clear regulations essential to prevent misuse." This highlights that while AI can offer efficiency and intelligence in defending digital assets, it introduces new challenges that SMBs must navigate carefully. Budget issues The report also notes a general trend of increased investment in cybersecurity, with 63% of SMBs boosting their security budgets. However, nearly a third still allocate less than 5% of their overall IT budgets to security-related spending. This raises questions about whether new investment is being targeted effectively toward the highest-priority areas. "Budget increases are encouraging, but throwing more money at cybersecurity doesn't work if it's not aligned with real risks," said Simon Chalifoux, CIO at Devolutions. "SMBs need to spend with intention – on tools, processes and training that match their environment." The survey findings indicate that organisations often spend in ways that do not correspond to their most significant security risks, leaving gaps that could be exploited by attackers. From awareness to action Across all key areas—PAM, AI adoption, and budgeting—the report identifies a pattern: increased awareness is not always translating into practical action. While SMBs are more alert to cyber threats than in the past, many have not yet implemented measures that are widely considered best practice. "Cybersecurity isn't a checklist – it's a commitment," said David Hervieux, CEO of Devolutions. "It's not enough to feel secure; SMBs need to build the systems, habits and culture that make them secure. That means measuring their posture honestly – and investing like it truly matters. Because it does." As cyber threats become more sophisticated, organisations face growing pressure to close the gap between perceived preparedness and the reality of their cybersecurity defences. The report suggests that without updated tools, smarter spending, and a commitment to continuous improvement, SMBs risk remaining vulnerable as the threat landscape evolves.