Cybersecurity teams can remain relevant in the age of AI by developing AI skills and leveraging the benefits of diversity, according to Vasu Jakkal, corporate vice president of Microsoft Security. Speaking at the RSAC Conference 2025 keynote stage, Jakkal discussed how the security landscape will be transformed by the emergence of agentic AI – autonomous generative AI systems capable of adapting to changing contexts to achieve predefined goals.
Jakkal envisioned a future where every organization and individual has an interactive AI agent at their disposal, potentially becoming more ubiquitous than apps. These agents will act as ‘digital colleagues’ working in tandem with human workers, taking forms such as research agents, analytics agents, and what Jakkal termed ‘chef of staff agents’ that could coordinate business and personal schedules.
The Evolving Threat Landscape
While AI brings significant changes to the threat landscape, there’s ongoing debate about its impact on individual cyber roles. Jakkal emphasized that cyber professionals can expect to regain more of their time due to AI innovation, but leaders must first define, direct, and guide these tools effectively. ‘Governance is an irreplaceable role we need to focus on,’ she stressed, ensuring AI agents serve their intended purposes.
Importance of Human Expertise and Diversity
Jakkal highlighted that human subject matter expertise, innovative thinking, and creative problem-solving will remain invaluable despite AI’s growing presence. She emphasized the continued importance of diverse perspectives and cognitive diversity in cybersecurity.
‘One thing we know for sure is the attackers we face are very diverse… The defenders need to make sure that we can think of all those facets,’ Jakkal said. ‘The AI that we build in security needs to have this diversity at the heart of it.’
Addressing AI Skills Shortage
The AI skills shortage remains a significant challenge for many organizations. Jakkal stressed that acquiring AI skills is no longer optional but a necessity for cybersecurity leaders, who must now also become AI leaders. ‘Developing AI, learning AI, is not going to be a nice-to-have – for us to thrive in this new world, it’s a must-have,’ she emphasized.
The Dual-Edged Nature of AI in Cybersecurity
While AI will enhance defenders’ capabilities, Jakkal warned that attackers will also leverage AI to improve their tactics. Microsoft is already observing an increase in sophisticated AI-linked attacks, including new vulnerabilities, malware variants, phishing, social engineering, and deepfakes.
Securing AI Agents
Jakkal highlighted that AI agents introduce new security considerations. Organizations must implement identity controls to define what data agents can access and which users they can work with. They must also protect agents from potential jailbreaking by external or internal actors.
‘Identity is going to be a critical element of AI throughout its lifecycle,’ Jakkal said. ‘AI agents are going to need identities, they’re going to need to understand zero trust and how we verify them explicitly, manage least privilege access.’
Future of AI in Cybersecurity
Microsoft is already using AI agents for security through its Security Copilot offering. Jakkal predicted that AI agents could be used to predict and prevent attacks, automate identity management, and flag at-risk data. The company believes that within two years, AI will advance from level zero autonomy to level three autonomy, where it can set its own goals and achieve complex outcomes autonomously.
