
Agentic AI adoption in application security sees cautious growth
The survey, compiled from respondents at RSA Conference 2025, found that 60% of cybersecurity professionals are still at the early stages of adopting agentic AI, while those who have begun implementation are already reporting tangible improvements in productivity and risk mitigation.
Adoption and anticipated growth
The study highlights a considerable proportion of the market preparing for broader adoption, with nearly 50% of respondents planning to integrate agentic AI tools within the next year. The incremental approach taken by organisations reflects a degree of caution, particularly around the concept of granting AI systems the autonomy to make decisions independently. This hesitancy is attributed to organisations seeking to adapt their security practices to rapidly evolving development requirements while weighing the associated risks and benefits of such technology.
The research points out that as awareness of agentic AI's capability within application security grows, the focus on educating the market about both its advantages and potential risks becomes more pronounced. The report suggests that clear communication around these factors may help overcome reservations among organisations still in the initial phase of AI adoption.
Impact on workflows and team dynamics
The survey results illustrate the impact agentic AI could have on software development pipelines. Thirty percent of respondents believe integrating agentic AI into continuous integration and continuous deployment (CI/CD) pipelines would significantly enhance the process. The increased speed and frequency of code deployment-termed "vibe coding" in industry parlance-has led to faster development cycles.
This acceleration does not necessarily alter the ratio of application security personnel to developers, but it can create the impression of a widening gap, with security teams struggling to keep up. The data indicates that whilst 45% of respondents maintain a 1:50 to 1:100 application security-to-developer ratio, 26% report a much wider 1:500 to 1:1000 ratio. This imbalance places considerable strain on security professionals who are responsible for oversight, with survey findings indicating that agentic AI solutions have the potential to alleviate these pressures.
Agentic AI capabilities in practice
Key findings from the survey reveal varied perceptions on the utility of agentic AI for security teams. Forty-four percent of those surveyed believe agentic AI's greatest benefit lies in supporting the identification, prioritisation, and remediation of vulnerabilities. Another 38% believe these systems will enhance application security testing (AST), highlighting the perceived value of collaboration between AI and human teams to streamline key security operations.
More than half (52%) of respondents agreed that, when integrated with AST tools, agentic AI's use of pre-commit hooks effectively sustains security checks during code commits, transforming what were previously overwhelming manual tasks into manageable automated processes. In addition, 44% of cybersecurity professionals highlighted the value of agentic AI in streamlining and enhancing secrets detection to help prevent data leaks, with many pointing to the importance of context-aware decision-making capabilities for the effectiveness of such solutions.
Industry commentary
Amir Kazemi, Director of Product Marketing at Cycode, commented on the findings: "It's fascinating to follow the industry's measured, yet rapid adoption to Agentic AI. Many interpretations and modalities of 'agent' exist, from simple chatbots to complex workflow automations to true autonomous agents. Our data underscores that educating the market on what agentic AI truly is, why it matters for AppSec, and its tangible value is paramount right now. Cycode is committed to leading this charge, empowering security teams and developers the ability to sense, reason, and act with context through agentic AI solutions."
Cycode's latest research also notes the company's continued work in this area, including its agentic AI framework, which aims to support developers and security staff through autonomous AI teammates and context-aware remediation capabilities.

Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles


Techday NZ
18-07-2025
- Techday NZ
Cycode & HackerOne integrate to speed software vulnerability fixes
Cycode and HackerOne have announced a partnership aimed at streamlining the remediation process of vulnerabilities found through bug bounty programmes by leveraging Application Security Posture Management (ASPM). Bug bounty programmes have become essential to application security strategies, enabling organisations to uncover and validate security vulnerabilities by engaging a community of ethical hackers. HackerOne has developed its reputation for discovering and validating these issues at scale, while Cycode provides ASPM capabilities designed to support security and development teams through vulnerability management. The partnership will see findings from HackerOne integrated directly into Cycode's platform. This integration is intended to enable rapid assignment, triage, and remediation of validated vulnerabilities, providing security and development teams with additional context to address issues effectively. "Security threats are evolving fast, and fixing vulnerabilities quickly is more important than ever. Our integration with Cycode gives customers and partners the real-world context and automation they need to move faster. By combining HackerOne's exploit data with Cycode's ASPM capabilities, teams can prioritize the right risks and resolve them earlier in development, so they can ship safer software, faster." – John Addeo, VP Global Partner Ecosystem at HackerOne According to the companies, vulnerabilities identified through bug bounty reports often represent the most urgent and actionable risks, given that they are verified by independent security researchers and demonstrate exploitability in live environments. However, data from these bug bounty reports frequently resides outside the tools developers use day-to-day, leading to delays and inefficiencies in addressing them. Through the new integration, HackerOne's findings will be ingested into Cycode's Risk Intelligence Graph (RIG), described as a unified knowledge base of security issues across the software development lifecycle. Each bug bounty report incorporated into RIG will be enhanced with details such as repository mapping - which identifies the precise source code repository where a vulnerability originated - developer ownership to identify responsible parties, and deployment context relating to the specific services or infrastructure affected. Cycode believes that providing this level of detail gives security teams a clear path from discovery to remediation, while also offering developers actionable context to address issues without unnecessary delay or manual triage. "Vulnerabilities from HackerOne represent some of the most urgent and actionable risks organizations face. By bringing those findings into the Cycode platform, we're giving teams critical context, ownership mapping, and developer engagement they need to fix issues faster and with greater confidence. This partnership is about helping our customers build more secure software at scale without slowing down velocity." – Prasad Raman, VP Partnerships at Cycode The collaboration is also expected to accelerate remediation times for shared customers by linking each HackerOne report directly to the relevant code owner. This connection enables teams to meet service-level agreements and reduce mean time to resolution, which is especially important for high-severity vulnerabilities. Another advantage cited by the companies is the ability to leverage HackerOne's real-world exploit data to improve risk scoring and prioritisation. According to Cycode, this ensures that limited security resources are focused on issues with the highest potential impact. The integration is designed to work within the toolchains already used by developers - including platforms like Jira, GitHub, GitLab, and Slack - so that findings arrive complete with actionable information and do not require further clarification from application security teams. Both Cycode and HackerOne state that the partnership is more than just a technical integration, positioning it as a means to strengthen application security workflows overall. HackerOne aims to turn validated bugs into resolved issues, which it sees as a way to bolster customer satisfaction. Cycode, meanwhile, benefits from extended detection capabilities and the ability to contextualise issues based on exploitability in production. The two companies emphasise that customers stand to benefit from greater efficiency, stronger collaboration, and a more connected approach to securing software throughout development and deployment lifecycles.


Techday NZ
18-07-2025
- Techday NZ
Sinch launches Model Context Protocol to drive AI messaging
Sinch has launched its implementation of the Model Context Protocol (MCP), allowing artificial intelligence agents to initiate compliant, real-time telecommunications activities across messaging, voice, email, and verification channels via standardised interfaces. The MCP is an emerging protocol intended to standardise how AI agents interact with various systems and services. Sinch's deployment of the protocol is designed to give AI agents the ability to carry out communications tasks directly through its platform. These tasks range from orchestrating marketing campaigns to client notifications, identity verification processes, and customer service handling. AI-driven communications According to Sinch, MCP is engineered to manage AI-scale communication volumes, suitable for tasks demanding rapid, automated interaction rather than the slower cadence typically associated with human-initiated communications. The implementation supports integration with AI tools, including OpenAI SDK, Claude, and Microsoft's Azure AI, and is delivered with compliance and security protocols incorporated as standard. The company states that MCP helps support a broad transition away from traditional brand-centric applications to direct communication channels between enterprises and their customers. Sinch currently manages over 900 billion customer interactions each year for 175,000 businesses in more than 60 countries, providing messaging, voice, email, and verification services, and drawing upon its local compliance and routing expertise. Global scale and expertise Sinch customers have already begun to report outcomes claimed to result from the shift towards AI-assisted engagement. For example, a global insurer has been able to autonomously process 80% of customer enquiries across 125 languages, while a retail client achieved tripled engagement by integrating conversational AI with Rich Communication Services (RCS). The company issued data from its State of Customer Communications Report suggesting that 95% of businesses are currently using or planning to utilise AI in customer communications. Research from IDC projects that the global AI platforms market will reach USD $153.0 billion by 2028. MCP implementation details Through its new MCP server, now available in developer preview with Claude, Sinch is providing a mechanism for AI agents to understand the requirements of different communication actions. The server allows agents to determine which channel should be used, how messages should be formatted for different jurisdictions, which regulatory rules apply, and how to ensure successful delivery. Sinch notes that these capabilities are accessible via a range of tools, including development environments like Cursor and frameworks such as OpenAI Agents SDK, as well as platforms like AgenticFlow and Microsoft Azure AI Foundry. "AI is transforming how businesses communicate, and Sinch has the proven infrastructure to make it work at scale," said Robert Gerstmann, Chief Evangelist and Co-Founder at Sinch. "With MCP, we're codifying decades of communications expertise into protocols that AI agents can understand, teaching them the specific requirements, compliance rules, and best practices needed for each use case and region. What matters most happens behind the scenes; guaranteeing delivery, maintaining quality, navigating compliance, and preventing fraud. We've spent decades perfecting these operational fundamentals that make AI-powered communications actually work." Strategic partnerships The MCP protocol is part of Sinch's broader strategic approach to AI communications. Alongside established integrations with OpenAI and Anthropic, Sinch also provides routing systems and conversational AI functionality, intending to offer enterprises a comprehensive platform for deploying AI-assisted communication strategies. Sinch's partnerships span a variety of major technology companies. It is an Adobe Platinum Partner and has links with Salesforce Agentforce and Microsoft Dynamics Customer Insights, which the company reports strengthens its position within the enterprise AI communications landscape. "At Sinch we are pioneering the way the world communicates, and our MCP implementation represents the next evolution of that mission," said Laurinda Pang, CEO of Sinch. "Through the expansion of native AI capabilities and partnerships, we're equipping organizations with unprecedented capabilities to connect with customers anywhere, anytime, through any channel. We envision a world where every business, regardless of size or technical sophistication, can harness the power of intelligent communications to keep their customers engaged, informed, safe, and happy."

RNZ News
17-07-2025
- RNZ News
Academic warns over using AI to reduce costs of Regulatory Standards Bill
An academic is warning artificial intelligence is not the silver bullet David Seymour has suggested it will be for reducing the cost of the Regulatory Standards Bill. Victoria University senior lecturer in Artificial Intelligence Andrew Lensen spoke to Charlotte Cook. To embed this content on your own webpage, cut and paste the following: See terms of use.