Entering the 3rd Generation of Automation in Security Operations

By Dinis Fernandes, Managing Director at CyberSafe · 17/12/2025

The speed at which artificial intelligence is evolving is profoundly changing the dynamics of cybersecurity. In recent years, automation—particularly through SOAR (Security Orchestration, Automation and Response) solutions—has helped reduce operational workload and standardise processes. However, the current threat landscape has made this model insufficient.

AI-powered attacks now operate at speeds up to one hundred times faster than traditional defence methods, exposing what has become the greatest vulnerability of modern organisations: the inability of human teams to keep pace with the speed of the threat. Static playbooks supported by SOAR tools no longer meet the level of adaptability required, making the transition to a more autonomous model inevitable.

We are therefore witnessing the beginning of the 3rd generation of automation in Security Operations, where AI Agents complement the playbooks of traditional SOAR solutions.

CyberSafe embarked on this journey 10 years ago with the 1st generation of automation, focused on the creation and maintenance of script-based playbooks, custom-developed for each organisation and environment. This approach required significant effort in both implementation and ongoing maintenance.

In 2021, we evolved to the integration of SOAR solutions, such as Microsoft Sentinel / Logic Apps and, in particular, Palo Alto Networks Cortex XSOAR. CyberSafe became a national reference, delivering high-impact projects, including for a global services company with worldwide scale, and nationally for two of the largest energy companies, one of the biggest banks, two telecommunications operators, and a major private healthcare organisation, among others.

In this 2nd generation, organisations moved from building playbooks from scratch to configuring them. Templates, visual drag-and-drop creation, built-in integrations, and out-of-the-box automation actions accelerated deployment and significantly simplified maintenance.

CyberSafe’s approach—focused on process maturity, integration of heterogeneous ecosystems, and the ability to translate technology into operational value—has positioned us as a strategic partner in the modernisation of security operations.

Now, we take the leap into the 3rd generation with Cortex® AgentiX™. This solution leverages the extensive ecosystem of integrations and automation actions (2,000+) available in XSOAR, introducing AI Agents that coexist with human analysts.

On one hand, AgentiX™ enables the evolution of automation towards AI agents that autonomously perform incident detection and investigation, generating and executing response plans on the fly (instead of relying on static playbooks). On the other hand, human analysts remain in the loop: AI Agents operate autonomously in simple or well-defined tasks but require human validation for high-risk response actions, such as isolating critical systems or network segments.

While there are startups offering automation solutions based exclusively on AI Agents, we believe AgentiX™ presents a more balanced model, combining deterministic, precise playbook-based automation with the flexibility of Agentic AI, supported by guardrails that minimise risk.

The entry of AgentiX™ into the market marks a clear disruption. Autonomous agents dramatically reduce MTTD and MTTR, eliminate most manual tasks, and expand team capacity without increasing headcount. However, unlike agentic-first approaches that introduce autonomy without clear control mechanisms, AgentiX™ ensures transparency, limited and policy-aligned permissions, human supervision for critical actions, and full auditability.

We are currently living through a transformation in security operations, and CyberSafe assumes a strategic role: helping organisations integrate autonomy safely, ensuring that AI agents operate with the rigour, control, and predictability that have always characterised successful SOAR implementations.

Content co-produced by MediaNext and CyberSafe

https://www.itsecurity.pt/news/slabs/automacao-scripts-soar-e-agentic-ai

We mark a decade of commitment to cybersecurity, defined by growth, evolution, and trusted relationships that make us proud.

A very special thank you to our team for their rigor, dedication, and strong sense of mission, and to our clients and partners who have joined us on this journey for their continued trust.

Together, we move into the next decade stronger, more resilient, and even more cybersecure.

Portugal has officially approved the European NIS2 directive, establishing a new level of cybersecurity requirements at national level. The directive reinforces obligations for public and private organizations across multiple sectors, expanding the number of entities covered and introducing stricter criteria for risk management and incident response.

Key changes include:

• A broader range of entities now covered, classified as essential or important.

• More robust technical and organizational security measures.

• Strengthened incident reporting requirements.

• Mandatory supply chain risk management.

• Increased accountability for top management, with significant penalties for non-compliance.

  
  

CyberSafe is already supporting organizations in preparing for the new directive through maturity assessments, specialized consulting, managed security services, solution implementation, and team training.

The approval of NIS2 marks the moment to act.

Organizations should begin adapting as soon as possible to strengthen their digital resilience. Speak with our experts.