Security teams adopt new frameworks to safely expand AI autonomy
Serge Bulaev
Security teams may need to be careful when using autonomous AI for security, as vendor demos might not show all risks. Research suggests that trust in AI should grow step by step, with proof from real-world tests and clear records of how the AI works. Experts recommend using practical measures like Time to Remediation and running strong, multi-layered tests before trusting autonomous tools. Teams appear to have success by starting AI agents at low permission levels and slowly giving them more power as they prove themselves trustworthy. New rules and frameworks suggest clear responsibility and oversight are important as AI autonomy increases.

Security teams can safely expand AI autonomy by moving beyond vendor demos and adopting a structured, evidence-based approach. New frameworks built on validation, incremental trust, and performance data are essential for planning effective proof-of-value exercises and managing risk. This guide consolidates recent research into actionable tactics and governance for deploying autonomous security AI.
Evaluating autonomous security AI: From metrics to proof of value
Effective evaluation of autonomous security AI involves shifting focus from vendor accuracy claims to operational metrics like Time to Remediation (TTR). It requires multi-layered assessments, including adversarial validation, sustained load testing, and running proofs of value against an organization's own historical attack data for a realistic performance benchmark.
Industry experts advocate for a shift from headline accuracy claims to Time to Remediation (TTR), which measures the full cycle from alert to containment. Security researchers now advocate for multi-layered assessments covering technical integrity, data governance, and operational fit. For any tool claiming autonomy, adversarial validation is non-negotiable. Best practices include running proof-of-value tests using sanitized historical attack logs and subjecting the model to sustained load testing to uncover performance degradation under real-world conditions.
Key evaluation checkpoints include:
- Demand coverage mapping to the MITRE ATLAS technique catalogue.
- Verify the full data lifecycle, including residency, retention policies, and training data usage.
- Require transparent red-team results that expose edge-case failures and vulnerabilities.
- Assess the depth of native integration with your existing SIEM, XDR, and SOAR platforms.
- Evaluate the vendor's roadmap realistically, assigning minimal weight to undelivered features.
Incremental trust expansion in live environments
The principle of incremental trust expansion is critical for deploying AI agents in live environments. Rather than granting full privileges upfront, AI agents should earn autonomy through a graduated, evidence-based process.
Emerging frameworks provide real-world models for this approach. In documented cases, healthcare IT teams have deployed "Intern" agents with read-only access. After periods of stable performance, these systems are promoted to "Junior" roles, proposing fixes that require human approval. Many organizations report that a significant portion of AI recommendations are eventually accepted, demonstrating growing reliability. Higher autonomy levels remain gated by formal governance and continuous monitoring.
This graduated model is mirrored in large enterprises. IBM's ATOM autonomously handles the initial triage for most investigations, but analysts retain control over escalations. Similarly, Standard Chartered implements autonomous agents only with robust guardrails, kill switches, and full observability. These cases show that predefined promotion gates enable autonomy to grow without compromising accountability.
Governance frameworks that track responsibility
As AI systems gain autonomy, formal governance frameworks are emerging to clarify liability and ensure accountability. These structures formalize how responsibility shifts from human operators to automated systems.
Key standards like the NIST AI Risk Management Framework and ISO 42001 embed this lifecycle view, requiring clear ownership and continuous oversight as an AI's autonomy increases. In response, corporate boards are forming integrated Technology and Risk Committees to provide joint scrutiny of cybersecurity and AI risks.
Regulatory bodies are reinforcing this trend. The EU AI Act mandates continuous monitoring and traceability for high-risk systems, placing responsibility on the deploying company. Singapore's influential graduated autonomy model classifies agents by their level of freedom, linking each tier to specific, proportional oversight requirements.
While interpretations of these new standards may vary, a clear pattern has emerged. Successful and safe expansion of AI autonomy in security hinges on three pillars: evidence-based validation, progressively gated trust, and transparent governance. By adopting these principles, security teams can harness the power of automation while maintaining robust control and accountability.