<p>The integration of autonomous AI agents into cybersecurity presents interconnected technical, business, ethical and legal challenges that shape both the feasibility and desirability of full autonomy. This paper starts by distinguishing between automated AI systems, AI agents, and the emerging concept of agentic AI. After defining AI agents, the paper attempts to address the legal nature of AI agents in a&#xa0;negative fashion by showing a&#xa0;misalignment between their technical nature and the general legal principles of agency law. In a&#xa0;positive fashion, the paper characterizes AI agents under the EU AI Act by showing that they fall under the regulated legal category of AI systems. In this context, recent AI agents built on third-party foundation models would trigger the application of legal provisions related to another regulated legal category under the EU AI Act, the GPAI models. After engaging in the legal characterization of AI agents, the paper explores technical considerations by discussing to what extent the technical capabilities and architectural components are required for fully autonomous AI agents to independently detect, analyze, and respond to cybersecurity threats without human intervention. The paper also briefly addresses ethical and business considerations by discussing to what extent fully autonomous AI agents in cybersecurity are attainable, financially feasible, and a&#xa0;source of competitive advantage. Lastly, the paper addresses legal considerations and gives particular attention to the impact the implementation of AI agents would have on the reasonable duty of cybersecurity.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

AI agents and full autonomy in cybersecurity: technical, business, ethical and legal considerations

  • Moufid El-Khoury,
  • Ferdinand Kpieleh,
  • Sabine Khalil,
  • Jacques Bou Abdo

摘要

The integration of autonomous AI agents into cybersecurity presents interconnected technical, business, ethical and legal challenges that shape both the feasibility and desirability of full autonomy. This paper starts by distinguishing between automated AI systems, AI agents, and the emerging concept of agentic AI. After defining AI agents, the paper attempts to address the legal nature of AI agents in a negative fashion by showing a misalignment between their technical nature and the general legal principles of agency law. In a positive fashion, the paper characterizes AI agents under the EU AI Act by showing that they fall under the regulated legal category of AI systems. In this context, recent AI agents built on third-party foundation models would trigger the application of legal provisions related to another regulated legal category under the EU AI Act, the GPAI models. After engaging in the legal characterization of AI agents, the paper explores technical considerations by discussing to what extent the technical capabilities and architectural components are required for fully autonomous AI agents to independently detect, analyze, and respond to cybersecurity threats without human intervention. The paper also briefly addresses ethical and business considerations by discussing to what extent fully autonomous AI agents in cybersecurity are attainable, financially feasible, and a source of competitive advantage. Lastly, the paper addresses legal considerations and gives particular attention to the impact the implementation of AI agents would have on the reasonable duty of cybersecurity.