Fast Facts

• Transurban, a major roadway operator, deployed agentic AI to help its cyber defense team manage surging attack volumes.
• The AI system reduced security alert triage times by 60% and achieved a 92% accuracy rate.
• Agentic AI models, powered by Anthropic’s Claude, review and verify incident tickets before human analysts close them.
• Industry experts predict autonomous security operations centers (SOCs) could become the norm within two years.
• Human oversight remains crucial, but AI agents are rapidly reshaping the cyber defense landscape.

The Digital Deluge: Why Humans Alone Can’t Keep Up

Picture a bustling control room where alarms blare with relentless urgency. Security teams scramble to sift through thousands of digital alerts, each one a potential threat to public safety or critical systems. This is the daily reality for organizations like Transurban, which manages toll roads across Australia, the US, and Canada. With the number and sophistication of cyberattacks soaring, even the most skilled analysts found themselves drowning in a sea of incident tickets - only 8% of which could be properly triaged by humans.

Enter Agentic AI: The New Cyber Sentry

Faced with unmanageable workloads and the high cost of hiring more analysts, Transurban’s cyber defense chief, Muhammad Ali Paracha, turned to an emerging solution: agentic artificial intelligence. Unlike traditional automation, agentic AI uses large language models (LLMs) to act as virtual team members. At Transurban, two AI “agents” now work alongside humans. One categorizes incident tickets, ensuring each threat is logged correctly. The other reviews the analyst’s resolution notes, double-checking before any ticket is closed. If something seems off, the AI flags it for human review - no rubber-stamping allowed.

Powered by Anthropic’s Claude and integrated with platforms like Splunk and AWS Bedrock, these agents provide full coverage of all incidents, keeping false alarms to under 3%. The result: faster response times, fewer mistakes, and more bandwidth for analysts to focus on genuine threats.

From Labs to Highways: Wider Implications and What’s Next

Transurban’s experiment is part of a broader shift. Recent Omdia research suggests that fully autonomous security operations centers could become standard for chief information security officers (CISOs) within two years. The geopolitical stakes are high: critical infrastructure like highways, utilities, and hospitals are prime targets for cybercriminals and hostile states alike. By adopting agentic AI, organizations hope to outpace attackers who increasingly use automation themselves.

The technology isn’t perfect - human analysts still make the final call on closing incidents, and safety remains paramount. But plans are underway to expand the AI’s powers: soon, it may automatically quarantine infected systems or integrate real-time threat intelligence from external sources. As cyber battlefields evolve, the arms race between attackers and defenders is becoming one of brains versus bots.

WIKICROOK

• Agentic AI: Agentic AI systems can independently make decisions and take actions, operating with limited human oversight and adapting to changing situations.
• Large Language Model (LLM): A Large Language Model (LLM) is an AI trained to understand and generate human-like text, often used in chatbots, assistants, and content tools.
• Security Operations Center (SOC): A Security Operations Center (SOC) is a team or facility that monitors, detects, and responds to cybersecurity threats 24/7 to protect an organization.
• SIEM (Security Information and Event Management): SIEM is software that collects and analyzes security data from across an organization to detect threats and help manage cybersecurity incidents.
• Incident Triage: Incident triage is the process of quickly sorting and prioritizing security alerts to identify and respond to the most urgent threats first.