Autonomous software is a program that can choose actions and carry them out with limited human input. It may browse websites, call APIs, send messages, change settings, or trigger workflows based on goals, rules, or model outputs. Unlike simple automation, it is expected to make some decisions on its own.
In cyber security, that autonomy creates both value and risk. Defenders use it for monitoring, triage, and response, while attackers can use it for phishing, credential stuffing, reconnaissance, or adapting malware behavior. Because these systems act like users or services, they need strong authentication, authorization, and logging. If an attacker can impersonate an autonomous agent or redirect its network connection, the software may be tricked into exposing data or taking unsafe actions. Security teams should treat autonomous software as a privileged identity, not just a tool.