Agentic systems are AI systems that do more than generate text or predictions: they can choose steps, call tools, query APIs, open files, trigger workflows, or chain tasks with limited human prompting. In practice, the model is acting as a controller over other software components.
This matters in cyber security because every added action path increases the attack surface. An agent can be tricked into sending data to the wrong service, using a malicious plugin, or following prompt-injection instructions hidden in documents, emails, or web pages. Defenders also use agentic systems for triage, hunting, and response automation, but they need strict permissions, logging, and approval gates. In an AI BOM or other inventory, agentic behavior is important to record because tool use, dependencies, and runtime actions can change the system’s risk profile far more than a standalone model.