By Kyle Wickert, Field CTO at Algosec
Automation has now crossed a very clear threshold in network security.
Automation used to be something to strive for – to “get right” – but now it’s an operational baseline, embedded into the day-to-day functioning of every modern network environment. Tasks that once stole hours from network security teams, like policy enforcement, risk analysis, and change validation, are now executed consistently and at scale, lowering the burden on human teams and freeing them up to deal with the things that really need their attention.
According to AlgoSec’s State of Network Security 2026 report, nearly half of organisations now operate with moderate to high levels of automation, reflecting just how far orchestration has progressed. But while automation has stabilised execution, it has also exposed a more difficult challenge beneath it. As hybrid architectures expand and policy environments grow more fragmented, speed alone isn’t the answer – the ability to make informed decisions is.
Why automation is the new foundation
What many don’t realise is that automation didn’t become central to network security because it made teams faster. It grew in popularity because it made them more consistent. In hybrid and multi-Cloud environments, where policies span multiple platforms, vendors, and control points, the real risk is drift rather than delay. Speed is important, of course, but small inconsistencies, missed updates, or misaligned rules can have a far more damaging effect.
Instead of simply accelerating workflows, automation now underpins policy assurance, enforcing consistency across environments, validating changes before they’re deployed, and continuously checking that what’s running in production matches what was intended. It’s a shift from doing things quickly to doing them correctly, repeatedly, and at scale.
Despite all the progress and consistency “wins” that have come from automation, adoption remains uneven. Many organisations have automated individual tasks or workflows, but haven’t extended that consistency across teams, tools, and environments. So, what they have is “partial” automation – faster in places, but not necessarily more secure overall. That can lead to a false sense of security, and with it, greater exposure to risk.
Agentic AI enters the control plane
If automation established consistency, agentic AI is starting to reshape how decisions are made within that consistent framework. Rather than simply executing predefined workflows, AI-assisted systems can analyse policy environments, recommend rule changes, and predict the downstream impact of those changes before they’re applied. In effect, the control plane is becoming more intelligent. It isn’t just enforcing policy, but actively helping to define it.
According to the report, 65% of organisations have now adapted their security strategies in response to AI-powered threats – the surest sign yet that AI is no longer a future consideration, but an active force shaping security operations today. But the way it’s being used is telling. Most organisations are applying AI to structured, low-risk use cases, such as improving visibility, identifying policy drift, and prioritising risk, rather than handing over full control. That’s an important distinction: AI is being trusted to inform and optimise, not to act independently. And in environments where a single misconfiguration can have wide-reaching consequences, that cautious approach is both deliberate and necessary.
Why full autonomy is still out of reach
For all the momentum behind AI, confidence in full 360-degree autonomy remains reassuringly low. The technology is advancing quickly, but trust isn’t keeping pace. Security teams are being asked to rely on systems that can recommend changes, predict risk, and interpret complex environments, yet in most organisations, there’s still no clear framework for validating those decisions or assigning accountability when something goes wrong.
The challenge here is governance. AI can do the job, but without consistent policy models, clear approval structures, and shared ownership across teams, handing over control to autonomous systems introduces as much risk as it removes. In highly distributed environments, where policies span Cloud, network, and application layers, even small errors can propagate quickly, and that makes blind trust in AI, for the moment at least, operationally unacceptable. Until organisations can explain, validate, and govern AI-driven decisions with the same rigor as human ones, autonomy will remain out of reach.
The human in the loop
In place of full autonomy, a more cautious model is taking hold where automation handles execution, AI provides recommendations, but humans retain final control. This shouldn’t be seen as a failing or a temporary stopgap – it’s an intentional design choice that reflects the realities of modern network security. It allows organisations to benefit from AI-driven insight without surrendering oversight – recommendations can be evaluated in context, changes can be validated before deployment, and accountability remains clearly defined. That balance really is critical. Speed still matters, but not at the expense of control.
Author biography:
Kyle Wickert is Field CTO at Algosec.
