eCommerceNews Canada - Technology news for digital commerce decision-makers
Canada
Steve
#
Data Protection
#
Digital Transformation
#
Advanced Persistent Threat Protection

Agentic AI demands stronger cyber security governance

Tue, 24th Mar 2026
By Steve Giguere, Principal AI Security Advocate, Check Point Software Technologies

Agentic AI marks a real shift in how work gets done inside an enterprise. We're moving beyond systems that assist humans to systems that are trusted to reason, decide, and act on their own. This shift is already moving from experimentation into core enterprise workflows, raising urgent questions about governance, accountability, and control.

For Canadian enterprises, this shift carries particular urgency. In February 2026, Canadian organizations faced an average of 1,516 cyber attacks per week, a staggering 24% year-over-year increase. As AI systems begin taking on operational roles, governance models built for human decision-makers start to break down. Software that can independently trigger actions, access systems, and influence outcomes requires a different approach to security oversight.

How can we move from alert fatigue to active defence?

Security operations centres illustrate why this shift matters. Analysts already face a relentless volume of alerts, false positives and incident response demands, pushing human capacity to its limits.

Embracing agentic AI should further shift cyber security from reactive to proactive, helping organizations identify and prevent threats before they can cause damage. Instead of merely alerting teams to suspicious activity, AI-driven security can function as an active defence system, continuously analyzing signals, detecting anomalies and responding at machine speed.

The result is a security posture that is both faster and more resilient. Mean time to detect and respond drops dramatically, blind spots shrink, and organizations gain far greater visibility across complex environments. Human analysts, in turn, regain the cognitive space to focus on higher-order strategy and complex investigations rather than being overwhelmed by routine alerts.

Why is agentic AI a tool, not a takeover?

The effectiveness of agentic AI in security operations comes down to augmentation, not replacement. Cyber security talent remains scarce across Canada, and agentic systems can absorb the repetitive, high-volume work that drains human attention: alert classification, log analysis, routine investigations and baseline threat correlation. They work continuously, without fatigue, across systems and silos that can be difficult for humans to monitor simultaneously.

Because agentic AI can rapidly process massive datasets and detect subtle patterns, it can surface threats that might otherwise be missed or discovered too late. In practice, this means organizations can strengthen security outcomes without scaling headcount at the same pace as threats, which is a compelling proposition for Canadian firms navigating both a tight labour market and an escalating threat environment.

How can we deploy and scale agentic AI responsibly?

As AI agents are deployed and scaled within organizations, new governance gaps will inevitably emerge that will limit operational authority. Who validates an agent's actions? Who audits its decision logic? How do organizations intervene when an agent's intent diverges from the desired outcome or when optimization goals conflict with ethical or regulatory constraints?

Autonomous efficiency without accountability quickly becomes unmanaged risk. An agent that can change access policies, isolate systems or initiate remediation actions must be governed as rigorously, if not more so, than any privileged human user. Without strong guardrails, observability and auditability, organizations risk trading human error for machine-driven systemic failure.

As agentic AI is adopted and scaled at a faster pace, Canadian enterprises will need formal AI governance councils that bring together security, risk, legal and business leadership. These bodies will define where autonomy is permitted, under what conditions and with which escalation paths. Policy guardrails must be explicit, enforceable and continuously evaluated. Every autonomous decision must be logged in immutable audit trails, enabling post-incident review, compliance validation, and continuous improvement while aligning with Canada's evolving federal and provincial privacy and AI accountability frameworks.

This concern is not theoretical. The World Economic Forum's Global Cyber security Outlook 2026 finds that accelerating AI adoption is expanding the cyber attack surface, while organizations struggle to align governance, skills and security controls with the speed of deployment. For Canada, already bearing the weight of being among the world's most targeted nations, the absence of governance may prove more dangerous than the absence of automation.

Impacts of AI on cyber security

Success in the agentic era hinges on visibility. Enterprises must be able to observe what their AI agents are doing, why they are doing it and what impact their actions have across the environment. This means security platforms must evolve to provide real-time insights into agent behaviours, decision pathways and outcomes. Policies must be designed with prevention-by-design principles, ensuring that agents operate within clearly defined boundaries aligned to organizational risk tolerance.

When agents act, humans must be able to understand, audit and override those actions when necessary. After all, visibility and control go hand in hand.

Autonomous adversaries versus autonomous defenders

The security challenge ahead is straightforward. Attackers are already using AI to automate reconnaissance, adapt techniques and operate at machine speed. With attacks hitting Canadian organizations weekly, defending with human-driven processes alone is no longer sufficient. Canadian enterprises are entering an environment where autonomy exists on both sides. The outcome depends on how well that autonomy is governed.

Agentic AI introduces powerful new capabilities, but also new operational risks if autonomy is poorly governed. Organisations that succeed in the agentic era will be the ones that earn autonomy through visibility, clear policy boundaries and the ability to audit and override decisions when necessary. Security in this model is about ensuring that autonomous systems act with intent.

Intelligence without governance doesn't scale.

Risk does.

Related stories
Adyen adds loyalty software in €750m Talon.One deal
World IP Day: Why IP is the backbone of sporting brands' success
Celonis & ProcessLab launch banking apps for mortgages
Explainer: How Adobe is building agentic marketing
EcoVadis deepens Google Cloud AI partnership for growth

Top stories

Borderless AI launches crypto payroll for global staff
Canadian startup coalition launched to bridge funding gap
Wise gains Payments Canada membership to target RTR
Seedtag launches NeuroX contextual ad exchange for brands
Mphasis buys Theory & Practise to boost AI decision layer