A is correct: The intended operational model for agentic AI in security operations is a human-on-the-loop approach where AI agents autonomously handle high-volume, repetitive investigation tasks such as initial triage, evidence gathering, and data correlation at machine speed. Humans retain strategic oversight and final decision-making authority, particularly for high-impact remediation actions. This model acts as a force multiplier, freeing analysts to focus on complex threat hunting and strategic response activities requiring human judgment.
B is incorrect: Generating text summaries for manual human review and execution describes an AI assistant model rather than an agentic AI operational model. While AI assistants provide information and recommendations that require human action at each step, agentic AI systems take a more active role by autonomously investigating, correlating evidence, and reaching conclusions. The agentic model involves independent reasoning and action, not just passive summarization.
C is incorrect: Serving exclusively as data pipelines for log collection and forwarding describes basic data ingestion functionality, not agentic AI capabilities. Agentic AI systems are designed to go beyond data collection by actively reasoning through the data, identifying patterns, making triage decisions, and executing investigation workflows. Reducing agentic AI to a data pipeline role negates its core capabilities of autonomous reasoning and adaptive action.
D is incorrect: Agentic AI in security operations is not intended to operate without any human involvement. Responsible deployment of agentic AI maintains human oversight, especially for high-impact containment and remediation actions. The operational model includes governance boundaries where agents operate autonomously within defined parameters, but humans review critical decisions, intervene when needed, and maintain accountability for outcomes.