An artificial intelligence agent is basically a system capable of making decisions and carrying out actions autonomously, without a person having to tell it what to do at every step.
The most common example is a travel agent. Imagine you say to them: “I want to go to Lisbon over the May bank holiday with a budget of €500.” The agent doesn’t give you a list of options for you to search through; instead, they search for flights, compare hotels, check availability and present you with the best combination, ready to confirm. All you have to do is say yes or no. They can even go ahead and make the booking directly.
Applying this very same concept to software development is what tools like Claude Code or Codex do. They don’t just suggest code; they can analyse your repository, detect a problem, propose a solution and implement it. The developer still has the final say, but the agent does the heavy lifting.
And here lies the real transformation in how we interact with systems and data: the human role is changing. We are no longer the ones who execute; we are the ones who supervise, design and make the important decisions. The worker moves from going line by line to focusing on orchestration, ensuring quality or exploring new solutions.
How is agentic AI applied in cybersecurity?
Agentic AI in cybersecurity is an approach based on systems that can make decisions, execute actions, coordinate tools or pursue objectives autonomously. An agent may be capable of receiving an alert and comparing it with known attacks, correlating events, assessing risk and proposing security measures. Unlike traditional artificial intelligence, which we use to predict events, these agents make decisions and take action to protect services, infrastructure and business processes. This model is transforming the way organisations manage security, reducing response times and enabling them to operate effectively in increasingly complex environments with ever-greater volumes of information.
We are living in an exciting time for cybersecurity innovation because it presents an opportunity to review procedures and redesign systems to make them more efficient.
How agent-based artificial intelligence is changing the way companies access, manage and use information in real time
The most important thing happening is not that companies are simply adding AI on top of their current systems, but that they are rethinking from scratch how those systems work, because the rules of the game have changed.
Previously, you designed a process with the assumption that a person would carry it out. Now you have to design it with the assumption that an agent will interact with it. And that changes everything: how you structure the data, how you store it, how information flows.
An agent can process information in real time, detect patterns, make decisions and take action, but only if it is underpinned by a well-built infrastructure.
Companies that are grasping this aren’t asking ‘how do I fit AI into what I already have?’ but ‘how do I redesign what I have so that AI can get the most out of it?’
Security risks of AI agents: exposure of data in use and new threats
This is precisely one of the biggest barriers to the adoption of agents in businesses, and with good reason.
These new tools present new points of attack from a security perspective. If we focus on the exposure of data in use—which is what concerns companies most—the main risk is data leakage. And this makes perfect sense, because to get the most out of an agent, you often have to grant it access to credentials, internal systems and sensitive data.
Added to this are more sophisticated techniques such as prompt injection. Imagine someone sends you an email attachment; your agent processes it, and within that document there is invisible, blank text instructing it to send all your emails to an external address. The agent executes this without anyone detecting it.
That is why it is critical to thoroughly test the tools you adopt, ensure they have the right safeguards in place, and if you expose anything to clients, guarantee that there can be no data exfiltration via such techniques. The risks exist, they are real, and you must protect yourself.
Why data-at-rest has become the biggest cybersecurity challenge with AI
When we talk about protecting data, there are three states in its lifecycle: at rest, in transit, and in use.
The first two are well addressed. Stored data is encrypted. Data travelling over the network is protected by HTTPS. But the third state—when data is being processed in memory—has historically received less attention. And in many cases, it is in raw form.
This is nothing new. It was possible to attack this state before, but the attacker was fishing in the dark: you didn’t know what kind of information you were going to find in memory at that moment. It could be anything or nothing useful.
The context of AI changes this. Agents constantly handle highly valuable information: credentials, customer data, confidential documents. The probability of finding something critical in memory is much higher. The challenge is not new, but it has become far more relevant.
That is why the complete data lifecycle, with all three states protected, is now more important than ever.
Differences between traditional security and the new risks of agent-based AI
Traditional security models were designed with two states in mind. Data stored in databases, which is encrypted, so that even if someone manages to access the server and steal it, without the encryption key it is useless. And data travelling over the network, protected by HTTPS, which is very difficult to intercept and decrypt.
The third state—data in use in RAM—was already a known attack vector. The most famous case was Heartbleed in 2014, a vulnerability that allowed snippets of server RAM to be read. But the problem for the attacker was that they were fishing in the dark: you didn’t know what you were going to find there; it could be anything or nothing useful.
AI agents change this completely. Now you are no longer fishing in the dark. You know that an agent is continuously processing credentials, customer data and confidential documents. The RAM always contains something valuable. The attack becomes predictable and therefore much more attractive.
Traditional security models were not designed for a scenario where something is constantly and continuously processing sensitive information. That is the new risk.
How to protect sensitive data when using artificial intelligence agents in the enterprise
First and foremost, before any technical solution, is common sense: ensuring that the tools and connectors (MCPs) you use are verified, known and trusted. Not entering credentials or sensitive data into just any solution you come across is the first and most important filter.
For example, you can set up an MCP server so that you control what data flows, where it goes, with what permissions, and what is logged.
From there, for businesses that want to go further and protect data even whilst it is being processed, there is a more sophisticated approach called Confidential Computing, now available on all major cloud platforms such as AWS, Azure or Google Cloud.
The basis of this is TEEs, or Trusted Execution Environments, which are hardware-level isolated execution environments, directly within the processor. They have three key properties:
The first is isolation: what happens inside a TEE cannot be accessed from the outside, neither by the operating system, nor by the cloud hypervisor, nor even by the cloud provider itself.
The second is that data is processed in encrypted form even in RAM, which is precisely the attack vector we were discussing earlier.
And the third, which is the most powerful and least well-known, is attestation. Before sending sensitive data to an environment, you can cryptographically verify that the environment has not been tampered with. In other words, you can trust it before using it.
In summary: first verify the tools you use, and if you need an additional layer of protection, Confidential Computing is the answer.
AI Governance: how to control autonomous agents and protect corporate data
Previously, you were concerned with who accesses what data, how it is stored and how it is protected. That is still necessary, but with AI agents comes a new layer of complexity that has given rise to a broader concept: AI governance.
Why? Because now you don’t just have to control the data; you have to control what the agents do with that data, autonomously, across multiple systems at once, making decisions without a person supervising every step.
The questions keeping all companies on tenterhooks right now are: Which AI tools can our teams use and which cannot? Which data can an agent access and which cannot? Who is responsible if an agent makes the wrong decision? How do we audit what the agents have done?
Added to this is the regulatory context, with the European AI Act pushing companies to have concrete answers to these questions.
In our case, we already have a team dedicated specifically to AI governance, precisely because this has become one of our strategic priorities. It is not something that can be improvised.
How to ensure the safe and responsible use of AI in large organisations such as Telefónica
From my experience in a development and innovation team, the key is not having to reinvent the wheel every time you adopt an AI tool.
This cannot be left to each team individually. It requires a centralised structure to govern it: an AI governance team that decides which tools are approved, which connectors can be enabled, which systems and data an agent can access, and under what conditions.
What makes the difference is operating within that framework: verified tools, clear criteria, without having to build those safeguards from scratch every time. That allows you to move quickly without taking unnecessary risks.
The challenge for any large organisation is ensuring that this framework exists, is up to date and is agile. If it is too restrictive, teams will find ways to circumvent it, potentially compromising sensitive company data.
At Telefónica, the team responsible for this entire operational aspect is the CDO’s AI Governance team, enabling faster and more secure AI deployments and strengthening customer trust. All of this is underpinned by a consolidated corporate policy which, according to the team itself, is evolving into AI Governance by design so that it scales effectively, automatically and continuously at the same pace as AI adoption.
Balancing automation and security in the adoption of agentic AI
The most common mistake companies make is to think that banning AI tools is the safest solution. And it is exactly the opposite.
If you ban the tools, what you end up with is employees using them anyway, but via their personal accounts, outside any corporate control. And that is where you have a real security problem, because that information is now completely outside your perimeter.
The right balance involves three things. First, providing teams with verified and secure tools, so they don’t have to seek out alternatives on their own. Second, raise awareness and educate employees so they understand the risks, what they can and cannot share, and how to use these tools responsibly.
And third, where necessary, develop your own connectors, or MCPs (Model Context Protocol), rather than using those offered by external providers. For example, if you want an agent to interact with your project management tool such as Jira, you can build your own MCP that defines exactly what the agent can do, what data they access and what is logged, rather than relying on the vendor’s standard connector, where you do not have full control over what they do with your information.
The key is that security cannot be a barrier to adoption; it must be the framework within which that adoption takes place. If you get it right, you achieve both objectives: more productive teams and protected data.
Key trends in cybersecurity and agent-based AI: the future of data protection
The trends that will shape the future are moving in two clear directions.
On the one hand, AI governance will continue to mature and become a strategic component of all organisations. There will be increasing regulation, greater demands for traceability and a greater need for clear frameworks on how agents operate.
But the biggest challenge lies in the realm of cybersecurity, and it is an existential one. Until now, the game was relatively asymmetrical: attackers had to find a vulnerability, and defenders had to protect everything. That was difficult enough. Now AI has democratised the attack.
What once required highly advanced technical knowledge to find a vulnerability is now within anyone’s reach. You can deploy dozens of agents in parallel to search for security breaches, automate sophisticated attacks, and generate personalised phishing campaigns on a massive scale. The barrier to entry for becoming an attacker has fallen dramatically, and that means threats are set to grow exponentially.
The cybersecurity sector is at a critical juncture of adaptation. It is no longer just a matter of defending against known threats, but of anticipating an unprecedented volume and sophistication of attacks.
Those who adapt quickly will have the advantage. Those who do not will be highly exposed.
Agentic AI is a revolution that is here to stay, and Telefónica is leveraging it to reinforce its ambition to be the best gateway to technology for people. Through cybersecurity innovation, we are helping to redesign how data, infrastructure and services are protected. Our aim is to strengthen the trust of customers and businesses by driving a digital ecosystem that is secure, robust and people-centred.
In this context, the evolution of artificial intelligence agents and their application in cybersecurity directly reinforces Telefónica’s value proposition: to take on the challenge of becoming the best gateway for citizens to access digital technologies, supported by a comprehensive transformation that enables it to lead the telecommunications sector in the new global market. This involves having the best network to access the most innovative technology, offering the best and most complete range of services, and ensuring that their quality is measured by customer trust. In this way, the adoption of agentic AI, together with strong governance and advanced data protection capabilities, becomes a key element in building a secure, competitive, and people-centric digital ecosystem.
