For years, cybersecurity defense worked on a predictable schedule of about two to three weeks. When a security flaw was uncovered, attackers usually needed 15 to 20 days to study the code, build an exploit, and prepare it for use. This delay gave defenders enough time to install patches or reconfigure their network protections.
That breathing room has vanished.
With nation-states now embedding artificial intelligence and generative AI into their attack methods, the gap between discovering a weakness and exploiting it has shrunk from weeks to mere hours, often happening before the vulnerability is even made public. In this transformed landscape, the security of the Defense Department, its partner agencies, the defense industrial base (DIB), and critical infrastructure now hinges on how effectively the department’s AI-powered surveillance and countermeasures can stay ahead of the threat.
One prominent recent case of an AI-enhanced attack with far-reaching national security consequences is the 2024–2025 Salt Typhoon campaign, in which hackers tied to China leveraged AI-accelerated methods to infiltrate U.S. telecommunications firms, disrupting critical infrastructure and government communications and potentially exposing data belonging to nearly every American.
To counter AI-driven attacks, the military can field an agentic-AI-driven Risk Operations Center (ROC) that goes beyond passive observation to independently neutralizing threats in real time. The most effective way to match the speed of AI attacks is for defenders to master using those same AI capabilities themselves — and deploy them more effectively. Agentic AI — software built to act autonomously toward defined goals — allows AI systems to defend themselves, recognize threats, and carry out decisions on their own.
The ROC enhances and goes beyond the SOC
A ROC represents a shift from simply detecting risk to actively reducing it. While a traditional security operations center (SOC) concentrates on monitoring activity logs and incidents to spot breaches, the ROC is focused on safeguarding the asset itself. Performance is not measured by how many alerts are closed, but by how much the organization’s risk score has dropped, reflecting a reduced likelihood and severity of a security incident.
For commanders and warfighters, this translates into a continuous cycle of:
- Contextualization: Pinpointing exactly which assets on a vessel or at a forward-deployed base require protection.
- Prioritization: Determining which threats are mission-critical, such as weaknesses in a ship’s navigation system or gaps in the Army’s Command and Control platforms that link leadership with deployed units.
- Remediation: Automatically correcting the issue before an adversary can turn it into a weapon.
The emergence of agentic AI-powered ROCs
Unlike conventional AI, which might simply raise a flag about a questionable login and notify a human analyst, agentic AI is purpose-driven. It does not merely register a threat — it takes action to resolve it. In an AI-powered ROC, agents can function as an integrated chain of command.
For instance, during an ongoing intrusion, a frontline agent spots an anomaly. Rather than pausing for a human review, it immediately activates a downstream agent to collect additional context. This second agent pulls data from the Configuration Management Database (CMDB), examines patch records, and evaluates the system’s overall stability. It weighs the consequences: If I block this port to stop the attack, will it disrupt the agency’s broader network? By assessing these interdependencies, the agentic AI-driven ROC can adjust firewalls or deploy Intrusion Prevention System (IPS) rules at machine speed.
Extending AI to the edge for disconnected warfighters
The United States holds a clear edge in this new era of AI-enabled cyber conflict. The nation has energy resources, deep technical talent, and solid infrastructure. Yet, today’s defensive posture remains overly reliant on manual effort, particularly when processes that depend on human involvement cannot keep pace with attacks moving at machine speed.
Picture a Navy destroyer operating in the open Pacific. It is essentially a floating city with extremely limited bandwidth. It cannot reach out to a cloud-based AI system onshore for guidance on handling a cyberattack. If AI is not physically aboard the vessel, it has no defense.
AI capabilities must reach the tactical edge — deployed directly to individual Marine units, aircraft, and ships operating in disconnected environments. This ensures the warfighter retains protection even when no network connection is available. This edge AI also acts as a force multiplier for less-experienced personnel. On the ground or at sea, a junior sailor or Marine may not possess two decades of cybersecurity expertise, but with a GenAI-powered interface, they can use plain language to request an instant risk evaluation. This instantly transforms basic operators into capable defenders.
The architecture of a distributed ROC
To manage current threats, defense organizations cannot depend on a single centralized hub. Instead, they require a distributed framework for risk prioritization that spans agencies and commands, delivering:
The asset intelligence engine: As the saying goes, “You can’t protect what you can’t see.” This layer maintains a machine-readable catalog of every asset. In today’s operational environment, this covers not only IT systems but also operational technology (OT), industrial Internet of Things (IoT) devices, and edge hardware.
The agentic reasoning layer: Interconnected agents collaborate to automate risk reduction and compile the data needed for analysis. When one agent identifies a threat, it prompts others to examine the implications for the mission.
The threat intelligence feed: Agent-based AI depends on robust integration with threat databases. These agents carry out the decisions a human would typically make — such as reconfiguring firewalls or applying IPS signatures — tailored to each specific system, whether it is a desktop terminal or a ship’s engine management system.
The paper fortress is the true vulnerability
The most advanced agentic AI in the world will underperform if it is starved of usable data. Right now, the military’s approach to cyber risk remains heavily document-oriented. Agencies produce sprawling 800-page System Security Plans (SSPs) and Plans of Action and Milestones (POA&Ms) to satisfy regulatory requirements.
But you cannot win a cyber war with paper.
To reach the speed demanded by AI-driven defense, every facet of cyber risk management must be converted into machine-readable data. Cyber teams need to grasp the full state of an application — its assets, weaknesses, and interdependencies — and represent it in a form that an AI agent can quickly process and act on.
Until defense and government agencies transition from static paperwork to dynamic, machine-readable information, manual processes will continue to be a bottleneck that adversaries can exploit. Defense organizations are trying to compete in a digital race while shackled to a paper-based system.
But the outlook for what lies ahead is bright.
Transitioning from fixed checklists to real-time risk oversight
The future of national defense extends beyond simply accelerating software delivery—it centers on managing threats as they unfold. The Pentagon is actively working to move past the traditional approach of relying on paper-based checklists, PDFs, and manual assessments that only capture a single point in time.
In September 2025, the Cyber Security Risk Management Construct (CSRMC) was unveiled, designed to guide Pentagon decision-makers and warfighters toward a future defined by automation, live dashboards, and ongoing oversight. An agentic AI–driven ROC fits squarely within this new framework.
Enabling continuous ATO
At the heart of the CSRMC lies the mandate for constant monitoring to maintain a continuous Authority to Operate (cATO). Traditionally, a system might receive formal authorization just once every three years—a paper certification that quickly loses relevance in a landscape shaped by AI-accelerated attacks.
An agentic AI–driven ROC supports this evolving risk management framework by delivering:
Round-the-clock surveillance: AI agents work nonstop, analyzing data and flagging threats within seconds rather than depending on scheduled audits.
Ongoing control verification: Agents actively track essential security controls, confirming they are not merely documented but are actively safeguarding live production systems.
Live dashboards: Rather than sifting through an 800-page System Security Plan, the ROC offers real-time telemetry that gives commanders an up-to-the-moment view of the mission’s cyber risk posture.
The AI-powered RPG represents a strategic turning point
Adopting an agentic AI–powered ROC isn’t merely a technology refresh—it’s a strategic imperative. Adversaries have already automated their offensive capabilities, so defense agencies must do the same with their protective measures. By embedding goal-driven AI at the network’s edge, simplifying how data flows through command structures, and converting compliance processes into digital workflows, the Pentagon can ensure its applications, networks, and systems possess the agility and resilience needed to detect, prioritize, and counter cyber threats in the era of AI-fueled attacks.
Jonathan Trull serves as executive vice president and general manager of risk management and chief information security officer at Qualys.
Copyright
© 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
