I recently spent time on-site at IBM’s cyber security centre in Bangalore. During the visit I asked two simple questions about where cyber security is heading in a world increasingly shaped by agentic AI.

The questions themselves were straightforward. But the answers, and more importantly the implications behind them, did not merely hint at IBM’s strategy or provide insight into where the market is heading. They exposed it directly and then walked us through the front door.

First, the questions.

1. Why did IBM choose to remain in the Managed Security Services market, particularly when it had exited so many other infrastructure-heavy areas of global tech services? The question was of interest to me because IBM’s security services have appeared to be shuffled in recent years, as the company attempted to find the right home within its overall strategic changes. In the process creating a degree of frustration and uncertainty for staff and customers about future fit. That’s a commercially important consideration.

2. Were the economics of agentic AI fundamentally reshaping cyber warfare? I was interested to hear how AI was impacting large-scale, resource-intensive attacks like DDoS. Was IBM seeing them become less attractive as a threat vector, while simultaneously observing an increase in the viability of lower-cost, higher-impact threats such as phishing, disinformation, supply chain compromise, and data leakage? Also, a commercially important consideration for cyber investment.

What emerged from those discussions cuts to the heart of changes unfolding across the global security, AI and managed services markets. Perhaps you’ve wondered yourself. What does actually change when agentic systems begin making decisions, not just detecting events? And if that happens, what does “managed services” even mean anymore? IBM has the answer.

Six years into his tenure as IBM CEO, there is still a version of the Arvind Krishna IBM transformation story that gets told as a retreat. It is the one where they lost to the Indian SI and Managed Services conglomerates. Where they exited infrastructure-heavy tech services, carved out large parts of thier business into a $20 billion start up called Kyndryl in 2021, stepped away from the global outsourcing market they helped define, and left customers wondering how they had misread another cyclical change.

Yet at the same time, it didn’t read as a clean break. IBM chose to retain and continue investing heavily in cyber security, an intensely infrastructure-heavy function. Viewed through the traditional lens of managed services and systems integration, that carried all the signs of an inconsistent and confused message. It was the basis of my first question.

But over time, something IBM is famously consistent in drawing on, the inconsistency began to disappear. The issue was not necessarily IBM’s strategy. It was that many of us were still applying an older definition of managed services to a market that was already shifting underneath it.

If managed services were still primarily about operating infrastructure and running environments, IBM’s security strategy was difficult to reconcile, even for its own staff. But if the future of managed services is increasingly about managing decisions, orchestrating responses, and governing execution in AI-driven environments, the strategy makes far more sense.

In hindsight, it may simply have taken five years for the strategy to become legible. Quietly, and with relatively little fanfare, IBM shifted toward managing cyber decision-making at scale rather than simply operating security infrastructure. As a proof point, IBM is not alone in moving this way, and that transition is increasingly visible across the industry today. Step outside raw infrastructure and ServiceNow’s recent direction, product positioning, and acquisitions arguably represent the software platform equivalent of the same broader transition.

The traditional model of managed services was built around stability and predictability. Hundreds of billions of dollars of contracts have been written on the expectation that systems would be kept running, service levels would be met, and issues would be resolved within defined timeframes. It was labour-intensive, operationally focused, and increasingly constrained by cost pressures as infrastructure became more standardised, more easily commoditised, and labour arbitrage margins sent into retreat. For decades, value creation has been tied to the idea that these environments required constant human oversight to function effectively. So what changed?

Apart from AI itself, cyber may be one of the clearest examples of why traditional managed services thinking is beginning to break down. While security services historically behaved relatively predictably for decades, cyber does not.

It is not a steady-state environment that can simply be optimised around predictable workloads, standardised controls, and defined response times. It is a continuous exercise in judgement under uncertainty, where signals are incomplete, context shifts rapidly, and the consequences of getting decisions wrong are highly asymmetric. A single missed event can carry more weight than thousands of correctly handled ones.

The speed at which those judgements now need to be made is also increasingly incompatible with human response times alone. That changes the nature of the service entirely. The centre of gravity shifts away from merely operating infrastructure toward orchestrating detection, interpretation, prioritisation, and coordinated response across constantly changing environments.

This is where agentic systems begin to have real impact, because they operate naturally in environments where decisions need to be made continuously, at speed, and with high levels of confidence. Going back as far as the late 2000’s IBM used to coin this as the ability manage the three Vs. Volume. Velocity and Veracity.

That sets the basis of the change. But the shift becomes even more significant when viewed from the perspective of the attacker, because the same forces transforming cyber defence are also transforming offensive capability. That was the basis of my second question.

Not all forms of attack will benefit equally from this change. Blunt-force methods such as distributed denial of service (DDOS) still rely on scale, coordination, and infrastructure, and while they remain relevant, are increasingly well defended by the large platforms that sit at the edge of most enterprise environments. Agentic systems do not fundamentally change that equation, because the problem remains one of volume rather than understanding.

Other attack vectors, however, begin to look very different and increasingly emerge as priority focus areas for cyber security strategies in the age of agentic AI.

Phishing becomes more targeted and more convincing as systems are able to build detailed contextual profiles and adapt messaging in real time. Data exfiltration becomes quieter and more deliberate, focusing less on volume and more on identifying and extracting high-value information without triggering detection. Supply chain attacks become more attractive because of the incredible leverage they offer, allowing a single point of compromise to cascade across multiple organisations, and expontentially erode brand trust and its adjacent financial blast radius. Even disinformation becomes easier to generate, easier to personalise, and harder to attribute.

What links these threats together is that they rely less on brute force and more on understanding, adaptation, timing, precision, and increasingly, the manipulation of context itself. Frontier model prompt injection and reasoning-layer attacks exemplify this shift. The objective is no longer simply to penetrate systems, but to influence how systems interpret, prioritise, decide, and respond. These are exactly the types of attack vectors that benefit from agentic systems capable of learning, iterating, coordinating, and adapting at machine speed. They are likely to become some of the defining cyber battlegrounds of the next decade.

The pattern that emerges becomes clear. Attacks that rely on force become less attractive relative to those that rely on understanding. And that also changes the economics on both sides. Attackers are able to reduce the cost per attempt while increasing precision and speed of iteration, while defenders (i.e. organisations) reliant on older operating models remain constrained by governance, risk tolerance, and the need to maintain operational continuity.

One side is optimising for success probability, the other for acceptable risk. And the gap between those two positions is starting to widen. This is exactly why cyber is moving first into Agentic AI, because it is the one domain where those pressures are already acute, can easily overrun an organisation, and cannot be deferred.

In wrapping up, let’s look at these changes through the eyes of a typical customer where the architectural picture becomes even more tangible. Many organisations already have the core components of what could be considered an agentic security model today, even if they would not describe it in those terms.

Identity might be managed through platforms like Okta, access and policy enforcement might be handled through services like Zscaler, behavioural analysis performed by tools such as Exabeam, and the underlying network environment observed and instrumented by providers like Extreme Networks.

Individually, each of these platforms performs a well-defined function and delivers immense value in its own right. Kind of like the family of individual intelligence agencies in a national context. Collectively, they begin to look like a set of independent decision engines tasked with operating across the same environment. Each one is answering a version of the same question, just from a different perspective.

• Identity determines who someone is and whether they should be allowed to act.

• Access layers determine where they can go and under what conditions.

• Behavioural systems assess whether what is happening is normal or suspicious.

• Network layers provide visibility into what is actually occurring across the environment at any given moment.

What is often missing is a clear definition of how those decisions come together when they need to be made in real time. And outside of business-as-usual, when does that actually happen? Usually in the moments leading up to, or immediately following, a major event where timelines compress dramatically and systems, policies, and response mechanisms are forced to coordinate at machine speed.

This is where the role that IBM offers today becomes really really clear, because it is not about replacing any of those layers, nor is it about competing with them in a traditional sense. It is about sitting above them and orchestrating how those decisions are prioritised, resolved, and executed when the system is under pressure. This was the IBM vision.

Today, they are delivering on this vision using a combination of consulting, security software products, and the broader IBM watsonx AI platform. That is a very different proposition from traditional managed services, and it is one that most organisations have not yet fully come to terms with.

Today’s reality is that most organisations have assembled the components of an agentic decision environment without explicitly designing how that environment behaves. Decisions are being made across a number of platforms, but the logic that connects those decisions is often implicit, shaped by default configurations, integration patterns, or the operating assumptions of individual vendors. And then even if they are mapped, where do these decisions live? That is no longer sufficient in the agentic age.

It will continue to work for a while in environments where decisions are relatively slow and human oversight can fill the gaps, but it becomes increasingly fragile as decision-making accelerates and becomes more distributed. At that point, the problem is no longer one of capability, because the tools themselves are highly capable. The problem becomes one of control, and specifically whether the organisation understands what the system is allowed to do and how those permissions are exercised in practice.

What sits underneath all of this is not simply a shift in cyber, but a shift in the way enterprise systems operate. For a long time, the dominant model has been built around systems of record and systems of engagement, with the assumption that humans sit at the centre, making decisions and directing activity. Security has been no different. Yet as more of that decision-making becomes embedded within the system itself, the structure begins to change.

Identity starts to take on the characteristics of authority. Access becomes an enforcement mechanism rather than just a gateway. Behavioural analysis becomes a form of judgement rather than reporting. And network visibility becomes a form of awareness that informs real-time action.

Individually, these changes are subtle, but collectively they redefine how the system behaves. And once that happens, the question that sits at the centre of every organisation becomes much simpler and much harder to ignore. Who decides what happens next? IBM’s decision to retain and invest in managed security services now makes total sense in the context of their broader Hybrid, Data, AI strategy. It is the domain where the consequences of not being able to answer that question are immediate.

IBM appears to have recognised earlier than most that the future of cyber would ultimately become a problem of orchestration, governance, and machine-speed decision-making. In doing so, it may also have inadvertently provided the industry with its north star, and the clearest onramp for agentic adoption at scale.