“Agentic AI” refers to intelligent systems capable of autonomous action—observing, planning, and executing tasks without continuous human oversight. In cybersecurity, this tech promises accelerated vulnerability discovery, threat hunting, and even automated incident response. However, it also introduces new trust and security challenges. NVIDIA, CrowdStrike, and Accenture have all emphasised both their promise and the need for novel security frameworks.
Argusee: Multi‑Agent Architecture for Automated Vulnerability Discovery
What is Argusee?
Designed by DARKNAVY, Argusee simulates a human-like audit team by dividing tasks among distinct AI agents—Manager, Auditor, and Checker—to analyse software code collaboratively.
How it works:
- The Manager agent defines the scope and delegates tasks.
- Multiple Auditor agents inspect different code areas for issues.
- The Checker agent validates findings for accuracy.
This structure mirrors the workflows of security teams, reducing false positives and negatives compared to single-agent tools.
Real‑World Impact: CVE-2025-37891 Discovery
Argusee successfully identified CVE-2025-37891, a high-severity heap overflow in the Linux USB MIDI2 subsystem of the kernel 6.5 and later. This vulnerability, which is exploitable for privilege escalation, was confirmed on Arch Linux and subsequently patched across major distributions, including Ubuntu and Arch.
Benchmark tests on META CyberSecEval2 single-file cases yielded 100% detection accuracy on buffer overflow challenges.
Argusee has also uncovered 15 previously unknown vulnerabilities in projects like GPAC and GIFLIB, representing real-world success beyond theoretical testing.
Read more: Argusee: A Multi-Agent Collaborative Architecture for Automated Vulnerability Discovery.
The Bigger Picture: Agentic AI in Security Operations
Agentic AI is reshaping Security Operations Centres (SOCs) by allowing autonomous threat detection and response. NVIDIA reports these systems can triage alerts twice as fast with significantly reduced compute requirements. CrowdStrike’s research into multi‑agent systems demonstrates potential for proactive vulnerability detection and remediation. According to BankInfoSecurity, agentic AI helps shift cybersecurity from a reactive to a predictive defence model.
Challenges and Risks
Despite its potential, agentic AI introduces new attack surfaces:
- Tool Misuse and Identity Spoofing: Autonomous agents may be hijacked or bypass safeguards
- Over-Permissioned Agents: Excessive privileges could lead to escalated damages if exploited
- Hallucination-driven actions: Agents may act on inaccurate conclusions, leading to false interventions or unsafe automation
MIT Sloan reports only 42% of firms currently have proper security frameworks for agentic AI, underlining a significant readiness gap.
Case Study: Argusee’s Buffer Overflow Accuracy vs. SOC Automation
| Initiative | Purpose | Outcome |
|---|---|---|
| Argusee | Code auditing for buffer overflows | 100% accuracy on benchmarks, 15 real flaws discovered |
| SOC Agentic AI | Alert triage and response | 100% accuracy on benchmarks, 15 fundamental flaws discovered |
Further Reading & Sources
- How Agentic AI Enables the Next Leap in Cybersecurity
- How Agentic AI Is Redefining Cybersecurity
- CrowdStrike Research: Securing AI-Generated Code with Multiple Self-Learning AI Agents
- Agentic AI’s Intersection with Cybersecurity
- Three Essentials for Agentic AI Security
Conclusion
Argusee exemplifies the transformative power of multi-agent AI in vulnerability discovery, enabling the discovery and confirmation of real-world flaws faster and with higher fidelity than single-agent systems. Broadly, the rise of agentic AI across threat detection and SOC automation highlights a shift to autonomous cybersecurity workflows.
Yet, organisations must adopt tight governance and oversight. Agents need scoped permissions, identity verification, and validation mechanisms to avoid becoming the next weak link. As agentic AI evolves, it will increasingly mirror sophisticated human teams—but without control, it could just as easily echo human error.