Agent-Based Tools Will Define the Future of Defense, Predicts CSO at Sheppard Mullin

AI is actively reshaping the cybersecurity landscape. Often framed as a threat vector, the reality for many CISOs is that AI is primarily a business driver. Now, the shift is encouraging some leaders to adopt a new mantra: cautious optimism. Rather than ignoring the technology's well-documented risks, the approach stems from the belief that AI, when implemented with discipline, offers a credible pathway to scale defensive capabilities while simultaneously unlocking new financial benefits and operational efficiencies.

For an expert's take, we spoke with Quincey Collins, the CSO for Sheppard Mullin, a full-service AmLaw 50 firm. A security leader with a background in enterprise risk management and global security operations, Collins specializes in aligning cybersecurity strategy with broader business goals. Today, he believes the path forward is to view AI not just as a tool to be secured, but as a mechanism for business growth.

“We have to reframe it,” Collins says. “Across industries, there is a lot of business opportunity that can be gained from the thoughtful and successful adoption of AI technology. So, I think business leaders should remain optimistic, but at the same time, we all need to be cautious if we want to sidestep the pitfalls that exist with implementing technologies, whether they’re AI or other technologies.”

Any optimism, however, must be grounded in a rigorous governance workflow. Here, Collins describes a collaborative process in which the security function acts as a specialized partner, validating the architecture of business-led initiatives.

• Passing the baton: A precise operational sequence, where defined risk factors trigger a technical review, can allow organizations to map data flows and address risk factors before any contract is signed. "After businesses units socialize the need for artificial intelligence technology, that’s where the business can hand over the baton to the Information Security department. Security professionals have to answer fundamental questions: What type of access does the artificial intelligence system have to your systems and data? Is there any human interaction, or is it autonomous? Are there agents? What's the data flow? How does it work? After a structured security assessment, we can all make an informed decision on how to move forward—whether a system sufficiently aligns with best practices and compliance standards, or if further risk reduction or risk transfer is required."

This structured approach to safe and compliant adoption is critical because the threat landscape has fundamentally changed. While the vulnerabilities themselves are familiar—a lack of MFA, unpatched servers, or cloud misconfigurations—the speed of exploitation creates a new kind of problem.

• The machine-speed paradox: The most pressing danger isn't necessarily novel zero-day exploits, but the ability of adversaries using artificial intelligence to automate and accelerate their attacks, turning known weaknesses into instant breaches. “The same story and the same themes will exist in 2026. The biggest difference is that attackers will be able to exploit those vulnerabilities much faster. They're going to use artificial intelligence to amplify the personnel they already have. If the attackers are moving at machine speed through the automation of their attacks, the defenders of the world need to do the same.”

So what is the answer to a machine-speed problem? According to Collins, it’s a machine-speed solution. He believes this response will take the form of agent-based AI, a technology he sees as the "lead horse" for security defense in 2026 and beyond.

• The new frontier: Moving beyond static detection tools, the industry is shifting toward active, autonomous agents capable of responding to threats without waiting for human intervention. “Agent-based AI security tooling is going to be big. Models will only become more efficient, capable, and useful as we move forward into the future. We're in a development phase. It's the new frontier for AI security.”

• The 10x tradeoff: While these agents promise to revolutionize efficiency by handling routine tasks, they introduce a significant operational risk: recovering from an automated error is often more complex than fixing a human one. “Pairing that with defined workflows for doing routine tasks where the agent can do those tasks for an analyst will 10x the capability and the efficiency of security operations teams. But it’s a double-edged sword. If the AI security system doesn't get it right, then security teams will need to invest a lot of time and resources to understand what went wrong and then figure out how to recover from it."

Achieving this long-term vision is built on a playbook focused on disciplined investment. For Collins, it's a framework built on fiscal and operational reality, designed to turn the promise of new technology into tangible business value—without creating technical debt.

• No expensive paperweights: A successful strategy must account for the total cost of ownership, including the hidden labor costs of maintaining, patching, or updating complex AI models. "You don't want to buy an expensive paperweight that your analysts don't use. You have to put a lot of thought into the technology you're bringing in. Aside from the initial financial investment, everything has to be patched, updated, maintained, and trained. The existence of that technology in your environment will require time and resources from your team to keep it operating appropriately."

• Business value first: Meanwhile, technology acquisition must be mapped to specific metrics like speed, consistency, and automation of repetitive labor. “The introduction of artificial intelligence technology, from any perspective, must begin with business value," Collins says. "Does it make you more efficient? Does it make you faster? Does it automate routine tasks? Do you have a problem with consistent output?”

By offloading routine defense to AI agents and workflows, organizations can upskill their workforce to handle the complex architectural challenges that machines cannot solve. But advanced tools are never a substitute for foundational security, Collins explains.

• The human upgrade: "If the AI technology you are implementing is performing level-one tasks, you can now upskill your current workforce," Collins explains. "You can offload the easy, repeatable tasks to your AI system and then upskill the current workers to level-two and level-three to focus on the tough and intricate challenges that exist in your environment."

• No shortcuts: Regardless of how advanced the tooling becomes, it cannot compensate for a lack of basic security hygiene, robust architecture, and great security strategy. “From a security standpoint, it begins with best practices, and it ends with artificial intelligence," Collins says. "There are no shortcuts in information security or cybersecurity. There are absolutely no shortcuts. You have to go through the entire process of having great architecture, a knowledgeable staff, a trained workforce, great tooling, and great partners as well—information security teams do not live on an island.”

Ultimately, for Collins, success in this new era requires a balance of rigor and community collaboration. "With that said," he concludes, "I think CISOs, security leaders, and those in charge of security for their enterprise environment need to remain cautiously optimistic. They need to ask the hard questions of themselves, their organization, and of their vendors and partners as well. Stay safe out there."