Oklahoma Deploys Autonomous AI to Combat Cyber Threats

Michael Toland, Oklahoma's Chief Information Security Officer (CISO), recently described the "scary" but necessary decision to allow AI agents to operate autonomously in the state's cybersecurity efforts. Facing an onslaught of cyberattacks enhanced by generative AI, Oklahoma has shifted from human-confirmed actions to fully automated decision-making using Darktrace's "Cyber AI Analyst".

The Need for Speed in Cybersecurity

Toland emphasized that traditional methods are no longer sufficient. "My staff isn’t going to get any bigger. My budget isn’t going to get any bigger," he said. With AI-powered threats like sophisticated phishing emails and malware on the rise, Oklahoma's small team of 35 IT security professionals relies on AI to monitor 28 billion potential threats annually.

• AI as a Force Multiplier: Darktrace's agent scans network traffic in near-real time, flagging anomalies—such as unfamiliar processes or unusual user behavior. In one month, it generated 3,000 alerts, 18 of which were critical. Toland estimates this efficiency equals the work of 500 human analysts.
• Autonomous Actions: The AI can quarantine suspicious devices, imposing progressive time-outs. While it lacks workstation access, it monitors everything, including email tone shifts that might indicate compromise.

Risks and Rewards of Agentic AI

Sounil Yu, CTO of Knostic, cautioned against premature autonomy: "I think a lot of people are going to be playing Russian roulette with security tools that they let go wild." However, Toland argued that speed is critical—IBM data shows breaches often go undetected for 194 days, allowing attackers to corrupt backups.

Yu acknowledged AI's long-term potential to tilt the balance toward defenders: "AI effectively levels the playing ground." But he likened current implementations to "wielding the power of 100 interns"—powerful yet requiring oversight.

Key Takeaways

• Oklahoma’s AI-driven approach reflects a broader trend of governments adopting agentic tools to counter AI-augmented threats.
• The state’s system highlights the trade-off between autonomy and risk in cybersecurity.
• Experts agree AI will eventually favor defenders but urge caution in its deployment.