Deploying agentic AI and GenAI in cybersecurity

Dhiraj Goklani, Splunk’s Area Vice President for South Asia breaks down the capabilities of GenAI and agentic AI in cybersecurity, explaining how organizations can implement either to enhance cybersecurity protection.

According to Splunk’s State of Security Report 2025, 59% of global organizations report moderate or significant efficiency gains with AI, especially when applied to querying security data, writing policies, and analysing threat intel – with human oversight built in.

For most organizations, a unified platform enables organizations to consolidate their tools with the report citing faster incident response (59%), better threat coverage (49%), and reduced maintenance workloads (53%) from those that have done so. In Singapore, this number is even higher – 62% report faster incident response with a unified platform, while only 11% experience significant challenges from tool dispersion.

At the same time, as cybersecurity vendors embed more GenAI and agentic AI capabilities into cybersecurity solutions, the question now is how organizations can know which works best for them, especially with more companies looking to consolidate their cybersecurity solution.

To understand more about how agentic AI and GenAI is making a different in cybersecurity, CRN Asia caught up with Dhiraj Goklani, Splunk’s Area Vice President for South Asia. He breaks down the capabilities of GenAI and agentic AI in cybersecurity, explaining how organizations can implement either to enhance cybersecurity protection.

How different is it when it comes to using agentic AI and GenAI capabilities in cybersecurity?

GenAI is typically equated to the ChatGPTs of the world. It is really good at summarizing. So, when you want to summarize mostly structured and unstructured textual data, that's what GenAI is really good at.

When it comes to security, GenAI will take certain incident information, even if it's across multiple different environments, and summarize it and give you a really good report or ability to point out a problem instead of you having to look at five different tools. It’s all about bringing the information all together and summarizing it for you.

However, when it comes to the ability to interact with the system in an automated fashion and to take action on the incident itself is where agentic AI comes in. It will come in to take the information from GenAI and then automatically build out a script or a step of actions to remediate the issue.

Let's take a simple example of malware in your environment. The GenAI system will tell you this is the malware issue. It's impacting servers and you need to do something about it. You then launch an agentic AI model, which then understands more details about the malware, what are the impacted servers, and such as well as how to take the right content for that specific malware and check it with the research data available or certain threat intelligence systems. It can then apply the right steps to remediate and fix the issue while keeping you in the loop.

This is what's exactly going on. At Splunk, we are always making sure that there's enough checks and balances so that it's not hallucinating, and we'll be out there. We've created our own proprietary agentic AI models now to be launched. We don't want to just use open source and rely so heavily on that when it's a mission critical environment. Obviously, eventually we'll get more open source, but initially we want to make sure we're using our own models.

Do organizations need to have GenAI capabilities to have agentic AI, or can they just focus on agentic, especially in security?

There are certain use cases where there's a combination of both needed. But there are many use cases where it can be just separately because GenAI is very broad in its summarization capabilities.

We launched something on our Splunk Core platform where the GenAI assistant helps users avoid writing Splunk specific language or SPL. It actually does the work for users and creates elegantly written SPL, which can then be tested. And even if a user writes their own, it will actually test it for the user before putting it into production. So that's a use case that doesn’t need to do have agentic AI attached to the GenAI.

And in the case of these assistants, which are chatbots which come with Splunk, they don't all have to have GenAI. In some cases, the integration makes more sense, when its actually looking for incidents or and looking for specific data driven elements which will help spawn the right agentic AI model.

So as an organization, how do they know which is the right agentic kind of solutions they’re looking at to work on?

There's a lot of hype as everybody's talking about using agentic AI. However, what we've done with customers and the more mature customers have realized, it essentially boils down to not just the use case, which has also become very commonly understood, but what are the metrics that matter and what KPIs are they trying to drive.

So, let's try to understand the metrics that matter to the organization. Because in some cases, customers are pretty good at detection, but in most cases, customers are struggling with the root cause. And then they need a root cause as immediately as possible to avoid it happening again.

With that in mind, agentic AI use cases will help them address that versus thinking about having a mad rush without really thinking through the problem. Aligned to that is the data sets, because customers may want to do something, but do they have the right data, the right training, the right historical information?

Have they proven it out in their environments? Is this also something which they have the right skill set internally to actually look at? Have they put in the right checks and balances? Do they have a human in the loop framework?

So Splunk fundamentally aims to make sure that customers are guided with the right maturity when it comes to AI because AI is important to solve these operational efficiency issues and get more automation and improve these metrics.

Coming into this region, what is the biggest challenge for organizations here?

There are two or three key challenges I see in this region. The first challenge is with the network. There's no customer or organization I’ve met with just one type of network. They've got multiple different network devices, and they're in multiple clouds as well. So how do you handle both the data on the managed network and the unmanaged network?

So, the ability to get end-to-end visibility is still an issue. I mean, if you ask me this question, even 15 years back, it is still the case. And now it's still the case because fundamentally, they've not been able to get visibility across those different environments.

But the challenge there is everybody's trying to get to AIOps, everybody's trying to get to using AI for solving these use cases. But the problem is the first problem itself; they still don't have all the data. And as you know, AI is only as good as data. The data in multiple silos as well. So, it's the same standard issue.

Now, fast forward to what they are able to do with Splunk is they're able to take critical services and critical businesses, business transactions, and instrument that as we now have a complete portfolio with AppDynamics and ThousandEyes and instrument it end-to-end.

We're able to do that. We can take some of these and bring not just the technical KPIs in terms of uptime, performance, meeting their MTT and MTTX, but also understanding how it aligns to their business KPI. And that's the next thing which all these companies are struggling with.

It's how much revenue they are transacting for every minute, every hour, every day. They should want to transform their IT to be focused on business SLAs. That has been the holy grail for many years. But it's still a major challenge. What’s interesting is that Splunk now has got end-to-end visibility across different environments and the ability to take in the business KPIs and align them.

The third challenge is having certain basic capabilities to solve some initial operational efficiency, SREs, and ops issues by using AI. So, we've launched an AI assistant in our observability platform that has the ability to help the SRE exactly get to the issue, detect it and even give them specific guidelines on how to take action on it. Also, it still keeps the human in the loop, so it doesn't finish up and writes a script and does all the work.

Instead, the tool will suggest and get the human in the loop and based on their approval, then go through the steps to actually make the changes needed in the environment to quickly do the remediation and also give root cause analysis.

So, if I can summarize, the challenges are still the same as many years back. But now the technology, the tools, the people, the process are finally aligning, and people are breaking down the silos. One key silo, which we're seeing breaking down, is between IT and security. This is the biggest challenge in almost every organization as they are completely different teams and have completely different data sets.

Thanks to Splunk's unified approach of security plus observability, we are seeing organizations in Singapore who've now implemented Splunk for both pillars. And the big transformation wasn't technology. It was the mindset and agreement at the highest levels at the CIO, the CISO, and the CTO to agree to have these teams work together and avoid finger pointing.