Security Agent Manifesto

Generic AI Will Not Secure the Enterprise

Security work is not generic knowledge work. It is messy, contextual, fragmented, and high stakes.

A real security workflow may require understanding source code, cloud infrastructure, identity systems, EDR telemetry, SIEM logs, vulnerability context, asset ownership, business criticality, internal policies, compensating controls, and the history of how a specific company operates.

A generic AI assistant cannot simply be dropped into that environment and expected to perform human-grade security work.

Production security automation requires agents that are tailored to the enterprise. They must understand the customer’s architecture, internal processes, escalation paths, risk tolerance, tooling, compliance obligations, and operational constraints.

The winning model is not “one-size-fits-all AI.” The winning model is deeply customized agents deployed close to the work.

Your Security Data Should Not Become Someone Else’s Cloud Dependency

Enterprises are right to be skeptical of sending sensitive security data into a startup vendor’s cloud.

Security automation agents need access to some of the most sensitive information in the company: source code, vulnerabilities, credentials metadata, detection logic, incident data, security logs, internal systems, employee information, and sometimes active threat investigations.

That data should not have to leave the enterprise perimeter just to make AI useful.

Cloud-based AI security tools create several problems: they expand the attack surface. They introduce third-party dependency risk. They create uncertainty around data handling, retention, model access, and vendor compromise. They make it harder for heavily regulated, defense, financial, healthcare, and critical infrastructure organizations to adopt AI in the workflows where it matters most.

Ghost’s position is simple: the most sensitive security automation should run where the sensitive security data already lives.

On-premise agents give enterprises control over data, execution, observability, authentication, authorization, logging, and model selection. They allow security teams to apply AI without giving up control of the environment they are trying to protect.

AI Vendor Lock-In Is the Wrong Architecture

The enterprise AI stack is changing too fast for security teams to bet their future on a single model vendor.

Different models are better at different tasks. One model may be excellent at code reasoning. Another may be faster and cheaper for classification. Another may perform better on long-context log analysis. Another may be preferred for regulated environments because it can run locally. Some workflows may require frontier models. Others may be handled by smaller, cheaper, private models.

Security automation should not be locked to one AI provider, one cloud, or one proprietary inference path.

The right architecture is model-flexible. Enterprises should be able to use OpenAI, Anthropic, Google, open-weight models, local models, fine-tuned models, or their own approved internal model stack depending on the task, sensitivity, cost, latency, and compliance requirement.

Ghost’s vision is to make the agent harness independent of the model layer.

The agent should be durable. The workflow should be observable. The controls should be enforceable. The model should be swappable.

That is how enterprises avoid AI lock-in while still moving fast.

Security Agents Must Earn Autonomy

Autonomy should not be granted on day one. It should be earned through trust, evidence, control, and operational maturity.

Ghost believes enterprise security automation should advance through clear maturity tiers.

T1: Inform Only

At Tier 1, agents observe, analyze, summarize, and recommend.

They do not take action. They help humans move faster by gathering context, correlating data, explaining findings, drafting tickets, writing investigation summaries, identifying likely root causes, and recommending next steps.

This is where most enterprises should begin.

T1 agents reduce analyst burden without introducing operational risk. They create immediate value by improving visibility, speed, and decision quality while keeping humans fully in control.

T2: Human-in-the-Loop Automation

At Tier 2, agents begin preparing and executing controlled actions with explicit human approval.

The agent may draft a pull request, prepare a firewall rule, recommend an EDR containment action, generate a remediation plan, update a ticket, or assemble an incident response package. But before anything material happens, a human reviews and approves.

This is the bridge from AI assistance to AI operations.

T2 is where agents become part of the security team’s daily workflow. They save time, reduce manual toil, and standardize execution while preserving human judgment at critical decision points.

T3: Human-Above-the-Loop Autonomy

At Tier 3, agents can execute full workflows autonomously within defined boundaries.

Humans are no longer approving every step. Instead, humans define the mission, policies, constraints, escalation rules, and success criteria. The agent operates within those guardrails and escalates when confidence is low, risk is high, or policy requires human review.

This is the future of security operations.

A T3 agent might investigate phishing from intake to resolution, validate and prioritize vulnerabilities, remediate low-risk code findings, contain known malware patterns, enrich alerts, coordinate across systems, and document the full chain of reasoning and action.

But T3 autonomy only works when the agent is observable, controllable, auditable, and deployed in the right environment. Full autonomy without strong controls is reckless. Full autonomy with on-prem execution, policy enforcement, model flexibility, human oversight, and expert-backed customization is how security teams scale.

Human Expertise Still Matters

The future is not AI replacing security teams. The future is AI amplifying the best security teams.

Real production agents require human expertise to design the workflows, define the policies, tune the system, validate outputs, measure performance, and adapt the automation to the enterprise environment.

Ghost’s approach combines AI automation with embedded security engineering expertise. We do not believe enterprises succeed by buying a generic agent and hoping it works. They succeed by deploying tailored agents against specific outcomes, with experts helping shape the system until it performs at production quality.

Security automation is not a feature. It is an operating model.

The Future Belongs to On-Prem, Tailored, Model-Flexible Agents

The next generation of security automation will not be defined by generic chatbots, vendor clouds, or black-box AI workflows.

It will be defined by agents that run close to the data, integrate deeply with enterprise systems, adapt to each organization’s processes, use the right model for the right task, and move safely from recommendation to human-approved action to bounded autonomy.

This is how enterprises defend against AI-driven threats.

This is how security teams scale without losing control.

This is how AI becomes real production infrastructure for security work.

Conclusion