Analytical Study of Agentic AI Systems for Autonomous Prevention, Detection, and Mitigation of Cyber Attacks in Critical Infrastructure

This study employed a structured literature review methodology to identify and analyze peer-reviewed publications relevant to agentic AI for autonomous cyber attack prevention, detection, and mitigation. The primary databases searched were IEEE Xplore, ACM Digital Library, Scopus, arXiv, and Google Scholar, covering publications from 2018 to 2026. Search terms included: "agentic AI cybersecurity", "autonomous intrusion detection", "multi-agent reinforcement learning cyber defense", "LLM cybersecurity agent", "ICS security machine learning", "agricultural IoT security", and "autonomous incident response".

Inclusion criteria required that papers (1) address autonomous or semi-autonomous AI techniques for cybersecurity; (2) target at least one of the three domains—general critical infrastructure, ICS/SCADA, or agricultural IoT; and (3) were published in peer-reviewed journals or recognized conference proceedings. Papers were excluded if they addressed only classical rule-based or signature-based security without any AI component, or if they were not written in English. From an initial pool of over 400 candidate publications, 27 papers were selected following title screening, abstract review, and full-text assessment.

AI Agents and Agentic AI

An AI agent is an autonomous computational entity that perceives its environment, reasons about its goals, and executes actions without continuous human intervention. Agentic AI extends this: systems that are autonomous, adaptable, and goal-directed, capable of proactive decision-making in dynamic environments. Unlike reactive AI—which produces single-shot outputs to specific prompts—agentic AI introduces persistent state, tool use, and self-directed control loops enabling planning, action, and revision across multi-step workflows. Vinay (2026) traces a five-generation taxonomy from single-model LLM reasoners through tool-augmented agents to distributed multi-agent systems and semi-autonomous investigative pipelines.

The NIST Cybersecurity Framework

The NIST CSF organizes cybersecurity capabilities into five core functions. Identify encompasses understanding organizational context, assets, and risks. Protect implements safeguards such as network segmentation, access control, and patch management. Detect addresses timely discovery of events through continuous monitoring and automated triage. Respond covers action on a detected incident, including autonomous quarantine and containment. Recover involves restoring impaired capabilities—the frontier of autonomous self-healing systems. This framework provides the analytical lens used to classify all reviewed work.

Critical Infrastructure Domains

ICS—encompassing SCADA, DCS, and PLCs—regulate energy, water, manufacturing, and transportation. Historically air-gapped, the convergence of operational technology (OT) with information technology (IT) during Industry 4.0 brought legacy vulnerabilities into internet-connected environments, where availability takes precedence over confidentiality. Agricultural IoT, meanwhile, deploys resource-constrained sensors with minimal security provisions, where a compromised irrigation controller or falsified sensor data can cause direct physical and economic harm to food systems.

The review spans six thematic areas. In agentic AI for cybersecurity, Adabara et al. (2025) synthesize cognitive autonomy, ethical governance, and quantum-resilient defense; Lazer et al. (2026) survey the dual-use implications, noting that the same agentic capabilities amplify both defenders and adversaries; Kshetri (2025) examines real-world SOC deployments (Darktrace, CrowdStrike) and market growth from $24.8B (2024) toward a projected $146.5B (2034); and Sheth et al. (2025) propose AI-driven self-healing systems—the sole work directly addressing autonomous recovery.

In ICS and critical-infrastructure security, Koay et al. (2023) survey ML-based detection against the backdrop of Stuxnet, BlackEnergy3, and Colonial Pipeline; Ahmed et al. (2025) synthesize 162 PRISMA-screened papers reporting detection accuracies exceeding 90%; and Paulraj et al. (2025) project a hybrid framework reducing breach containment from 280 to 0.5 days. In agricultural IoT, Adewusi et al. (2022) and Ali et al. (2024, 180 papers) catalog the threat landscape, while Davcev et al. (2026) propose the only agentic framework—at proof-of-concept stage.

In reinforcement learning and multi-agent defense, Landolt et al. (2025) survey MARL for intruder detection and lateral-movement containment; Sewak et al. (2023) review deep RL for adversarial and metamorphic-malware defense. In LLM agents, Hmimou et al. (2025) present a modular multi-agent architecture combining email, log, and IP-scanning agents with LLM semantic analysis, achieving 93.6% system-wide detection accuracy, 87% correlation accuracy, and 41.3% false-positive reduction on CIC-IDS 2017 and SpamAssassin. In honeypot-based deception, Pashaei et al. (2022) propose a SARSA reinforcement-learning honeypot for DDoS/MITM detection in ICS networks, attaining accuracy exceeding 0.99 and an F-measure of 0.98—the highest of any reviewed paper.

Table 1 presents a taxonomic classification of all 27 reviewed papers across domain, primary cybersecurity function, AI technique, autonomy level, and evaluation approach.

Dominant patterns. Detection is the most frequently addressed function, appearing in 25 of 27 papers (93%); response in 11 (41%), prevention in 8 (30%), mitigation in 2 (7%), and recovery in only 1 (4%). Of the 27 papers, 13 (48%) are literature reviews or position papers rather than empirical studies—indicating a field still in a consolidating phase. Reinforcement-learning variants (deep RL, MARL, SARSA) are the most common specific technique (9 papers, 33%), consistent with cybersecurity as a sequential decision problem under uncertainty.

Techniques were evaluated across five dimensions—effectiveness, domain applicability, feasibility, scalability, and adaptability. Only 4 of 27 papers report specific detection-accuracy values; the remainder are surveys, position papers, or conceptual frameworks.

Mapping the reviewed work onto the NIST CSF reveals a pronounced skew toward Detect, with Identify entirely unaddressed and Recover covered by a single study.

Domain coverage is similarly imbalanced: General cybersecurity and ICS together account for two-thirds of all papers, while agricultural IoT—despite the criticality of global food systems—comprises only four, none field-validated.

This study is subject to several limitations. First, selection bias: although a structured protocol was followed, the choice of databases and search terms may have excluded relevant work indexed elsewhere or described with different terminology. Second, language restriction: only English-language publications were considered, potentially omitting significant research published in other languages. Third, and most importantly, this is an analytical review without independent empirical validation—the performance figures reported (e.g., 93.6% detection accuracy, >0.99 honeypot accuracy) are drawn from the original studies and were not independently reproduced. Cross-paper comparison is further constrained by the heterogeneity of datasets and evaluation protocols across the reviewed literature.

This study conducted a systematic analysis of agentic AI for autonomous prevention, detection, and mitigation of cyber attacks in critical infrastructure, reviewing 27 papers. The state-of-the-art is defined by modular multi-agent LLM architectures achieving 93.6% detection accuracy (Hmimou et al., 2025), SARSA-based honeypots exceeding 0.99 accuracy for ICS intrusion detection (Pashaei et al., 2022), and agentic frameworks demonstrating autonomous incident response at scale. Yet significant gaps remain: 13 of 27 papers are surveys lacking original empirical contribution; only 4 evaluate techniques in operational or simulated ICS environments; recovery automation is addressed by a single paper; and agricultural IoT has no field-validated agentic deployments.

Four implementation recommendations emerge: (1) deploy multi-agent LLM architectures for cross-domain threat correlation in SOCs, prioritizing semi-autonomous operation with human-in-the-loop verification for high-impact actions; (2) integrate RL-enhanced honeypots with defense-in-depth strategies for ICS networks; (3) align autonomous agent deployment with the NIST CSF, focusing first on Detect and Respond while developing Identify and Recover capacity; and (4) mandate continuous model retraining on up-to-date operational data. Future research should prioritize large-scale empirical validation addressing the sim-to-real gap, standardized cross-paper evaluation frameworks, longitudinal adaptability testing, and dedicated investigation of autonomous recovery and mitigation.

1. I. Adabara, B. Olaniyi Sadiq, A. Nuhu Shuaibu, Y. Ibarahim Danjuma, and M. Venkateswarlu, "A Review of Agentic AI in Cybersecurity: Cognitive Autonomy, Ethical Governance, and Quantum-Resilient Defense," F1000Research, vol. 14, p. 843, 2025.
2. A. O. Adewusi, N. R. Chiekezie, and N. L. Eyo-Udo, "Securing Smart Agriculture: Cybersecurity Challenges and Solutions in IoT-driven Farms," World Journal of Advanced Research and Reviews, vol. 15, no. 3, pp. 480–489, 2022.
3. I. Ahmed and A. A. R. Tonoy, "Cybersecurity in Industrial Control Systems: A Systematic Literature Review on AI-based Threat Detection for SCADA and IoT Networks," Academia Procedia: Global Perspectives in Science and Engineering, 2025.
4. G. Ali, M. M. Mijwil, B. A. Buruga, and others, "A Survey on Artificial Intelligence in Cybersecurity for Smart Agriculture: State-of-the-Art, Cyber Threats, AI Applications, and Ethical Concerns," Mesopotamian Journal of Cybersecurity, 2024.
5. M. M. Aslam, A. Tufail, H. Gul, M. N. Irshad, and others, "Artificial Intelligence for Secure and Sustainable Industrial Control Systems: A Survey of Challenges and Solutions," Artificial Intelligence Review, 2025.
6. D. Davcev, S. Kalajdziski, I. Dimitrovski, I. Kitanovski, and others, "Agentic AI-based IoT Precision Agriculture Framework: Our Vision and Challenges," AgriEngineering, 2026.
7. A. Dehghantanha, A. Yazdinejad, and R. M. Parizi, "Autonomous Cybersecurity: Evolving Challenges, Emerging Opportunities, and Future Research Trajectories," in Autonomous Cybersecurity, ACM, 2023.
8. Y. Hmimou, M. Tabaa, A. Khiat, and Z. Hidila, "A Multi-Agent System for Cybersecurity Threat Detection and Correlation Using Large Language Models," IEEE Access, 2025.
9. A. Javadpour, P. Pinto, F. Ja'fari, and W. Zhang, "DMAIDPS: A Distributed Multi-Agent Intrusion Detection and Prevention System for Cloud IoT Environments," Cluster Computing, 2023.
10. A. M. Y. Koay, R. K. L. Ko, H. Hettema, and K. Radke, "Machine Learning in Industrial Control System (ICS) Security: Current Landscape, Opportunities and Challenges," Journal of Intelligent Information Systems, 2023.
11. N. Kshetri, "Transforming Cybersecurity with Agentic AI to Combat Emerging Cyber Threats," Telecommunications Policy, 2025.
12. C. R. Landolt, C. Würsch, R. Meier, A. Mermoud, and others, "Multi-Agent Reinforcement Learning in Cybersecurity: From Fundamentals to Applications," arXiv preprint, 2025.
13. S. J. Lazer, K. Aryal, M. Gupta, and E. Bertino, "A Survey of Agentic AI and Cybersecurity: Challenges, Opportunities and Use-Case Prototypes," arXiv:2601.05293, 2026.
14. F. Louati, F. B. Ktata, and I. Amous, "Big-IDS: A Decentralized Multi-Agent Reinforcement Learning Approach for Distributed Intrusion Detection in Big Data Networks," Cluster Computing, 2024.
15. M. Mesbah, M. S. Elsayed, A. D. Jurcut, and M. Azer, "Analysis of ICS and SCADA Systems Attacks Using Honeypots," Future Internet, 2023.
16. A. Mohammed, "Agentic AI as a Proactive Cybercrime Sentinel: Detecting and Deterring Social Engineering Attacks," Journal of Data and Digital Innovation, 2025.
17. M. Nankya, R. Chataut, and R. Akl, "Securing Industrial Control Systems: Components, Cyber Threats, and Machine Learning-Driven Defense Strategies," Sensors, 2023.
18. S. Panwar and H. Abdelrahman, "Agentic AI in Cybersecurity: Review of Autonomous Threat Detection and Adaptive Defense Mechanisms," in 2025 International Conference on Cybersecurity, IEEE, 2025.
19. A. Pashaei, M. E. Akbari, M. Z. Lighvan, and A. Charmin, "Early Intrusion Detection System Using Honeypot for Industrial Control Networks," Results in Engineering, 2022.
20. P. Patel and R. Patel, "Reinforcement Learning for Cyber Defense: AI Architectures for Securing US Critical Infrastructure," SSRN Electronic Journal, 2025.
21. J. Paulraj, B. Raghuraman, and others, "Autonomous AI-based Cybersecurity Framework for Critical Infrastructure: Real-time Threat Mitigation," in 2025 IEEE/ACIS International Conference, IEEE, 2025.
22. S. Qazi, B. A. Khawaja, and Q. U. Farooq, "IoT-equipped and AI-enabled Next Generation Smart Agriculture: A Critical Review, Current Challenges and Future Trends," IEEE Access, 2022.
23. M. Sewak, S. K. Sahay, and H. Rathore, "Deep Reinforcement Learning in the Advanced Cybersecurity Threat Detection and Protection," Information Systems Frontiers, 2023.
24. A. Sheth, A. Achanta, P. Matam, A. Patel, and others, "AI-Driven Self-Healing Cybersecurity Systems with Agentic AI for Adaptive Threat Response and Resilience," in 2025 IEEE Cloud Computing Conference, IEEE, 2025.
25. S. Shrestha, C. Banda, A. K. Mishra, F. Djebbar, and D. Puthal, "Investigation of Cybersecurity Bottlenecks of AI Agents in Industrial Automation," Computers, 2025.
26. V. Vinay, "The Evolution of Agentic AI in Cybersecurity: From Single LLM Reasoners to Multi-Agent Systems and Autonomous Pipelines," in 5th International Conference on AI in Cybersecurity, IEEE, 2026.
27. H. Xu, S. Wang, N. Li, K. Wang, Y. Zhao, K. Chen, T. Yu, Y. Liu, and H. Wang, "Large Language Models for Cyber Security: A Systematic Literature Review," ACM Transactions on Software Engineering and Methodology, 2024.