As agent-based AI moves into the mainstream, Munich Re says the technology is set to change the scale, speed, and precision of cyber activity on both the offensive and defensive sides.
The reinsurer described a threat environment shaped by geopolitical tension, armed conflict, and tougher competition in future-facing industries.
That backdrop, already tense, is colliding with a cyber risk picture growing more complex and demanding more active risk management.
Munich Re says agentic AI will increasingly plan and adapt multi-stage operations, exploit vulnerabilities with more efficiency, learn from detection responses, and operate with limited human input. That points to a different threat tempo. Faster, more adaptive, harder to predict.
The company also warned that AI already generates deepfakes, realistic domains and websites, and hyper-personalised phishing and social engineering attacks.
As those capabilities improve, attack surfaces are expected to expand sharply.
Agentic AI has moved beyond pilot phases and into production environments, forcing governance onto board agendas. These systems do more than generate text.
They invoke tools, access enterprise data and execute actions across business platforms, altering the enterprise risk profile in ways earlier AI deployments did not.
Chris Hughes, VP of Security Strategy at Zenity, said governance becomes essential as agentic AI enters live operations.
These systems act autonomously, invoke tools and interact directly with enterprise data and infrastructure. Risk management frameworks built around content quality alone no longer hold.
Traditional AI oversight focused on model accuracy, bias mitigation and output reliability. Agentic systems operate differently.
They ingest untrusted inputs such as emails, documents, chat messages, browser content and API responses, then act using permissions assigned directly or inherited from users.
Munich Re says synthetic content, fake personas, and rising misinformation will further weaken trust. That matters across the board, customer interaction, internal controls, vendor checks, public communication. Once trust slips, response gets messier.
Munich Re points to prompt injection, data poisoning, and malicious data or instructions designed to manipulate outputs as major attack routes. So the tools don’t only create new threats. They become part of the threat surface too.
At the same time, the reinsurer says agentic AI could strengthen cybersecurity as well. While autonomous systems may improve parts of the cyber kill chain and lower entry barriers for attackers, they could also transform defensive capabilities in a more basic way.
Munich Re says the human factor remains central, both as a line of defence and as a point of failure.
Munich Re says risk owners appear to view AI with more optimism than fear. 23% of executives believe AI will negatively affect their business, 66% expect a positive effect, and 57% say they trust companies using AI.
Even with agentic AI gaining traction, humans will not disappear from the process. Munich Re says some of the current discussion around the technology looks more like hype than immediate reality.
The company’s experts expect agentic AI to affect attack frequency more than attack severity in the near term.
According to Beinsure, that distinction matters for insurers. More frequent events can still pressure claims volumes, service operations, and underwriting assumptions, even without a matching jump in single-loss severity.
