Philosophical Reset on Cybersecurity

It’s no longer about analysts responding to alerts on a dashboard. It’s about setting up pipelines and training AI agents that can adequately respond to threats when they inevitably happen.

The cybersecurity attack surface keeps expanding, no one seems to care about data breach headlines, and the only moments that truly wake up a company’s board are the ones that stop revenue: checkout failures, locked-up ERPs, dead mobile apps, ransomware holding operations hostage. That shift - from fear of data loss to fear of operational disruption - is exactly why security engineering has to change its center of gravity.

The Problem: Breach Fatigue, Outage Panic

• Desensitization is real. Another credential dump? Shrug. A “possible exposure” note? File it.
• Outage is the only universal priority. If the website’s down, payments fail, or fulfillment halts, executives care immediately.
• Manual playbooks don’t scale. SSHing into boxes and pasting commands worked when fleets were small and stacks were simple. Today it’s sprawling clouds, ephemeral compute, SaaS-on-SaaS, and a firehose of uncorrelated logs.

Conclusion: The job isn’t “look at things and react.” The job is instrument the system so it responds before revenue is threatened - and prove it did.

Enter AI Agents (Done Right)

AI agents aren’t magic; they’re runtimes for codified procedures that read signals in your environment, decide, and act - at machine speed. The key is to connect them to safe, minimal, auditable capabilities. That’s where Model Context Protocol (MCP) servers come in.

What MCP Servers Provide

• Scoped Tools: “Rotate these keys,” “quarantine this device,” “disable this user,” “tighten this S3 policy,” “open a JIRA incident,” “post to Slack.”
• Guardrails: Command parameter validation, Role-Based Access Control (RBAC), rate limits, dry-run vs enforce, and human approvals for high-impact actions.
• Context Feeds: Curated slices of telemetry: SIEM queries, EDR findings, CloudTrail deltas, identity risk signals, billing anomalies.

Think of MCP servers as API shims for operations: each one wraps a narrow operational domain (Identity, Endpoint, Cloud Config, Networking, Ticketing) into clean verbs an AI agent can call.

Let’s Turn this into a Real Story

Context

Law firm Pearson Pearson Hardman (120 users) runs on Microsoft 365 (Entra ID, Defender for Office 365, Purview, Intune, SharePoint/OneDrive, Teams) plus legal Software as a Service (SaaS): Clio Manage, NetDocuments, iManage (legacy matters), RelativityOne (e-discovery), LawPay (payments), and DocuSign.

They’ve had breach fatigue - password resets, vague “possible exposure” emails. The last straw: A Friday-afternoon LawPay outage and a MS Teams phishing blast that tied up attorneys for hours.

Dollarized Impact of Traditional IT Security Ops

Historically, IT Support did all of the following manually to address these problems:

• Disable compromised accounts
• Revoke OAuth consent
• Quarantine laptops
• Kill malicious inbox rules
• Lock down a public SharePoint links
• Suspend LawPay webhooks during fraud flags
• Restrict NetDocuments shares
• Open client-notice tickets

Pearson Hardman calculated the dollarized impact of these problems by taking into account:

• Average partner billable loss/hour
• Delayed invoices from LawPay
• E-discovery holds blocked in RelativityOne

Executives finally see the number: ~$38k/hour during security incidents.

IT Support Revamps Their Operations

The IT Support team takes a couple of weeks to develop specific intents that can be used by AI agents:

• Identity MCP (Entra ID):

  • disable_user(userId, reason)
  • revoke_sessions(userId)
  • remove_dangerous_inbox_rules(userId)
  • rotate_app_passwords(userId)

• SaaS MCP:

  • Clio: pause_matter_sharing(matterId), remove_third_party_app(appId)
  • NetDocuments: restrict_workspace(workspaceId, mode="internal_only"), expire_public_links(workspaceId)
  • LawPay: toggle_payment_portal(state), post_banner(message, ttl)

• Endpoint MCP (Intune/Defender for Endpoint):

  • isolate_device(deviceId), start_antimalware_scan(deviceId)

• Comms & Ticketing MCP:

  • Jira/ServiceNow: open_incident(summary, severity, evidence[])
  • Teams/Email: notify(channel, message, attachments[])

AI Shadow Mode

Over the next month, AI Agents simply ingest signals from the environment and communicate to the IT Support Team the actions the AI ***would have taken*** if they were granted full agency. When the IT Support Team is comfortable, they begin to allow AI agent autonomy (with executive sign off of course) - first for low risk / high confidence actions, and then later for higher risk remediation actions.

AI Agents Go Live

Three real incidents:

1. Suspicious OAuth consent (Partner Account)

   • Agent Awareness: New app consent + inbox rule forwarding to protonmail.
   • Agent Recommendation to IT Support: Disable user, revoke sessions, remove inbox rules, expire NetDocuments public links, open incident, draft client-safe notice.
   • Action: Humans click through the MCP “one-click bundle” and execute in 4 minutes (used to be ~45).

2. Mass download from NetDocuments (Summer Associate)

   • Agent Awareness: Agent spots abnormal client data egress vs. established baseline.
   • Agent Recommendation to IT Support: Restrict employee workspace to internal, ping matter lead on MS Teams, request manager approval for limited workstation restore.
   • Action: Manager approves; data movement stops, eDiscovery holds intact.

3. LawPay anomaly (Chargebacks Spike)

   • Agent Awareness: Agent spots a spike in chargebacks
   • Agent Recommendation to IT Support: Toggle payment portal to “degraded” (banner warns clients to call Accounts Receivable), open incident, notify partners with a pre-written script.
   • Action: Finance blesses the plan; no blind shutdown, revenue impact minimized.

Outcomes

• Engineer keyboard time/incident: −70% (no more ad-hoc SSH or portal hunting).
• Partner interruptions: Down substantially; status updates are clear, dollarized, and timely.
• Audit & compliance: every tool call, parameter, diff, and approval logged; quarterly audit took hours, not weeks.

Bottom Line

The IT Support Team stopped “logging in and running commands.” They operationalized security—letting AI Agents act fast within guardrails - so attorneys could keep practicing law while the system kept the lights (and payments) on.