Fighting AI with AI: Lumos Launches a New Defense for the Agentic Era

SAN FRANCISCO, CA – June 15, 2026 – The long-predicted cybersecurity arms race has entered a new, unsettling phase. It’s no longer a battle of human wits alone; it is now a conflict waged at machine speed, between autonomous systems. Today, identity management firm Lumos stepped firmly into this new reality, announcing its Identity Agent Force—a suite of AI agents designed to defend enterprises by fighting fire with fire.

The launch addresses a stark and accelerating trend. Throughout 2025, the cybersecurity landscape was reshaped by the rise of "agentic cyberattacks." Offensive AI models, such as the now-notorious 'Mythos' system detailed by Anthropic, have demonstrated the ability to autonomously discover vulnerabilities, chain them into devastating exploits, and move laterally through networks faster than any human defense team could possibly track. Research confirms the alarming velocity of this shift; CrowdStrike’s 2026 threat report noted an 89% year-over-year increase in attacks from AI-enabled adversaries, with average breakout times plummeting to under 30 minutes. When an entire breach can unfold in the time it takes to grab a coffee, the traditional, human-centric model of cybersecurity is rendered obsolete.

It is this environment of untenable speed and scale that Lumos seeks to address. "Attackers aren't waiting. They are using agents to attack businesses like never before," stated Andrej Safundzic, CEO of Lumos, in the announcement. "The Identity Agent Force gives defenders the same advantage with a team of agents that not only lets them fight back, but win."

A Battlefield of Identities

The core of the problem has expanded beyond just speed. The very definition of an "identity" within an organization has fundamentally changed, creating a vast and complex new attack surface. For decades, security teams focused primarily on governing human employees. Today, they face a tripartite challenge: securing humans, a sprawling ecosystem of non-human identities (NHIs), and now, a burgeoning workforce of AI agents.

NHIs—which include service accounts, API keys, and machine-to-machine tokens—have quietly become the backbone of modern cloud infrastructure. They often possess highly privileged access yet frequently lack clear ownership or regular review, making them a prime target for attackers seeking to move through a system undetected. The research backs this up; one recent study noted that in 1 in 8 security incidents, an agentic system was involved, often by exploiting the credentials of poorly managed NHIs.

Layered on top of this is the newest and most complex challenge: governing the AI agents that enterprises are rapidly deploying to enhance productivity. As companies integrate AI into every workflow, from customer service bots to automated code generation, each of these agents becomes a new identity that requires permissions, access, and oversight. Without a robust governance framework, these powerful tools can be co-opted, becoming insider threats that operate with trusted credentials. Lumos’s strategy is to provide a single, coherent control layer that can see and manage access for every one of these disparate identity types.

Deploying an Autonomous Defense

Lumos’s answer is not simply to add more AI-powered alerts to an already-inundated security team. Instead, the company proposes a fundamental shift in the operating model, moving from human-driven workflows to an autonomous system where humans provide strategic direction. The Identity Agent Force is a team of specialized AI agents, each with a distinct mission.

The lineup, available via a new "Agent Hub," includes:

• Access Review Agent: Continuously runs access reviews, automatically certifying safe permissions and escalating only ambiguous or high-risk cases for human judgment.
• Access Request Agent: Grants "just-in-time" access, ensuring privileges are granted only for the duration they are needed before being automatically revoked.
• Role Mining Agent: Analyzes how teams actually use applications to draft least-privilege roles in seconds, a task that traditionally took months of consulting work.
• NHI Owner Hunter & Agent Ownership Finder: These agents tackle the critical problem of orphaned identities by hunting for ownerless service accounts, API keys, and AI agents, ensuring every identity has a designated human accountable for its actions.

This model inverts the traditional workflow. Instead of security teams spending their days manually processing tickets and running quarterly reviews—a periodic snapshot in a world where risk changes by the second—they focus on encoding the system with their organization's policies and best practices. The agents then execute those strategies continuously, at machine scale, in the background.

A New Paradigm for Trust

The concept of using AI in identity management is not entirely new. Industry leaders like SailPoint and Microsoft have been integrating machine learning for years to power role recommendations and detect anomalies. The critical distinction in Lumos's approach lies in its bold commitment to autonomy. This isn't an AI assistant making suggestions to a human operator; it's a team of autonomous agents empowered to take action.

This leap raises crucial questions about trust and oversight. Can an algorithm truly understand the nuanced context behind a sensitive access request? What safeguards prevent an agent from making a catastrophic error, like revoking a critical service account or granting broad access to the wrong entity?

Lumos claims to have built its system on two foundational pillars to address this. The first is a "live map of every identity and every permission," providing a real-time, comprehensive view of who and what can access what. The second is a "memory of how the company actually operates," a context engine that learns the organization's unique patterns—which approvals route through legal, what a sales engineer should never touch, which contractors are cleared for customer data. By combining this live map with learned context, the platform aims to equip its agents with the business intelligence needed to make sound decisions.

The success of this ambitious vision will ultimately determine its place in the 2026 landscape. By shifting the human role from ticket-pusher to system architect, Lumos is betting that the only way to secure a world filled with autonomous agents is to deploy a smarter, faster team of your own. For enterprises caught in the crossfire of the AI arms race, it’s a proposition that will be too compelling to ignore.