ºÚÁÏÕýÄÜÁ¿

Agentic AI Analysis from a CMIST National Security Fellow: Major Gabrielle Nesburg

The views expressed here are those of the author and do not necessarily reflect the official policy or position of the Air Force, the Department of Defense, or the US Government.

Cyber operations are increasing in speed and complexity, placing new demands on cybersecurity analysts to translate intelligence into actionable plans capable of keeping pace with automated adversaries. At ºÚÁÏÕýÄÜÁ¿ (ºÚÁÏÕýÄÜÁ¿), researchers are examining how emerging technologies like can strengthen national security planning and operations. Through the National Security Fellows Program at the Carnegie Mellon Institute for Strategy & Technology (CMIST), senior military leaders spend an academic year researching critical strategic topics, gaining access to resources that allow them to generate insights for real-world decision-making. Among the participants this year is Major Gabrielle M. Nesburg, CMIST’s US Air Force Fellow, who has used the fellowship as an opportunity to develop a working AI prototype that addresses an operational problem she encountered in the field. This project reflected a “Team of Teams” approach, benefiting from critical development support from the , which helped accelerate progress from workflow design to a functioning prototype.

Nesburg’s career illustrates the impact of integrating intelligence and cyber operations. As a lieutenant, she helped operationalize the framework alongside the formation of , translating adversary tradecraft into patterns that analysts could detect on live networks. Later, as a captain with Task Force Mustang, she helped reshape how the Air Force detects intrusions by integrating mission criticality, adversary behavior, and network terrain into structured investigations. This shift moved defense toward hypothesis-driven, intelligence-informed threat hunting. This experience not only demonstrated the value of intelligence-driven defense but also revealed scaling limits that helped shape her ºÚÁÏÕýÄÜÁ¿ research on how agentic AI can be utilized to enhance threat detection.

Agentic AI involves the collaboration of multiple specialized AI systems, or "agents," to analyze information and assist with complex tasks. Nesburg's research moves beyond automated threat detection to investigate whether AI can optimize threat prioritization for cyber defenders, focusing particularly on the development of mission-aligned intelligence requirements. “Having spent nearly a decade working at the intersection of intelligence and cyber operations, I’ve seen firsthand that most defensive friction does not stem from a lack of data, but from a lack of structured clarity around what we are trying to know and why,” Nesburg explains.

Her time with Task Force Mustang revealed a key challenge that “high-quality threat-focused planning is cognitively demanding and difficult to scale.” Designing mission-focused collection strategies from intelligence across environments can exceed human capacity. This creates a structural mismatch between human-driven planning cycles and US adversaries’ AI-driven automation. Rather than moving away from intelligence-driven defense, Nesburg concentrated on how AI might aid in scaling the planning process while preserving human oversight.

At ºÚÁÏÕýÄÜÁ¿, her research effort known as Aegis-4 examines whether agentic AI systems can reliably perform upstream planning functions that defensive cyber teams may struggle to execute at scale. Nesburg describes Aegis-4 as “a system of four coordinated AI agents, each responsible for a distinct function in the defensive cyber planning process: contextualizing the operational environment, generating decision-driving intelligence requirements, mapping those requirements to adversary behaviors and required telemetry, and validating sensor placement to ensure the right data is collected.” Specifically, Nesburg is evaluating whether multi-agent workflows can reliably translate mission context, intelligence, and network data into actionable requirements, strategies, and plans.

Explaining that the project aims to complement rather than replace human judgment, Nesburg shared that Aegis-4 seeks to strengthen output "by increasing requirement specificity, traceability, and alignment between intelligence, collection, and detection.” Through strengthening the analytical groundwork that occurs before large volumes of data are collected, instead of simply increasing alert triage, the focus of defensive cyber operations can shift upstream to the intelligence-planning phase. This is important because in defensive missions, Nesburg notes, this is where the process begins to lose clarity.

This upstream focus is essential in an AI-contested environment, a point underscored by Nesburg's research. Defensive cyber teams often default to vague objectives such as “find malicious activity,” at the expense of developing the decision-driving intelligence requirements that should guide collection and detection. This dynamic often leads organizations to collect excessive data without ensuring that the “right data” is actually gathered. Meanwhile, as state and non-state cyber actors increasingly adopt automation to accelerate reconnaissance and intrusion activity, agentic AI offers a way for defenders to respond at comparable speed while  preserving structured intelligence planning.

ºÚÁÏÕýÄÜÁ¿ has provided the ecosystem necessary to turn this concept into an operational prototype. With assistance from her mentor , Distinguished Services Professor of Applied Data Science and AI, and , the William W. and Ruth F. Cooper Professor of Management Science and Information Systems and Dean of Heinz College, Nesburg refined the project’s research approach to ensure it remained rigorous and relevant to current national security needs. Development was further supported by SEI personnel, including (SEI Project Lead), (software developer), and (engineering lead), whose contributions helped translate the concept into a functional system. Close engagement with intelligence and Defensive Cyber Operations partners ensured the system remained grounded in practical operational challenges, rather than purely theoretical AI research. 

Rao stressed both the urgency and the tangible progress of the effort, stating, “Right now, the cyber landscape is shifting fast as bad actors begin using agentic AI to speed up targeting and infiltration.” He explained that Nesburg’s work directly addresses that urgency by building a workable model for using agentic AI to protect critical assets. With minimal initial guidance, she quickly engineered four distinct agents for the Aegis-4 system and produced a viable prototype. "The contribution was concrete and timely; it moved from an idea to something you can point to and build on,” Rao shared.

Over the past several months, Nesburg has briefed Air Force, Joint, and interagency leaders on both the operational challenge and the live prototype development. Given how “agentic AI” is often treated as a buzzword, she finds that demonstrating a functional prototype is more effective than providing theoretical explanations. “It also became clear that credibility depends on showing what is actually buildable today,” she notes. Nesburg said leaders were particularly focused on output validation, sustained human oversight, and performance metrics in real-world environments. She executed a test and evaluation exercise of the prototype, notably during a United States Cyberspace Command (USCYBERCOM) AI Task Force event. This scenario allowed defensive operators and analysts to stress-test traditional workflows alongside the Aegis-4 system, evaluating its operational utility in real-world planning compared to current manual planning.

For Nesburg, the fellowship has reinforced that implementation can be more challenging than development. Reflecting on this transition, she noted that the ºÚÁÏÕýÄÜÁ¿ environment particularly supported the transition from prototype to operational capability, enabling unusually rapid progress from concept to experimentation within an academic year. 

Beyond technical outcomes, Nesburg credits the people involved with providing the most meaningful dimension of her fellowship experience. Academic mentors challenged assumptions and reinforced evaluation rigor. Engineering partners translated operational intuition into structured agent workflows. Strategic advisors across government and industry, including and , helped position the work within national security modernization efforts. The result has been a coordinated effort that spans academia, government, and industry.

As she prepares to transition to USCYBERCOM J2, Nesburg views Aegis-4 not as a standalone tool, but as part of the broader evolution of intelligence-driven cyber defense. The research continues the integration efforts she began as a lieutenant and refined through Task Force Mustang, further aligning intelligence requirements, collection strategy, and operational execution. Her time as a National Security Fellow at CMIST has enabled Nesburg to formalize her efforts into a defensible research framework and a working prototype, underscoring the importance of disciplined modernization in cyber defense. In an era when adversaries are experimenting with agentic systems, the question is not whether AI will shape the cyber domain, but how responsibly and rigorously it will be integrated.

Photography by Technical Sergeant Joshua Schoen: Image 1, l to r: HACKATHON leadership team - Ms. Katie Robinson (SEI), Mr. Drew Lund (SEI), Major Gabrielle M. Nesburg, Chief Warrant Officer 2 Gregory Waxmonsky (USCYBERCOM AI Task Force), and Mr. Tim Tan (USCYBERCOM AI Task Force); Image 2: HACKATHON 26-1 participant working on a laptop; Image 3: Group photo of Air Force and Army HACKATHON 26-1 participants in San Antonio, TX; Image 4: HACKATHON 26-1 participant at a white board; Image 5, l to r: Higher headquarters leadership - Mr. Brian Cook (Technical Director, 16th Air Force/Air Forces Cyber), Chief Warrant Officer 2 Gregory Waxmonsky (USCYBERCOM AI Task Force), Major Gabrielle M. Nesburg, Ms. Katie Robinson (SEI), and Mr. Drew Lund (SEI); Image 6: Agentic system, Aegis-4, displayed on a laptop; Image 7: Close-up shot of whiteboard during the HACKATHON 26-1 event; Image 8: Shot of a team working in front of a white board during the HACKATHON 26-1 event.