— Isu Abdulrauf.
AI is no longer just a buzzword in cybersecurity. It’s becoming a tool you can put to work right now. And for this piece, I want to spotlight something every cybersecurity professional should understand: AI agents.
We’re in an era where AI is transforming how we operate. Yet, while everyone talks about AI, AI agents remain either misunderstood or completely off the radar for many security teams. That’s a missed opportunity. As cybersecurity professionals, we don’t just need to know about AI agents; we need to know how to use them effectively and integrate them into our daily workflows.
Let’s be clear. Cybersecurity is a high-stakes field. Not everything should (or can) be handed off to AI. But that’s exactly why understanding this technology is critical. By offloading routine, repetitive tasks to AI agents, you free yourself to focus on strategic analysis, creative problem-solving, and decision-making (the areas where human expertise shines brightest). And this shift alone can supercharge your productivity and impact.
The best time to learn how to do this? Now. Because once your Uber driver casually mentions AI agents, the wave has already crested and the competitive edge will be long gone. But today, you still have the chance to ride that wave early and carve out an advantage.
Let’s get technical, but approachable.
You might be wondering, “I’m not a pro developer. Can I really build or use AI agents?” The answer is a resounding YES. And that’s where CrewAI comes in.
CrewAI is a powerful, beginner-friendly framework that lets you build functional AI agents without deep technical expertise. It abstracts away much of the complexity, allowing you to focus on defining your agents’ roles, tasks, and goals—not the underlying code.
But before we dive into CrewAI, let’s start with the basics.
What Are AI Agents?
You already know tools like ChatGPT, Claude, Gemini, and DeepSeek. These are powerful language models trained on huge datasets to generate human-like responses across countless topics—think of them as generalists.
AI agents are built on top of these models, but with a sharp focus—they’re the specialists.
Picture this: ChatGPT is like an encyclopedia with broad knowledge of all topics. An AI agent, on the other hand, is like a Ph.D. professor with decades of field experience in a very specific niche—say, digital forensics. The professor doesn’t just know facts but also deeply understands workflows, tools, case studies, and how to creatively solve problems.
Unlike general AI models, agents are designed to hold context over time using memory, access external tools like web browsers and APIs, make decisions autonomously based on your goals, and even collaborate with other agents if needed.
Building an AI Agent with CrewAI
Let’s walk through building a simple AI agent to assist a cybersecurity specialist in conducting a phishing simulation campaign. This agent will help generate realistic phishing email templates tailored to a target organization.
1) Set up your environment
You’ll need a working Conda setup and an OpenAI API key.
Create and activate an environment:conda create -n aicybermagazinedemo python=3.12conda activate aicybermagazinedemo
Install CrewAI and tools:pip install crewai crewai-tools
Initialize a project:crewai create crew aicybermagazinedemo
Key files to note:src/aicybermagazinedemo/config/agents.yaml — define your agents’ rolessrc/aicybermagazinedemo/config/tasks.yaml — define tasks/goalssrc/aicybermagazinedemo/crew.py — wire up agents & tasks into a Crewsrc/aicybermagazinedemo/main.py — run/launch entrypoint
2) Define agents and tasks
For this phishing simulation use case, use two agents and two tasks:
- OSINT Agent — collects open-source intelligence on the target organization.
- Phishing Content Agent — crafts three realistic phishing emails tailored to the OSINT findings.
Sample definitions you can adapt are available on GitHub: https://github.com/hackysterio/AICyberMagazine (see src/aicybermagazinedemo/config/agents.yaml and src/aicybermagazinedemo/config/tasks.yaml).
3) Link agents and tasks into a workflow
In src/aicybermagazinedemo/crew.py and src/aicybermagazinedemo/main.py, connect your agents to their tasks and specify execution order.
Pro tip: Use CrewAI’s official Custom GPT Assistant from the GPT store: CrewAI Assistant.
Start a chat, paste your current main.py and crew.py, then paste your agents.yaml and tasks.yaml. Ask it to generate updated versions wired to your configs, then copy the results back into your local files.
4) Run your agent
Execute the workflow:crewai run
Your agents will perform OSINT and craft tailored phishing emails based on real-world data.
Quick Tip: Understanding {org_name} and Where to Edit It
In src/aicybermagazinedemo/config/agents.yaml and src/aicybermagazinedemo/config/tasks.yaml you’ll see a placeholder: {org_name}. This is a variable that gets filled at runtime.
Set it in src/aicybermagazinedemo/main.py, e.g.:"org_name": "Google"
Tomorrow, to target a different org, change it to:"org_name": "Dangote"
Simple, flexible, and powerful.
Why This Matters
AI agents aren’t science fiction. They’re here, real, and powerful. The question is whether you’ll adopt them while they’re a competitive advantage—or wait until they’re just industry standard.
Start small:
- Delegate one routine task (e.g., initial OSINT collection).
- Observe output quality and adjust prompts/configs.
- Iterate, then expand to multi-agent workflows (e.g., OSINT → content generation → approval checklist).
In cybersecurity—where complexity, speed, and precision are everything—a well-implemented AI agent can become the most valuable teammate you’ve ever had.