Agentic AI and the “Human-in-the-Loop” Luxury in Modern Defense

THE IRON TRIANGLE — Welcome to the inaugural edition of “The Iron Triangle”, my new Cipher Brief column that serves the three pillars of modern defense: Procurement Officers tasked with buying the future, Investors who fund the technology, and Policy Wonks who analyze the impact of technology on the global order.

My first column explores the shift from "Chatbots" to "Agents." In Washington, they call it Agentic AI. In the Valley, they call it Action-Oriented LLMs. In the field, it’s the difference between a system that tells you a storm is coming and one that autonomously moves your fleet to a safe harbor before the first raindrop falls.

The Technology: From "Prediction" to "Agency"

For years, AI in defense has been about Computer Vision, tasks such as labeling tanks in a photo. While Computer Vision has saved countless hours of labor, it doesn't address the challenges associated with overloading analysts with data.

Agentic AI (Agentic) is a generational leap. For clarity, Agentic refers to systems capable of:

1. Analyzing the commander’s intent.
2. Identifying and evaluating subordinate tasks.
3. Executing a sequence of actions across multiple platforms without human prompting.

Agentic processes vast amounts of data into knowledge, exponentially increasing each user’s effectiveness. With Agentic, teams of analysts will no longer pour through volumes of irrelevant information searching for a few key indicators. Agentic will distill torrents of data, a side effect of exponential increases in the number of sensors (drones), down to just the essential elements. In some cases, Agentic may even make decisions without user input.

Several questions come to mind. First, what will my analysts do with this windfall of time? That's a discussion for another article. Instead, let’s make this relevant.

The Cipher Brief applies expert-level context to national and global security stories. Grant yourself full-access to Cipher Brief expert insights, analysis and private briefings in the new year by becoming a Subscriber+Member.

For the Procurement Officer

Procurement officers should be wary of "Black Box" Contracts. If a vendor claims their agent uses "proprietary reasoning" that’s difficult to audit, walk away. Consider commanders whose primary concern is managing risk. In the inevitable post-accident investigation, "the algorithm made a choice" will not serve as strong legal defense. The Pentagon must demand Chain of Preference Transparency. The software must log why it chose one course of action over another, and the decision tree must be continually refined.

The Pentagon should also move away from Firm-Fixed-Price contracts. Agentic requires Continuous Authority to Operate, not only to remain functional, but in a competitive context (war with a global power). If The Pentagon buys a "static" version, the system will be obsolete by the time the invoice is cleared, especially considering the Pentagon bureaucracy. Procurement Officers should buy the pipeline, not the package.

The Investment Thesis

The challenge for investors is distinguishing between a "thin wrapper" on AI and a foundational defense operating system. Investment firms often hire retired officers to evaluate defense technology. These officers retired years ago, and may not have had first-hand experience with technology while they were active. Now the investment firm expects them to provide advice on emerging technology that many 20-year-old practitioners are just learning about. It’s not a fair expectation, and will lead to investments in irrelevant technologies.

Proximity breeds opportunity. Investors should get involved with practitioners. I’m not suggesting that VCs attend National Training Center rotations, though I do enjoy that mental picture. There are other opportunities to interact with end users; small-scale exercises, trade shows and demonstrations are some.

Beware of the moat. The value isn't in the Large Language Model; it’s in the Action Layer. Investors should look for startups who are building "high-side" integrations—companies that have security credentials to plug into actual data. Only then will it become clear how the technology performs.

Look for the exit. Some "Big Primes" are hardware-heavy and software-poor. They are looking to acquire "Agentic Middleware" to make legacy systems more relevant in an autonomous age. The "Defense Unicorn" of 2026 will be a company that provides the universal brain for antiquated hardware. There are some promising companies focused on exactly this challenge. Whatever is created should be collaborative, to promote and not stifle innovation.

The Policy Wonk’s Warning

In the early days of AI, policy was concerned about AI’s potential effects on strategic stability. If both the U.S. and a peer competitor deploy Agentic to manage strategic command and control–or frontline skirmishes–we might enter a "Speed of Relevance" trap. When AI reacts to AI, the window for diplomatic de-escalation shrinks from hours to milliseconds, effectively disappearing and devolving into a machine on machine conflict where humans suffer the consequences.

To prevent this devolution, there should be a foreign policy shift, a move from Arms Control to Algorithm Control. The next great treaty should not focus on the number of warheads, but the verification of "Human-on-the-loop" safeguards and universal standards.

Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.

My Take. This where I get to discuss what excites me about this new technology.

Military Planning. Agentic AI will fundamentally change “course of action development” during military planning. Military Officers, like everyone, suffer from functional fixedness. Their creativity can be limited by their experiences. Agentic will see thousands of potential pathways for conducting new missions. I like to think that this will lead to more creative solutions being applied to emerging challenges. Look out executive officers, AI is coming for your jobs!

The Risk. There is a chance that our government becomes reliant on Agentic. The Military plans for everything. I’ve seen Staff Officers plan for how and when to make plans. Reducing planning to a button click could diminish critical analysis, a fundamental skill for effective leaders, which will have a compounding negative effect on future generations.

Mission Rehearsals. Agentic will enable warfighters to rehearse missions based on real time intelligence. Imagine flying a drone simulator where the terrain, the targets, and the weather are all precisely the same as those in the target area of interest. What’s more, Agentic will enable simulated adversaries to react more realistically. Combat Training Centers may be the next casualty of Agentic. I don’t think any soldier will be sad to learn that their NTC rotation is cancelled…

The Risk. Agentic might get it wrong, leading to gross overestimations–or underestimations–of adversarial capabilities. And what happens when a commander decides to ignore their AI, then suffers a defeat? Punishing the commander in this situation would encourage future leaders to blindly follow Agentic guidance. The government must build rules which preserve and promote independent decision authority, ensuring that Agentic complements, but does not replace the commander’s judgment.

Agentic is the first technology that I can recall that doesn't just make our weapons better; it makes our decision-makers faster. For the Procurement Officer, it's a liability to manage; for the VC, it's the ultimate "sticky" SaaS play; and for the Wonk, it’s a terrifying new variable in the balance of power. Current international laws of war are based on human intent and accountability. But it remains legally unclear who is responsible—the developer, the operator, or the commander—when an autonomous agent makes an error. The most pressing requirement now is not for the best new technology, but for our legal and policy frameworks to keep pace.

Joey Gagnard is a Cipher Brief columnist who regularly shares his perspective on national security and technology via his Iron Triangle column.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in

, because national security is everyone’s business.