Full Report
Agentic AI use is exploding, yet most security teams are building agents in isolation. Tenable is hosting Swarm, a build event at Black Hat 2026, for security practitioners to create and collaborate on agentic, open-source tooling to drive collective defense and stop adversaries together.Key takeawaysAccording to Gartner®, by 2028, an average global Fortune 500 enterprise will have more than 150,000 AI agents in use, up from less than 15 in 2025, generating significant agent sprawl, IT complexity, and management challenges.1 Security practitioners are building their own agentic, open-source tooling to cut out hours of manual phishing email triage, accelerate threat hunts, and uplevel junior talent to consistently perform and output principal-level analyst work. Join Tenable for Swarm, a hands-on agentic AI build event at Black Hat 2026 sponsored by AWS, where security practitioners will come together to collaborate and build next-generation open-source agents, skills, and MCP servers that will drive collective defense and stop modern adversaries.Every security practitioner is now a builder thanks to the emergence of agentic AI. According to Gartner®, by 2028, an average global Fortune 500 enterprise will have over 150,000 AI agents in use, up from less than 15 in 2025, generating significant agent sprawl, IT complexity, and management challenges.1 From Tenable’s vantage point, it’s clear this exponential surge in agent sprawl is reaching every business and IT function, including cybersecurity. Security teams have started to ride the same agentic AI security curve, spinning up agents to triage alerts, hunt threats, and automate the work that used to take days down to mere minutes. But too often, the work to build agentic, open-source security tooling still happens in isolation. No collaboration. No shared findings. Limited impact.Now the wait is over. Join us for Swarm, Tenable’s hands-on agentic AI build event at Black Hat 2026 sponsored by AWS and presented with support from Anthropic, where a global group of security practitioners will come together to collectively build the open-source agents, skills, and model context protocol (MCP) servers of the future to boost the cyber community’s defenses and stop modern adversaries.Why security practitioners build open-source agentic AI toolsSecurity practitioners are starting to build their own open-source, agentic tooling to take repetitive work off their plates. The examples are real, and they run from individual practitioners to the largest enterprise security teams:This practitioner’s PhishER Email Analysis workflow is an agent-powered n8n pipeline that continuously pulls reported emails and uses AI to determine whether the content is phishing, spam, or clean, freeing up hours of analyst review time.The Tenable security team’s SOC-Hunter, an open-source Claude Code skill, turns proactive, hypothesis-driven threat hunting from a luxury into routine work. What once took four to six hours across 8-plus browser tabs now takes 45 to 90 minutes in a single terminal session. One of Tenable’s partners open-sourced its AI Analyst, a set of Claude Code skills backed by MCP servers that turn plain-language requests into actual agentic SOC work: hunting threats, triaging alerts, writing detections, and building security automation. Work that once demanded a senior specialist becomes something any analyst can drive through prompts using their own words, compressing hours of expert effort into minutes.Zoom out and the pattern is unmistakable. Community-built AI agents, skills, and MCP servers are extending every capability and workflow from vulnerability scanners to Active Directory attack-path analysis to proactive threat hunting and reporting. The energy is there. The talent is there. The collaboration, repeatable learning, and shared results remain aspirational.The problem: Most practitioners build agentic AI in isolationOpen-source, agentic AI adoption is still in its early stages and uneven. Today, only 27% of security practitioners believe their agentic AI deployments are mature; most remain in active pilots and running AI in supporting capacities. Even among the security practitioners who are building agentic AI, too much of the work takes place in isolation. One team solves alert triage. Another team solves the same problem the next week, with no idea the first team ever existed. We keep reinventing the wheel, missing out on the compounding benefits that our shared work could deliver to every security team.Come build with Tenable at SwarmThat is exactly what Swarm is for.Join us at Black Hat USA 2026 from Aug. 4-6 for Swarm, our hands-on agentic AI build event with Tenable and members of Anthropic’s technical staff, who will serve on the judging panel and provide coaching to attendees. Register here.Over a few focused days, security practitioners will come together to build open-source AI security agents, MCP servers, skills, and playbooks that automate the workflows you actually deal with — like triage, remediation, orchestration, and executive reporting. You get dedicated build time, live office hours with experts, and the company and collaboration of peers who understand the problems you want to solve. You do not need to be a career developer to take part. If you can describe a workflow clearly, you can build an agent for it. Bring the workflow you keep meaning to automate, and leave with something that helps take it off your plate, plus a network of people building alongside you.And we have amazing prizes lined up for the award winners, which we’ll announce during the Swarm Awards Ceremony held the morning of Thursday, Aug. 6! So register today because space is limited, and this is the room you want to be in. Show up and help define what the future of agentic AI security looks like.Reserve your spot for Swarm at Black Hat 2026 and build the future of cybersecurity with us.—1 Gartner Press Release, Gartner Identifies Six Steps to Manage AI Agent Sprawl, April 2026.Gartner is a trademark of Gartner, Inc. and/or its affiliates.
Analysis Summary
# Industry News: Tenable Launches "Swarm" to Combat AI Agent Sprawl
## Summary
Tenable has announced **Swarm**, an open-source "build event" taking place at Black Hat 2026, aimed at standardizing and ecosystem-building for agentic AI in cybersecurity. In partnership with AWS and Anthropic, the initiative seeks to move security practitioners away from isolated tool development toward a collaborative "collective defense" model using the Model Context Protocol (MCP).
## Key Details
- **Date:** Announced for August 4–6, 2026
- **Companies Involved:** Tenable (Host), AWS (Sponsor), Anthropic (Technical Support/Judging)
- **Category:** Industry Collaboration / Product Ecosystem Launch / Open-Source Initiative
## The Story
As agentic AI moves from experimental pilots to enterprise-wide deployment, the industry is facing a looming crisis of "agent sprawl." Tenable, citing Gartner research, projects that Fortune 500 enterprises will scale from fewer than 15 AI agents in 2025 to over 150,000 by 2028. Currently, security teams are building autonomous agents in silos to handle tasks like phishing triage and threat hunting (e.g., Tenable’s SOC-Hunter, which reduces hunt times from 6 hours to 45 minutes).
To prevent fragmented development and "reinventing the wheel," Tenable’s Swarm event at Black Hat 2026 serves as a catalyst for a unified open-source framework. Participants will build agents, "skills," and Model Context Protocol (MCP) servers—a standard that allows AI models to connect more easily to diverse data sources and tools.
## Business Impact
### For the Companies Involved
- **Tenable:** Establishes itself as a thought leader and "gravity well" for the next generation of AI-driven SOC operations.
- **AWS & Anthropic:** Solidifies their infrastructure and models (Claude) as the preferred stack for sophisticated cybersecurity autonomous agents.
### For Competitors
- Competitors risk being locked out of an emerging open-source standard if Tenable’s preferred protocols (like MCP) become the industry norm for security-specific AI interactions.
### For Customers
- Offers a path to mitigate "agent sprawl" by utilizing shared, open-source playbooks rather than paying for disparate, proprietary "black box" AI tools for every micro-task.
### For the Market
- Accelerates the shift from "AI-assisted" (human-led) to "Agentic" (AI-led, human-oversight) security architectures.
## Technical Implications
The focus on **Model Context Protocol (MCP)** is a significant technical pivot. By standardizing how agents interact with security telemetry—vulnerability scanners, Active Directory, and cloud logs—the industry can build modular "skills" that are portable across different AI models and platforms.
## Strategic Analysis
- **Market Positioning:** Tenable is shifting from a hardware/software vendor to a platform orchestrator for AI-driven security workflows.
- **Competitive Advantage:** By leading an open-source movement, Tenable gains "first-mover" advantage in defining the architecture of the autonomous SOC.
- **Challenges:** The primary risk is the low maturity of current deployments (only 27% considered mature), suggesting a massive gap between the "Swarm" vision and real-world enterprise readiness.
## Industry Reactions
- **Analyst Perspective:** Gartner’s data highlights a "management nightmare" on the horizon; analysts view this move as a necessary preemptive strike against IT complexity.
- **Market Response:** High interest is expected from "builder" practitioners who are disillusioned with over-promised, closed-source AI products.
## Future Outlook
- **Predictions:** By 2026, the "SOC Analyst" role will evolve into an "AI Agent Architect" role.
- **What to watch for:** Whether other large security vendors (CrowdStrike, Palo Alto Networks) join this open-source framework or launch competing, proprietary agent ecosystems.
## For Security Professionals
This news signals that "prompt engineering" is no longer enough. To remain competitive, practitioners must learn to build and chain agents. The Swarm event democratizes this by allowing non-developers to create complex workflows, effectively "upleveling" junior talent to perform senior-level analysis through agentic automation.