Agentic Artificial Intelligence for Zero-Day Cyber Threat Detection: An Adaptive Reasoning Approach

Thavavel Vaiyapuri; Karthiyayini Murugesan

doi:10.37965/jait.2026.1272

Agentic Artificial Intelligence for Zero-Day Cyber Threat Detection: An Adaptive Reasoning Approach

Authors

Thavavel Vaiyapuri College of Computer Engineering and Science, Prince Sattam bin Abdulaziz University, Al Kharj, Saudi Arabia https://orcid.org/0000-0001-5494-5278
Karthiyayini Murugesan Department of Computer Science and Engineering, Sethu Institute of Technology, Kariapatti, Tamil Nadu, India https://orcid.org/0009-0006-9595-481X

DOI:

https://doi.org/10.37965/jait.2026.1272

Keywords:

Adaptive threshold regulation, agentic intelligence, cybersecurity, energy-efficient AI, Intrusion Detection, Structural Embedding, uncertainty analysis

Abstract

Zero-day cyber threats continue to be a significant challenge for securing digital infrastructure in future economies. As such, there is a need for defensive systems that are intelligent and adaptive and, most importantly, trustworthy. However, traditional intrusion detection systems (IDSs) are typically static and lack the capability to reason, adapt, and explain their decisions. To address these limitations, this paper proposes an agentic artificial intelligence (AI)-driven framework for zero-day cyber threat detection based on adaptive reasoning. The framework improves zero-day awareness through autonomous reasoning, adaptive decision-making processes, and interpretable behavioral analysis. The key contribution of this research is the integration of three components, namely epistemic uncertainty estimation, embedding-based structural deviation assessment, and adaptive thresholding. These components allow the framework to make self-regulated decisions beyond fixed-model inference. The effectiveness of the framework was assessed using two benchmark datasets, Network Security Laboratory – Knowledge Discovery and Data Mining (NSL-KDD) and Telemetry and Network Traffic for Internet of Things (ToN-IoT). The experimental results demonstrate strong detection performance, improved class separability, reduced false-alarm rates (FARs), and consistent predictive confidence. Cross-dataset evaluation further demonstrates good generalization. In addition, interpretability analysis confirms that the framework relies on meaningful traffic characteristics rather than spurious correlations. In addition, the lightweight model design has the potential to support energy-efficient deployment in resource-constrained edge devices. Overall, the results demonstrate that the proposed framework provides a strong trade-off between accuracy, generalization, and interpretability, making it a promising solution for zero-day cyber threat detection in secure future economies.