Contemporary AI-driven cybersecurity systems are predominantly architected as model-centric detection and automation pipelines optimized for task-level performance metrics such as accuracy and response latency. While effective for bounded classification tasks, these architectures struggle to support accountable decision-making under adversarial uncertainty, where actions must be justified, governed, and aligned with organizational and regulatory constraints. This paper argues that cybersecurity orchestration should be reconceptualized as an agentic, multi-agent cognitive system, rather than a linear sequence of detection and response components. We introduce a conceptual architectural framework in which heterogeneous AI agents responsible for detection, hypothesis formation, contextual interpretation, explanation, and governance are coordinated through an explicit meta-cognitive judgement function. This function governs decision readiness and dynamically calibrates system autonomy when evidence is incomplete, conflicting, or operationally risky. By synthesizing distributed cognition theory, multi-agent systems research, and responsible AI governance frameworks, we demonstrate that modern security operations already function as distributed cognitive systems, albeit without an explicit organizing principle. Our contribution is to make this cognitive structure architecturally explicit and governable by embedding meta-cognitive judgement as a first-class system function. We discuss implications for security operations centers, accountable autonomy, and the design of next-generation AI-enabled cyber defence architectures. The proposed framework shifts the focus of AI in cybersecurity from optimizing isolated predictions to governing autonomy under uncertainty.

翻译：当前基于人工智能的网络安全系统主要采用以模型为中心的检测与自动化流水线架构，其优化目标为任务级性能指标（如准确率与响应延迟）。尽管此类架构在有限分类任务中表现有效，但在对抗性不确定环境下难以支持可追责的决策过程——该场景下的行动必须具有可解释性、可治理性且符合组织与监管约束。本文主张将网络安全协同机制重新概念化为一种智能体化的多智能体认知系统，而非线性的检测与响应组件序列。我们提出一种概念性架构框架，其中负责检测、假设生成、情境解释、可解释性与治理的异构人工智能智能体，通过显式的元认知判断函数进行协同。该函数在证据不完整、相互冲突或存在操作风险时，对决策就绪度进行治理并动态校准系统自主性。通过综合分布式认知理论、多智能体系统研究与负责任人工智能治理框架，我们论证了现代安全运营本质上已作为分布式认知系统运行，尽管缺乏明确的组织原则。本研究的贡献在于通过将元认知判断嵌入为系统的一等核心功能，使这种认知结构在架构层面显式化且可治理。我们探讨了该框架对安全运营中心、可追责自主性以及新一代人工智能赋能网络防御架构设计的影响。所提出的框架将网络安全中人工智能的关注点，从优化孤立预测转向不确定条件下的自主性治理。