Contemporary AI-driven cybersecurity systems are predominantly architected as model-centric detection and automation pipelines optimized for task-level performance metrics such as accuracy and response latency. While effective for bounded classification tasks, these architectures struggle to support accountable decision-making under adversarial uncertainty, where actions must be justified, governed, and aligned with organizational and regulatory constraints. This paper argues that cybersecurity orchestration should be reconceptualized as an agentic, multi-agent cognitive system, rather than a linear sequence of detection and response components. We introduce a conceptual architectural framework in which heterogeneous AI agents responsible for detection, hypothesis formation, contextual interpretation, explanation, and governance are coordinated through an explicit meta-cognitive judgement function. This function governs decision readiness and dynamically calibrates system autonomy when evidence is incomplete, conflicting, or operationally risky. By synthesizing distributed cognition theory, multi-agent systems research, and responsible AI governance frameworks, we demonstrate that modern security operations already function as distributed cognitive systems, albeit without an explicit organizing principle. Our contribution is to make this cognitive structure architecturally explicit and governable by embedding meta-cognitive judgement as a first-class system function. We discuss implications for security operations centers, accountable autonomy, and the design of next-generation AI-enabled cyber defence architectures. The proposed framework shifts the focus of AI in cybersecurity from optimizing isolated predictions to governing autonomy under uncertainty.

翻译：当代人工智能驱动的网络安全系统主要被设计为以模型为中心的检测与自动化流程，其优化目标为任务级性能指标（如准确率与响应延迟）。尽管此类架构在有限分类任务中表现有效，但在对抗性不确定环境下，它们难以支持可问责的决策过程——此类场景要求行动具备可解释性、受治理性，且符合组织与监管约束。本文主张网络安全编排应被重新概念化为一种智能体化的多智能体认知系统，而非线性的检测与响应组件序列。我们提出一种概念性架构框架，其中负责检测、假设生成、上下文解释、可解释性与治理的异构人工智能智能体，通过显式的元认知判断函数进行协调。该函数在证据不完整、相互冲突或存在操作风险时，管理决策就绪状态并动态校准系统自主性。通过综合分布式认知理论、多智能体系统研究与负责任的人工智能治理框架，我们论证了现代安全运营本质上已作为分布式认知系统运作，尽管缺乏明确的组织原则。本研究的贡献在于通过将元认知判断嵌入为系统的一等核心功能，使这种认知结构在架构层面显式化且可治理。我们探讨了该框架对安全运营中心、可问责自主性以及新一代人工智能赋能网络防御架构设计的影响。所提出的框架将网络安全中人工智能的关注点，从优化孤立预测转向在不确定性下治理自主性。