A Strategic Shift in 2024

In late 2024, we made a pivotal decision: to begin integrating generative AI into the Xacta^® platform. Like many organizations testing the waters, we started small. Our initial experiments focused on simple interactions with large language models (LLMs) via the OpenAI API. We asked highly specific questions, tweaked prompts, and observed how the models responded.

The early results? Impressive — but only on the surface.

From Curiosity to Capability

While the responses appeared articulate and well-structured, deeper analysis revealed critical issues. Chief among them: hallucinations — confident-sounding but inaccurate answers. In cybersecurity and risk management, these kinds of errors are deal-breakers.

This realization marked a shift in mindset. We moved from asking, “Can this work?” to “How do we make this reliably work for customers in high-stakes environments?”

Staying true to our roots, we mapped everything out using OmniGraffle: architecture diagrams, data flows, decision points, and boundaries. We explored where AI could provide value — and where it should stay out. Our core priority was clear: keep it grounded in real-world compliance data.

Solving the Hallucination Problem with RAG

Our first major technical hurdle was hallucination, and the solution came in the form of Retrieval-Augmented Generation (RAG).

By anchoring the model to reliable, curated knowledge sources, we significantly improved response accuracy. We integrated cybersecurity datasets curated by Telos SMEs and tapped into Xacta’s deep repository of internal data — control libraries, risk statements, implementation guidance, and more.

This fusion of domain expertise and contextual data yielded measurable improvements:

• Hallucinations decreased
• Relevance and precision increased
• Responses aligned with real-world expectations

These improvements laid the foundation for the release of Xacta 3.0 — our first generative AI–powered platform.

Xacta 3.0: A Smarter Approach to Risk Management

With Xacta 3.0, generative AI became a force multiplier.

Tedious tasks — like drafting control implementations or summarizing compliance documentation — now take minutes instead of hours. Users can upload supporting documents, have them parsed and integrated into workflows, and automatically classify artifacts against controls.

The result? A more agile, responsive platform that boosts user productivity across the entire risk assessment lifecycle — without compromising on trust or accuracy.

Enter Agentic AI: Toward Autonomy

While generative AI enhanced assistance, it also opened our eyes to a much bigger opportunity: Agentic AI.

Unlike traditional LLM use cases that rely on direct user prompts, agentic systems can plan, reason, and act autonomously. The vision for Xacta expanded — from helping users to acting on their behalf.

We got back to work — designing agent workflows, decision trees, and long-term memory systems to support true autonomy. Our goal? Build an autonomous Xacta Assistant capable of managing large portions of the risk lifecycle in real time.

A special thank-you goes to Ed Donner, whose Udemy course on Agentic AI helped sharpen our approach and broaden our vision. With this foundation, we began embedding internal agentic tools into the Xacta ecosystem.

Early Agentic Wins

Today, early agentic capabilities in Xacta are already transforming how users interact with project data. You can now converse with your system, explore risk implications, and receive ATO (Authority to Operate) guidance in real time.

As we expand our toolset and refine the workflows, one thing is clear: Xacta.ai is delivering immediate and visible value to our customers.

Lessons from the Field: 4 Tips for Teams Embracing Agentic AI

Our journey is ongoing, but these four lessons can help guide others looking to incorporate agentic intelligence into their solutions:

1. Design with Intention

Don’t build just to say you have AI. Define your architecture, workflows, and boundaries before writing a single line of code. Agentic systems thrive when given structure.

If your only goal is to check the “AI” box, you’ve already missed the point.

2. Solve Real Problems

Focus on value, not novelty. Identify impactful challenges within your product where autonomy or automation can make a measurable difference.

If you’re second-guessing whether a feature is needed — it probably isn’t.

3. Engage Stakeholders Early

Bring your customers along. Walk them through prototypes and gather feedback often. What looks impressive in a design diagram may fall flat in real-world usage.

Your best insights often come from trusted, early-access customers.

4. Define Metrics and Prove ROI

Agentic AI must earn its place. Track time saved, errors reduced, or efficiency gained. Hard data builds support, funding, and momentum.

Every capability should solve a real problem or close an existing gap.

Conclusion: From Ideas to Autonomy

What began as a proof of concept is now a strategic pillar in how we deliver value through Xacta. Generative and agentic AI have transformed our platform — and our perspective.

We’re no longer asking if these technologies can help — we’re actively showing how they already are. Each release brings us closer to a smarter, faster, and more autonomous approach to risk management.

Agentic AI isn’t just a trend — it’s a transformational shift. And at Telos, we’re committed to leading the way.

The future isn’t ahead of us — it’s already here, taking shape in Xacta.