Grandma, Ghost Stories, and Agentic AI

Grandma Tardanico never let the truth get in the way of a good story. She had a gift for shaping the narrative to fit exactly what she needed.

I was Jesuit educated, and my school sat right next to her house. You could picture Grandma walking to the edge of the schoolyard picking dandelions for her wine, wearing her finest old housecoat, while the kids yelled “Grandma Yoda.”

I threw fists, of course. Grandma handled it differently. She’d walk over, calm as ever, and tell them she was a witch, and if they didn’t behave, she’d cast a spell. Could she cast a spell? Hell if I know. But the more kids believed it, the stronger the legend became.

The Story We’re Being Told

That’s been on my mind lately as Agentic AI dominates the cyber headlines.

Are the rumors true? Is this the beginning of the end for traditional software security models? I hope so. Be ready for a shift in how quickly vulnerabilities are exposed, and how fast your teams are expected to respond.

What Agentic AI Actually Is

Agentic AI is purpose-built. These systems are trained to act autonomously toward a specific goal.

My team is already working with multiple agentic models to run red team and blue team scenarios, training offensive models to behave like threat actors and using those outcomes to sharpen our defenses. If you want to beat a threat actor, you need to think like one and use their tools.

These aren’t just large language models predicting text. They incorporate LLMs, but they also rely on APIs, real-time data feeds, databases, and other tools to stay aligned to their objectives. That combination is what allows them to behave in a more structured, goal-driven way.

Speed Changes Everything

In a security context, this allows teams to build highly targeted attack models using the same tools and threat intelligence available to real adversaries.

Once those attack paths are proven, we can train defensive models against them using the same inputs. That entire cycle—attack, learn, defend—now happens at a pace we haven’t seen before.

Faster than Grandma could make her dandelion wine. Which, for the record, was awful.

Hype vs Reality

Agentic AI isn’t going anywhere. The market is expected to approach $50 billion by 2030.

But the marketing around it is something else entirely. We’re hearing everything from AI replacing entire workforces to full-blown Skynet scenarios. I haven’t seen anything close to that. What I have seen is a tool that can drive real efficiency and make strong teams better.

It still requires structure, clear objectives, and strict oversight. It’s not self-aware, and it’s not replacing skilled professionals anytime soon.

Where This Gets Interesting

Security researchers and well-funded threat actors have been using AI to identify vulnerabilities for years. Agentic AI just accelerates that process.

A system that can scan, identify weaknesses, and adapt in near real time? That feels less like hype and more like a natural progression. And frankly, I welcome it.

Too often, security is treated as an afterthought in the development cycle. Products move fast, and gaps get addressed later, if they get addressed at all.

If Agentic AI forces organizations to identify vulnerabilities faster and patch them just as quickly, that’s a win. Sometimes you need pressure to change behavior.

Back to Grandma

So we’re back to the original question.

Is this Grandma telling another great story, or is there something real behind it?

Probably both.

There’s no question the narrative is being pushed hard. But there’s also real capability underneath it, and it’s already starting to change how we approach security.

If this lines up with what you’re seeing, or if you’re thinking about how to apply this in your environment, I’d welcome the conversation.