< Go Back
Blog

Q&A with Zach Garcia: Why Agentic AI Is Changing the Rules of Cybersecurity

The speed of cyberattacks is accelerating—and so must our defenses.

Zach Garcia, Director of Cyber Advisory at Ontinue, shares his expert perspective on how Agentic AI is helping defenders close the gap—and why attackers are likely adopting similar technologies to keep their edge.

Q: Zach, how is Agentic AI changing the game in cybersecurity today?

Zach: It’s become a speed game. That’s really the headline. A decade ago, security was all about who had the coolest new zero-day exploit, who could save a sophisticated attack for just the right moment. Today, the game is: get in, act fast, and get out before anyone even knows you were there. With Agentic AI, defenders are now using autonomous systems to accelerate investigation time—and attackers are watching that shift closely.

Q: A lot of people talk about Agentic AI from the defender’s perspective. But what does this mean from the attacker’s point of view?

Zach: That’s the side that doesn’t get discussed enough. Attackers are likely thinking about Agentic AI in a similar way we are. That it’s an extension of automation that can help them move faster. Think about lateral movement, credential harvesting, exfiltration—tasks that traditionally took time and effort. Why not let an AI agent drive the tooling, like Metasploit, to perform those tasks quickly and autonomously? There are already people working on this. It’s not an idea of the distant future – it’s happening now.

Q: Where does Agentic AI really shine on the defender’s side?

Zach: At Ontinue, we focus our Agentic AI on speeding up investigations. Our autonomous investigator examines evidence, makes decisions about what to look at next, and can reassess findings to dig deeper—all before a human ever steps in. That allows defenders to work only on the most relevant incidents, significantly reducing mean time to investigate and improving consistency across the board. It doesn’t try to replace human intuition, but it frontloads a ton of the legwork.

Q: You mentioned this is a “speed game.” Can you expand on what kinds of attacks are you seeing where speed is critical?

Zach: Ransomware is the perfect example. You want to get in, gain access, spread quickly, and deploy encryption before the defenders can react. That’s the definition of a speed game. Same with email compromise—attackers breach one inbox, then use automation (and even generative AI) to craft convincing phishing emails to everyone in the contact list. These are high-speed, high-impact attacks.

There’s still the “low and slow” kind of attacker—nation-state actors sitting quietly in a network for a year—but smash-and-grab attacks still account for a huge volume of damage. Agentic AI gives defenders the speed they need to react in time.

Q: Do attackers even know when they’re up against Agentic AI? Does it change how they operate?

Zach: Not in the way Ontinue uses it. We’re not deploying unique sensors on endpoints that would tip our hand. To a threat actor, it just looks like any other telemetry. But again, it doesn’t really matter whether they know or not. In this kind of race, you just want to be faster than your opponent—regardless of what tools they’re using.

Q: Can Agentic AI ever play a role in prevention, not just investigation?

Zach: We’re in the early days of that. Prevention is definitely an area of interest, but investigation is where we’re seeing the most impact today. Speeding up the response process by surfacing insights earlier—that’s how we’re helping our customers stay one step ahead.

Q: Last question—if attackers are already combining generative AI with social engineering tactics, do you think we’ll start to see more hybrid AI-powered attacks?

Zach: Absolutely. Attackers are already using generative AI to make phishing emails more believable and personalized. Now imagine that layered with Agentic AI to automate the intrusion itself. It’s not about if—it’s about when. That’s why defenders need to move just as fast, and why tools like our autonomous investigator are becoming essential.

Whether you’re defending against a ransomware blitz or trying to make sense of a complex intrusion, time is your most precious resource. As Zach Garcia makes clear, Agentic AI isn’t just accelerating detection—it’s becoming the frontline in a new, faster battlefield.

You can find more content about AI and Agentic AI here.

Sharing
Keywords

Related Articles

Abstract digital waves in gradient colors of blue, purple, and pink, with a textured overlay resembling data streams and patterns, set against a dark background.
Blog
Automating Incident Response with Agentic AI – A Live Demonstration

Watch Now >
Podcast cover featuring a microphone icon on a gradient purple background. Text reads 'Microsoft Security Tips' and 'Defend Your Time Podcast'.
Blog
Defend Your Time: Applying Agentic AI to SecOps (Part 1 of 3)

Read More >
Podcast cover featuring a microphone icon on a gradient purple background. Text reads 'Microsoft Security Tips' and 'Defend Your Time Podcast'.
Blog
Defend Your Time: Applying Agentic AI to SecOps (Part 2 of 3)

Read More >
Podcast cover featuring a microphone icon on a gradient purple background. Text reads 'Microsoft Security Tips' and 'Defend Your Time Podcast'.
Blog
Defend Your Time: Applying Agentic AI to SecOps (Part 3 of 3)

Read More >
Silhouettes of business professionals standing in front of large windows, with the text 'CEO Insights' prominently displayed in bold white letters. The background features a cloudy skyline.
Blog
The Evolving Role of AI and How to Leverage its True Potential  

Read More >
A digital representation of a microchip on a patterned circuit board background, with the text "AGENTIC AI" prominently displayed in the center.
Blog
What Makes Agentic AI Actually Agentic?

Read More >
Logo of iSMG (Information Security Media Group) displayed with colorful vertical lines on a dark background, highlighting themes of cybersecurity and digital media.
Webinar
How Can AI Augment Human Expertise to Drive Better Security Results?

Watch Webinar >