Agentic AI: From Puppy Love to Rabid Bite
Arielle Waldman said it best in Dark Reading: “If agentic AI adoption is not done with security in mind … attackers are going to start targeting the software that’s using agents and large language models.” That’s not just a warning—it’s a roadmap of where things go wrong.
I like agentic AI. I want more of it in my world. But I also take risk seriously. So let’s be clear: it’s a puppy. Cute, promising, fun to have around. But if you don’t train it, it’s going to chew through your network, pee on your compliance report, and sink its teeth into your reputation.
This isn’t about fear—it’s about control. And if you’re in IT, Cyber, or TPRM, this post is your crash course in keeping the puppies useful without letting them turn feral.
Cybersecurity: Your Puppy Doesn’t Know Which Wires Not to Chew
AI agents are fast, tireless, and powerful. That’s the “cute” stage. But here’s why you care:
Prompt Injection = Poisoned Treats. One malicious input and your AI agent isn’t protecting you—it’s doing the attacker’s bidding. And if your agents are talking to each other? That’s how you turn one poisoned treat into a kennel-wide outbreak.
Memory Poisoning = Bad Habits That Stick. Once the puppy learns to chew power cords, it’s not forgetting. Same with AI agents—once memory gets corrupted, the errors don’t just go away.
Why you should care: If you’re running cyber ops, these AI agents are already nibbling at your stack. Training them with boundaries isn’t optional—it’s survival.
Third-Party Risk: The Puppy That Thinks Everyone’s a “Good Boy”
Third-party risk pros love shiny automation. “Let the AI agents handle vendor reviews! Let them enforce policy!” Sounds efficient. Here’s reality:
Context Blindness. AI agents don’t do nuance. One bad datapoint and the riskiest vendor gets a gold star. Or a trusted supplier gets flagged because their PDF metadata looked funny.
Accountability Black Hole. If an AI agent changes a vendor risk score, and you can’t prove how or why—it’s your neck on the line, not the tool’s.
Why you should care: Regulators won’t accept “the AI did it” as an answer. If you’re in procurement, compliance, or third-party risk, you either leash these tools or you’re gambling your credibility on a black box.
Shadow Puppies: The Ones You Didn’t Invite
Here’s where it gets ugly: you already have shadow puppies. Employees are sneaking them in. Vendors are using them without telling you. They’re chewing on your environment whether you approved them or not.
Pretending this isn’t happening won’t save you. Shadow AI agents are here. What you can do is simple in theory:
Find them.
Fence them.
Decide which puppies you actually want in the house.
Execution, of course, is another matter.
How I Puppy-Proof My World
You can’t stop the puppies from coming in—but you can stop them from wrecking the place. Here’s what that looks like:
Count Them. Know where the puppies are. Every agent, every workflow, every integration. If you can’t list them, you’re already flying blind.
Leash Them. Puppies get boundaries. So do AI agents. Credentials, least-privilege, monitored activity. No free runs in the server room.
Test Them. Don’t just assume the puppy won’t chew the cords—yank on the wires and see what happens. Prompt injection drills, bad-data scenarios, stress tests. You’ll learn what kind of dog you’re raising real quick.
Stay the Alpha. Puppies don’t decide when dinner is served. Neither should your AI. Human sign-off for vendor approvals, policy changes, or score shifts. Automation helps; it doesn’t replace judgment.
Track the Accidents. Every puddle leaves a trace. Same with AI agents. If you don’t have audit logs and trails, you’re not training a puppy—you’re just cleaning up blind.
Roadblock Design - Personal Use Case
This isn’t just abstract theory—I use AI agents myself. At Roadblock Design, I built one I call 00Gator. Its job? Hunt down the best prices on exotic hides: alligator, crocodile, shell cordovan. Prices swing wildly, stock moves fast, and the wrong choice can cost me hundreds in lost profit.
I could spend hours combing tanneries and distributors. Or I can point 00Gator at the problem:
Type of hide
Grade
Square footage
Price per square foot
Shipping costs
Splitting fees (for my bovine hides)
Within minutes, 00Gator pulls back a ranked list of options. That’s enhancement, not takeover. Because here’s the truth: 00Gator doesn’t know which vendor has burned me before, which ones tack on hidden shipping fees, or which ones are worth paying a little extra because I know they’ll deliver on time and always has the best quality. That’s the nuance—the money math that comes from experience.
00Gator fetches the numbers. I decide which numbers matter.
The same efficiency that helps me find leather, could just as easily greenlight the sketchiest vendor in your supply chain, if you trust it blindly. Puppies can fetch—but they can also bite.
TL;DR: Why You Should Care
You don’t get to opt out. AI agents are already in your organization. They’re in your IT stack, your vendors’ workflows, and your employees’ browsers. You can ignore them, or you can manage them—but only one of those options keeps you out of the headlines.
I like AI agents. I think they enhance the way we work. But they’re not babysitters, and they damn sure aren’t your boss. From the cyber side, they chew wires and remember bad habits. From the TPRM side, they love strangers, trust the wrong people, and will sign off on anyone with a treat.
So yes, bring the puppies in. But leash them, train them, and never forget: the line between “cute” and “rabid” is thinner than anyone wants to admit.
Follow me if you want more unfiltered takes on using these tools in the real world—whether it’s managing supply chain risk or finding the best deal on shell cordovan. The hype won’t save you. But a little truth (and a leash) might.
Be sure to check out Arielle Waldman’s much more academic take on Agentic AI: Agentic AI Use Cases Soar, but Risks Demand Close Attention