Security teams are adopting agentic AI quickly, but many tools start and stop at shallow insights, leaving the hardest execution work unfinished.
Tim Leehealey, VP of Corporate Strategy & Operations at Strike48, sees this breakdown as a structural failure where agents are overextended instead of tightly scoped.
His approach pairs narrowly defined cognitive tasks with deterministic workflows, allowing agents to reduce noise, complete work end-to-end, and keep pace with agentic adversaries.
The security industry's push to adopt agentic AI has a frustrating last-mile problem: while many new tools are effective at providing insights, they often fail at full execution. Progress moves fast at first, then stalls just short of the finish line, leaving critical work unfinished and much of the promised value on the table.
Tim Leehealey is Vice President of Corporate Strategy & Operations at Strike48, where he works at the intersection of security, data, and execution. His perspective is shaped by decades of operating through major technology shifts, from a successful IPO at Guidance Software to raising $60 million as CEO of Accessdata, which was later acquired by legal GRC firm Exterro in late 2020. He says the industry has over-focused on insight and underinvested in execution, creating a gap that undermines real security work.
"Today’s agentic security tools reliably get teams about 60% of the way there, but they fail to solve the final 40% required to actually complete security work end-to-end. That gap almost negates the value of the rest," says Leehealey. He likens it to a luggage service that does most of the work, then gives up just shy of the final destination. "It sounds amazing, until your bags are still stuck in Kentucky somewhere while you’re in New York."
Lacking core strength: Leehealey explains the gap through what he calls the "barbell theory" of AI performance. AI excels at the extremes, handling dead-simple, repeatable tasks on one end and complex cognitive correlation on the other, but it breaks down in the middle, where real operational work lives. "We divide problems into deterministic steps and cognitive steps, identify the exact moment an analyst has to apply judgment, and give the agent only that task before handing the work back to deterministic workflows," he says. "That separation is the dynamic the industry missed."
Without a disciplined approach, Leehealey warns that today’s tool sprawl is about to become agent sprawl. As vendors rush to bolt copilots onto existing products, security teams end up with too many systems weighing in on the same data, each offering its own interpretation. Many of the largest platforms are converging on the same log sources, but instead of clarity, they risk producing conflicting conclusions. Leehealey describes the race to stuff a copilot into every product as "agentic nonsense," arguing that it skips the foundational work required to make AI reliable and ultimately leaves teams with more noise, not less.
Fatigue 2.0: He frames the risk as a simple trade-off that many teams underestimate. "If you deliver an L1 analyst agent with no tools to ground it, it will hallucinate wildly. Instead of alert fatigue, you end up with hallucination fatigue." In practice, that shifts the burden onto human teams, who now spend their time validating AI output, resolving contradictions, and managing a new source of operational risk rather than reducing it.
Slow and steady: Leehealey frames adoption as an operational trust exercise, not a software install. "You don’t deploy an agentic system the way you deploy a patch," he says. "You bring it in the same way you’d onboard a senior executive, by running it side by side with humans, validating decisions, and gradually expanding responsibility." In his view, confidence comes from observed performance over time. "These systems have to earn trust through execution. You don’t flip a switch and hand over the keys on day one."
Fishing for coverage: That execution-first mindset showed its value during a recent phishing proof of concept, where the customer had deliberately narrowed alert rules to keep noise under control. "When the agent reviewed their environment, it showed they had missed the majority of the threat because the definition was too narrow," Leehealey recalls. "The real advantage is that agents can cut false positives so effectively that teams can afford to widen detection again." For him, that’s the practical win. "When you reduce noise at the right point in the workflow, you don’t overwhelm people. You give them more coverage with less fatigue."
Handled this way, the agent resolves the operational trade-off at the heart of modern security by taking on triage without overwhelming the human team. The model combines human judgment with machine-reliable execution, turning insight into completed work instead of stalled analysis. For Leehealey, this isn’t a strategic preference, it’s a requirement of the moment. "Your adversary is now agentic," he concludes. "You have to be at least as well-armed as your adversaries."
