Agents are a manager’s dream for productivity — and a CISO’s worst nightmare when they go rogue
KnowBe4’s Matt Duren warns AI agents, now integrated into business workflows, pose a dual threat by boosting productivity but creating security risks when compromised. The company’s new Agent Risk Manager and AIDA Orchestration tools aim to monitor AI agent activity and human interactions to mitigate cybersecurity threats, addressing a challenge cited by 45% of cybersecurity leaders in the ‘State of Human Risk’ 2025 report.
KnowBe4 Inc., a cybersecurity firm, is expanding its focus on agent risk management as AI agents increasingly integrate into enterprise workflows, blurring the line between human and machine-driven risks. Matt Duren, vice president of AI and data at KnowBe4, highlighted the dual nature of AI agents: while they enhance productivity, their rapid deployment outpaces governance, creating significant security vulnerabilities when compromised. The company’s ‘State of Human Risk’ 2025 report revealed that 45% of cybersecurity leaders identify evolving AI-powered threats as their top challenge. To address this, KnowBe4 introduced AIDA Orchestration in Q1 2026, an AI-driven tool that autonomously creates personalized phishing simulations and security training based on over 1.4 billion processed risk events. Additionally, the Agent Risk Manager, currently in tech preview, provides security teams with visibility into AI agents operating across organizations, tracking their activities, access levels, and interactions with human employees. The core of these tools is KnowBe4’s SmartRisk score, now updated to include 316 indicators spanning human and AI agent behavior. The redesign prioritizes explainability, offering clear insights into risk factors and AI-generated recommendations for individual and organizational security improvements. Duren noted that the previous risk scoring system lacked transparency due to custom AI models, while the updated version leverages hybrid architecture to optimize for cost, accuracy, and latency by selecting the right model for each task. KnowBe4’s approach avoids reliance on a single foundation model, instead using a flexible system to tailor solutions to specific needs. This strategy aims to equip security teams with the tools needed to manage risks in an increasingly AI-driven digital workforce. The company discussed these developments at KB4-CON 2026, emphasizing the need for comprehensive protection across both human and digital workers.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.