惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

PCI Perspectives
PCI Perspectives
Microsoft Security Blog
Microsoft Security Blog
MongoDB | Blog
MongoDB | Blog
T
The Blog of Author Tim Ferriss
罗磊的独立博客
人人都是产品经理
人人都是产品经理
The Cloudflare Blog
Engineering at Meta
Engineering at Meta
Y
Y Combinator Blog
宝玉的分享
宝玉的分享
Recorded Future
Recorded Future
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
月光博客
月光博客
Recent Announcements
Recent Announcements
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Apple Machine Learning Research
Apple Machine Learning Research
T
Threatpost
The GitHub Blog
The GitHub Blog
M
MIT News - Artificial intelligence
Scott Helme
Scott Helme
P
Palo Alto Networks Blog
T
Tenable Blog
P
Privacy International News Feed
V
Visual Studio Blog
F
Fortinet All Blogs
酷 壳 – CoolShell
酷 壳 – CoolShell
I
Intezer
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
AI
AI
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
S
Security Affairs
S
SegmentFault 最新的问题
C
Cisco Blogs
博客园 - 聂微东
MyScale Blog
MyScale Blog
V
Vulnerabilities – Threatpost
量子位
T
The Exploit Database - CXSecurity.com
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Security Latest
Security Latest
P
Proofpoint News Feed
阮一峰的网络日志
阮一峰的网络日志
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
T
Troy Hunt's Blog
T
Tailwind CSS Blog
Stack Overflow Blog
Stack Overflow Blog
云风的 BLOG
云风的 BLOG
A
About on SuperTechFans
The Last Watchdog
The Last Watchdog

Human Risk Management Blog

Trust, Verify, Protect: Modernizing Email Security for the Cloud Report: Social Engineering Remains a Central Part of AI-assisted Attacks ClickFix Social Engineering is Now the Leading Malware Delivery Method CyberheistNews Vol 16 #28 Your 2026 Phishing by Industry Benchmarks: The Findings on Human Risk Scammers Can Use AI Tools to Pinpoint Your Location Based on a Photo Report: Attackers Are Using AI to Automate Social Engineering Your KnowBe4 Fresh Compliance Plus Content Updates from June 2026 From Awareness to Digital Workforce Security Your KnowBe4 Fresh Content Updates from June 2026 Threat Actor Uses Phishing to Breach Orgs for Ransomware Gangs Invoice Phishing Attacks Are Abusing the Shop App Phishing Campaign Impersonates Interpol to Deliver Ransomware Prompt Injection and the Rise of Agentic Risk Hyper-Targeted Social Engineering Needs Real-Time Video Response Your Email is Protected. Is Your Teams Chat? CyberheistNews Vol 16 #27 [HOW TO] Your Cybersecurity Starts at Home on World Social Media Day 2026 Phishing by Industry Benchmarking Report: Findings on Human Risk Static DLP Is Leaving You in the Dark: Why It’s Time for Intelligent, Self-Serve Outbound DLP and Misdirected Content Analysis INC Ransomware Gang Targets the Legal Sector 5 Essential Cybersecurity Defenses for Cloud Email Security Cybercriminals Are Targeting the FIFA World Cup 2026 Why Bite-Sized Security Awareness Training Matters in an Age of TikTok and Digital Distraction Happy 3rd Birthday to Our KnowBe4 Community! Phishing Exposes Employee Data at 86% of Fortune 100 Companies Shadow AI Is Not Shadow IT With a Better Marketing Budget CyberheistNews Vol 16 #26 A New Extortion Scam Uses IT Impersonation to Breach Organizations Cybersecurity Starts At Home This World Social Media Day FTC Report: Americans Lost $3.5 Billion to Imposter Scams Last Year Report: Device Code Phishing is Surging Report: Online Shoppers Increasingly Ignore Scam Warning Signs Security Training Needs Google Maps, Not Christopher Columbus Turn Account Takeover Into Real-Time Security Coaching Extortion Gang Sends In-Person Attackers to Exfiltrate Data Attackers aren’t loyal to any collaboration channel CyberheistNews Vol 16 #25 [The AI Tell] How To Expose Machine-Written Phishing Fast Social Engineering Attacks Abuse Workplace Collaboration Tools New Extortion Brand Uses IT Impersonation to Breach Organizations APWG Report: Social Media Phishing is Surging Cybersecurity Awareness Training for AI: Key Focus Areas Americans Lost $900 Million to AI-Powered Scams Last Year What AI Can’t Hide When It Writes a Phishing Email From 1% to 26%: How AIDA Orchestration Fixes the Remedial Training Gap Best AI Agent Security Tools for SMB and Enterprise in 2026 4 Hot Summer Travel Tips To Avoid Scams CyberheistNews Vol 16 #24 [FBI Alert] Lock Down Your Microsoft 365 Device Code Flows Now The Role of Agentic AI in Phishing Security Training A Credit Score for Cyber Behavior Agentic AI Security in 2026: What to Know How to Secure AI Agents: 4 Best Practices An Overview of Email Compliance Regulations and Reporting Report: AI-Assisted Fraud is Surging Attackers Use Spoofed ChatGPT Site to Deliver Malware I Love Device-Bound Session Credentials, But They Are Still Phishable and Hackable Nearly Two-Thirds of CEOs Cite Cyberattacks as Their Top Concern A Look at Spam vs. Phishing: 4 Key Differences KnowBe4 Wins Multiple 2026 TrustRadius Top Rated Awards Cyber Insurance for Mid‑Market Organizations in Southeast Asia KnowBe4 Earns Multiple 2026 Buyer's Choice Awards from TrustRadius The New Frontier: Securing Japan’s Hybrid Digital Workforce (2026 & Beyond) CyberheistNews Vol 16 #23 Now Phishing Attacks Use Real Hotel Reservations to Target Travelers Report: AI-Enabled Social Engineering Attacks Are on the Rise Your KnowBe4 Fresh Compliance Plus Content Updates from May 2026 FBI: Kali365 Phishing Kit is Targeting Microsoft 365 Accounts KB4-CON - AI Is Everything How to Secure AI Adoption In Your Organization Your KnowBe4 Fresh Content Updates from May 2026 The Silent Invitation: A Deep Dive into Calendar Invite Phishing Cyber Insurance for Mid‑Market Organizations in Southeast Asia Chinese-Language Phishing Kits Are Growing More Advanced Phishing Attacks Are Using Real Hotel Reservation Info to Target Travelers Warning: Scammers are Exploiting Geopolitical Unrest Athletes Are Increasingly Targeted by Social Engineering Attacks AI Agent Governance Part 3 - Runtime Governance: The Hidden Performance Cost of Agentic AI AI Agent Governance Part 2 - What Good Looks Like: Governing AI Agents in Practice 8 Ways to Reduce False Positives in Email Security Ransomware Attacks Drive a Surge in Cyber Insurance Claims My Favorite 5 KnowBe4 Agents Perry Carpenter KB4-CON 2026 Q&A: Deepfakes & Deception Free Gift Fallacy: How Attackers Harvest Credit Cards via Fake Surveys When Global Conflict Becomes a Cyber Weapon: How Iran Tensions and Other Stressful Events Fuel Social Engineering Attacks CyberheistNews Vol 16 #21 [Heads Up] GitHub Breach Shows Developer Tools Are Social Engineering Targets Alert: Extortion Groups Are Using Phishing Kits to Automate Their Attacks Beyond the Chatbot: Why Your AI Agents are Your Newest (and Most Vulnerable) Colleagues Report: Adversarial Use of AI is Evolving
Your AI Agents Are Eager to Please And Easy to Exploit
Bryan Palma · 2026-06-18 · via Human Risk Management Blog

An AI-driven system at a beverage manufacturer recently churned out several hundred thousand excess cans after misreading unfamiliar packaging. The system didn’t recognize the company’s new holiday labels, flagged them as an error, and triggered additional production runs before the company caught the mistake.

The system followed its instructions perfectly. As one CISO put it, “these systems are doing exactly what you told them to do, not just what you meant.”

Companies are racing to deploy AI agents. Very few are asking what those agents will fall for. The problem is not that AI agents are too smart. The problem is they are too obedient.

Optimized for Yes

Where a human assistant would question a strange request for the CEO’s private calendar, an agent might willingly fulfill it. And even a child would hesitate before clicking a suspicious link from IamABadGuy.com, but an agent plows ahead.

Security researchers have already demonstrated how a well-crafted sentence can talk an agent into doing something no reasonable employee would ever do. An agent opened an ordinary document, followed instructions hidden inside it, and moved private data somewhere it should not go

Gartner projects that more than 40% of agentic AI projects will be canceled by the end of 2027, not because the technology failed, but because organizations could not govern what they deployed.

You Would Not Hire a Human This Way

No responsible company hires a human, gives them access to every system, skips orientation, and hopes for the best. But this is exactly how most organizations deploy agents. They hand them credentials and set them loose.

When a human makes a costly mistake, there is a person to hold accountable. A manager. A review process. When an AI customer service agent starts issuing unauthorized refunds to generate positive reviews, who owns the outcome? Some organizations have frozen deployments entirely because no one would sign the liability paper.

Most organizations plan to deploy agentic AI, but only three in ten say they are prepared to secure those deployments. The other seven? They are deploying systems they cannot govern, audit, or hold accountable.

Protect Your Agents Like You Protect Your People

For 15 years, we have studied how humans respond to threats. Not just what threats exist—every cybersecurity company tracks those. We study what happens when a real person encounters one. Do they report it? Do they delete it? Do they click? That behavioral data, gathered across hundreds of millions of simulated and real-world interactions, is what turns a vulnerable employee into a reliable one.

In 2025, one in three full-time workers in the United States received security and compliance training through our platform. Seventy thousand organizations worldwide trust us to strengthen their security culture. We did not build this by lecturing people. We built it by understanding how humans behave when they encounter a threat, and then training them to behave better. Agents deserve the same investment.

I do not care if your workforce is 100 humans and zero agents. I do not care if it is 50/50. The ratio is irrelevant. What matters is whether each one is an asset or a liability. First, you have to get an agent to a base level of training, where it does not fall for obvious manipulation. An agent should be able to recognize a suspicious instruction the same way a trained employee recognizes a phishing email. That is the baseline. Then you can build from there to make them genuinely useful and resilient.

We already measure trust for humans through training data, simulation performance, and behavioral patterns. The same principles—simulate, measure, improve—apply to agents. Every member of the workforce, human or machine, should carry a verifiable risk score.

Just as you would not put an untrained person on the factory floor, you should not put an untrained agent on the network. The companies winning with AI will not be the ones deploying the most agents. They will be the ones who took the time to raise them right.