惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Security Latest
Security Latest
Recorded Future
Recorded Future
人人都是产品经理
人人都是产品经理
S
SegmentFault 最新的问题
Hacker News - Newest:
Hacker News - Newest: "LLM"
C
CXSECURITY Database RSS Feed - CXSecurity.com
博客园 - 三生石上(FineUI控件)
博客园 - 聂微东
P
Privacy & Cybersecurity Law Blog
WordPress大学
WordPress大学
Know Your Adversary
Know Your Adversary
Spread Privacy
Spread Privacy
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
量子位
L
LINUX DO - 热门话题
L
Lohrmann on Cybersecurity
博客园 - Franky
酷 壳 – CoolShell
酷 壳 – CoolShell
T
Tor Project blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
雷峰网
雷峰网
阮一峰的网络日志
阮一峰的网络日志
V
Visual Studio Blog
T
Threatpost
T
Tenable Blog
有赞技术团队
有赞技术团队
大猫的无限游戏
大猫的无限游戏
Engineering at Meta
Engineering at Meta
GbyAI
GbyAI
C
Cisco Blogs
H
Heimdal Security Blog
Attack and Defense Labs
Attack and Defense Labs
A
About on SuperTechFans
Last Week in AI
Last Week in AI
N
News and Events Feed by Topic
T
Threat Research - Cisco Blogs
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
I
Intezer
V
V2EX
Cyberwarzone
Cyberwarzone
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
B
Blog RSS Feed
V
Vulnerabilities – Threatpost
N
Netflix TechBlog - Medium
T
The Blog of Author Tim Ferriss
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
U
Unit 42
PCI Perspectives
PCI Perspectives
P
Privacy International News Feed
D
Docker

Human Risk Management Blog

Trust, Verify, Protect: Modernizing Email Security for the Cloud Report: Social Engineering Remains a Central Part of AI-assisted Attacks ClickFix Social Engineering is Now the Leading Malware Delivery Method CyberheistNews Vol 16 #28 Your 2026 Phishing by Industry Benchmarks: The Findings on Human Risk Scammers Can Use AI Tools to Pinpoint Your Location Based on a Photo Report: Attackers Are Using AI to Automate Social Engineering Your KnowBe4 Fresh Compliance Plus Content Updates from June 2026 From Awareness to Digital Workforce Security Your KnowBe4 Fresh Content Updates from June 2026 Threat Actor Uses Phishing to Breach Orgs for Ransomware Gangs Invoice Phishing Attacks Are Abusing the Shop App Phishing Campaign Impersonates Interpol to Deliver Ransomware Prompt Injection and the Rise of Agentic Risk Hyper-Targeted Social Engineering Needs Real-Time Video Response Your Email is Protected. Is Your Teams Chat? CyberheistNews Vol 16 #27 [HOW TO] Your Cybersecurity Starts at Home on World Social Media Day 2026 Phishing by Industry Benchmarking Report: Findings on Human Risk Static DLP Is Leaving You in the Dark: Why It’s Time for Intelligent, Self-Serve Outbound DLP and Misdirected Content Analysis INC Ransomware Gang Targets the Legal Sector 5 Essential Cybersecurity Defenses for Cloud Email Security Cybercriminals Are Targeting the FIFA World Cup 2026 Why Bite-Sized Security Awareness Training Matters in an Age of TikTok and Digital Distraction Happy 3rd Birthday to Our KnowBe4 Community! Phishing Exposes Employee Data at 86% of Fortune 100 Companies Shadow AI Is Not Shadow IT With a Better Marketing Budget CyberheistNews Vol 16 #26 A New Extortion Scam Uses IT Impersonation to Breach Organizations Cybersecurity Starts At Home This World Social Media Day FTC Report: Americans Lost $3.5 Billion to Imposter Scams Last Year Report: Device Code Phishing is Surging Report: Online Shoppers Increasingly Ignore Scam Warning Signs Security Training Needs Google Maps, Not Christopher Columbus Turn Account Takeover Into Real-Time Security Coaching Extortion Gang Sends In-Person Attackers to Exfiltrate Data Attackers aren’t loyal to any collaboration channel CyberheistNews Vol 16 #25 [The AI Tell] How To Expose Machine-Written Phishing Fast Social Engineering Attacks Abuse Workplace Collaboration Tools New Extortion Brand Uses IT Impersonation to Breach Organizations APWG Report: Social Media Phishing is Surging Cybersecurity Awareness Training for AI: Key Focus Areas Americans Lost $900 Million to AI-Powered Scams Last Year What AI Can’t Hide When It Writes a Phishing Email Your AI Agents Are Eager to Please And Easy to Exploit From 1% to 26%: How AIDA Orchestration Fixes the Remedial Training Gap Best AI Agent Security Tools for SMB and Enterprise in 2026 4 Hot Summer Travel Tips To Avoid Scams CyberheistNews Vol 16 #24 [FBI Alert] Lock Down Your Microsoft 365 Device Code Flows Now The Role of Agentic AI in Phishing Security Training A Credit Score for Cyber Behavior Agentic AI Security in 2026: What to Know How to Secure AI Agents: 4 Best Practices An Overview of Email Compliance Regulations and Reporting Report: AI-Assisted Fraud is Surging Attackers Use Spoofed ChatGPT Site to Deliver Malware I Love Device-Bound Session Credentials, But They Are Still Phishable and Hackable Nearly Two-Thirds of CEOs Cite Cyberattacks as Their Top Concern A Look at Spam vs. Phishing: 4 Key Differences KnowBe4 Wins Multiple 2026 TrustRadius Top Rated Awards Cyber Insurance for Mid‑Market Organizations in Southeast Asia KnowBe4 Earns Multiple 2026 Buyer's Choice Awards from TrustRadius The New Frontier: Securing Japan’s Hybrid Digital Workforce (2026 & Beyond) CyberheistNews Vol 16 #23 Now Phishing Attacks Use Real Hotel Reservations to Target Travelers Report: AI-Enabled Social Engineering Attacks Are on the Rise Your KnowBe4 Fresh Compliance Plus Content Updates from May 2026 FBI: Kali365 Phishing Kit is Targeting Microsoft 365 Accounts KB4-CON - AI Is Everything How to Secure AI Adoption In Your Organization Your KnowBe4 Fresh Content Updates from May 2026 The Silent Invitation: A Deep Dive into Calendar Invite Phishing Cyber Insurance for Mid‑Market Organizations in Southeast Asia Chinese-Language Phishing Kits Are Growing More Advanced Phishing Attacks Are Using Real Hotel Reservation Info to Target Travelers Warning: Scammers are Exploiting Geopolitical Unrest Athletes Are Increasingly Targeted by Social Engineering Attacks AI Agent Governance Part 3 - Runtime Governance: The Hidden Performance Cost of Agentic AI 8 Ways to Reduce False Positives in Email Security Ransomware Attacks Drive a Surge in Cyber Insurance Claims My Favorite 5 KnowBe4 Agents Perry Carpenter KB4-CON 2026 Q&A: Deepfakes & Deception Free Gift Fallacy: How Attackers Harvest Credit Cards via Fake Surveys When Global Conflict Becomes a Cyber Weapon: How Iran Tensions and Other Stressful Events Fuel Social Engineering Attacks CyberheistNews Vol 16 #21 [Heads Up] GitHub Breach Shows Developer Tools Are Social Engineering Targets Alert: Extortion Groups Are Using Phishing Kits to Automate Their Attacks Beyond the Chatbot: Why Your AI Agents are Your Newest (and Most Vulnerable) Colleagues Report: Adversarial Use of AI is Evolving
AI Agent Governance Part 2 - What Good Looks Like: Governing AI Agents in Practice
Anna Collard · 2026-05-30 · via Human Risk Management Blog

Evangelists-Anna CollardIf AI agents are becoming organizational actors, then governance needs to move beyond principles and into operational structure.

In Camille Stewart Gloster’s upcoming book The Insider You Build, she explains that governance is not defined by policies or structures, but by whether it can actually influence system behavior at runtime. In an agentic environment, governance only exists where it can shape, constrain, and intervene in decisions as they happen.

ai-governance-model
1Figure 1: AI Agent Governance Model by Arunraju Chinnaraju (2026).

Her simplified framework focuses on three capabilities:

  • Authority design: defining what agents are allowed to do
  • Runtime enforcement: ensuring governance operates during execution
  • Attribution and learning: maintaining traceability and improving over time

Chinnaraju’s 2026 paper argues that effective AI agent governance requires organizations to treat agents as formal organizational actors rather than experimental tools.1

This begins with Agent Charters, which function as credentials for each agent. Think of these as an operating license or passport for every AI agent, clearly defining:

  • Boundaries: what the agent is allowed to do, what data it can access
  • Authority: where its authority stops
  • Escalation: when it must escalate or be shut down

Without this formal documentation, agents operate in a grey zone, where authority is unclear and accountability cannot be enforced.

Ownership

Autonomy does not remove accountability but redistributes it. The paper identifies four critical functions:

  • a sponsor responsible for purpose and alignment
  • a steward managing the agent lifecycle
  • a risk/compliance owner ensuring regulatory and ethical alignment
  • and critically, an operations controller who can monitor and override the agent in real time

Together, these roles form a control loop where authority flows to the agent, but accountability flows back through monitoring. Embedding these roles into access control systems, workflows, and approval processes, supported by audit logs is essential to avoid informal or unclear responsibility.

Runtime Execution & Monitoring

ai-agent-governance
2 Figure 2: AI Agent Governance Stages, by Arunraju Chinnaraju (2026).

Agents must be integrated into enterprise systems (e.g. ERP, CRM, transaction platforms), but crucially, they must also be observable and controllable in real time. If organizations enable execution without the ability to monitor behavior or intervene, they create what the paper defines as a structural governance failure, where operational capability exists without governance capacity.2

This means real-time monitoring, dynamic permissioning, escalation triggers, and the ability to intervene or override decisions as they happen. In other words, governance isn’t something you set upfront, it’s something you must enforce at the moment of decision.

Maturity-based Approach to Autonomy

To manage this risk, the paper proposes a maturity-based approach to autonomy, where authority is gradually increased across four stages:

  • Start with assistive systems (recommendation only)
  • Move to supervised execution
  • Conditional bounded autonomy with escalation
  • Only then consider full autonomy

The central principle is that autonomy should be earned through evidence of control and reliability, not granted upfront.

Scaling Governance

Finally, these elements are brought together in a staged implementation roadmap, moving from governance readiness, to pilot deployment, controlled scaling, and ultimately institutionalization. Progression through these stages is gated and requires demonstrating effective oversight, monitoring, and alignment before expanding agent use. At maturity, agents become embedded in core operations, subject to compliance cycles and board-level oversight.

Where Should Governance Sit?

As organizations begin to operationalize AI governance, the question emerges: Where should governance actually live in an agentic system? Emerging research points to three primary models:

  • Centralized governance: a single control layer or supervisor oversees all agents
  • Distributed governance: each agent governs its own behavior
  • Hybrid models: combining central oversight with local controls

Caldeira and Banerjee’s comparative study (2025) highlights a critical trade-off. Distributed models improve transparency but reduce efficiency. Centralized models improve performance but reduce visibility. Interpretability and performance are often in tension. In practice, this isn't a one-size-fits-all answer, but depends on the organization’s size and industry compliance requirements. Most organizations will probably need hybrid approaches, balancing control, scalability, and explainability.

Governance Beyond Systems: The Leadership Question and Agent Risk Management (ARM)

Recent scrutiny of leadership within the AI industry also highlights a deeper, often overlooked dimension of governance: human accountability at the top. Investigations have raised uncomfortable but important questions about trust, transparency, and who ultimately holds power when the stakes are this high. When governance relies on the integrity of a few individuals, and that integrity is called into question, the entire system becomes fragile.

The lesson for organizations is clear: governance cannot depend on personalities or promises, it must be structurally embedded, independently verifiable, and resilient to leadership failure.

Effective governance requires a clear "separation of powers." While Business Units should own the agent, defining its purpose, managing its "repair," and reaping its rewards, Infosec might own the "kill switch." This ensures that when an agent drifts or is compromised, the decision to halt operations is made by those prioritized with safety, not just performance.

This is where the concept of Agent Risk Management (ARM) becomes essential. We must treat AI agents as part of our extended workforce. Just as we manage contractors and third-party vendors, we need a framework to manage the digital identities and behaviors of our AI actors.

At KnowBe4, we believe accountability must be designed into the system, not assumed. By treating agents as a critical branch of your workforce through Agent Risk Management (ARM), governance becomes independently verifiable and resilient to leadership failure. In a world where AI has the power to act, we must ensure that the human "on the loop" remains empowered, informed, and ultimately in control.

References:

Caldeira, V. & Banerjee, A (2025). Where Should Control Reside in Multi-Agent Language-Model Systems? Proceedings of the 6th International Conference on AI Research (ICAIR 2025) 6(1). https://papers.academic-conferences.org/index.php/icair/article/view/4157

Chinnaraju, A. (2026). When AI Agents Act: Governance, Accountability, and Strategic Risk in Autonomous Organizations, 12(12), https://doi.org/10.51244/IJRSI.2025.12120050

Damien, C. (2026). AI Hallucination Cases.
https://www.damiencharlotin.com/hallucinations/

MyBroadband (2026). Scandal erupts over South Africa’s new draft AI policy which used fake references generated by AI.
https://mybroadband.co.za/news/government/643743-scandal-erupts-over-south-africas-new-draft-ai-policy-which-used-fake-references-generated-by-ai.html

Stewart Gloster C. (2026). The Insider You Build. John Wiley & Sons Canada, Limited.
https://camillestewartgloster.com/theinsideryoubuilt