惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Spread Privacy
Spread Privacy
Engineering at Meta
Engineering at Meta
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
D
DataBreaches.Net
N
Netflix TechBlog - Medium
T
The Blog of Author Tim Ferriss
L
LangChain Blog
Jina AI
Jina AI
MongoDB | Blog
MongoDB | Blog
B
Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
月光博客
月光博客
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
T
Tailwind CSS Blog
Google DeepMind News
Google DeepMind News
WordPress大学
WordPress大学
T
Threatpost
V
V2EX
Security Archives - TechRepublic
Security Archives - TechRepublic
GbyAI
GbyAI
Scott Helme
Scott Helme
Cyberwarzone
Cyberwarzone
H
Help Net Security
大猫的无限游戏
大猫的无限游戏
Security Latest
Security Latest
T
The Exploit Database - CXSecurity.com
T
Tenable Blog
S
Schneier on Security
博客园 - 叶小钗
Apple Machine Learning Research
Apple Machine Learning Research
F
Full Disclosure
腾讯CDC
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
S
Security @ Cisco Blogs
A
Arctic Wolf
S
Securelist
Recent Commits to openclaw:main
Recent Commits to openclaw:main
T
Tor Project blog
The Register - Security
The Register - Security
L
LINUX DO - 最新话题
Blog — PlanetScale
Blog — PlanetScale
U
Unit 42
V
Vulnerabilities – Threatpost
Google Online Security Blog
Google Online Security Blog
L
LINUX DO - 热门话题
TaoSecurity Blog
TaoSecurity Blog
Y
Y Combinator Blog
博客园 - 三生石上(FineUI控件)
C
CERT Recently Published Vulnerability Notes

Fortinet All Blogs

The TTF Trap: A Global Campaign of a Low-Detection Lua Loader | FortiGuard Labs Helping Law Enforcement Keep Pace with the Future of Cybercrime | Fortinet Blog FortiEndpoint Expands Security for the AI Era | Fortinet Blog The AI Era Needs a New SASE. Here’s What That Actually Looks Like. | Fortinet Blog Analysis of Ongoing Ousaban Attacks Targeting the Iberian Peninsula | FortiGuard Labs Update on Fortinet Use of Frontier AI | CISO Collective Fortinet Supports INTERPOL Operation CyberProtect III Targeting Online Exploitation From CI/CD to Cloud Data: How Shai Hulud Persistence Leads to Redshift Breach | FortiGuard Labs Fortinet Launches Its Product Carbon Footprint Calculator FortiSASE Training Builds Skills for Secure Access Success | Fortinet Blog Analysis of Reported Credential Compromise of FortiGate Devices | Fortinet Blog Teaching Cybersecurity the Way It’s Actually Used | Fortinet Blog Introducing FortiSOC: One Platform, Total Control | Fortinet Blog Public-Private Cooperation Is Critical to AI-Driven Cyber Defense | Fortinet Advancing Threat-Informed Defense through Fortinet’s Collaboration with MITRE CTID | Fortinet Threat Actors Weaponize AI Hype to Deliver AsyncRAT | FortiGuard Labs Fortinet Achieves 1 Million People Trained in Cybersecurity Goal Ahead of Schedule | Fortinet Blog While OT Security Is Maturing, Risk Is Not Slowing Down | Fortinet Blog AI Policy Meets Operational Reality: White House AI Cybersecurity Order Calls for Public-Private Coordination | Fortinet Blog Executive Q&A: Strong Q1 Momentum Driven by Differentiated Innovation and Customer Demand | Fortinet Fortinet Earns AV-Comparatives Certification for EDR Detection Visibility | Fortinet Blog Cybercriminals Are Targeting the FIFA World Cup 2026 | FortiGuard Labs Fortinet Achieves AV-Comparatives Certification for Process Injection Protection | Fortinet Blog Inside the Cross-Platform Propagation of a New Gafgyt Variant C0XMO | FortiGuard Labs Battling AI-Based Threats with FortiNDR | Fortinet Blog Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data Defending Critical Infrastructure: Why OT Security Demands a Threat-Informed Approach | CISO Collective Misconfigured, Enrolled and Dormant: Anatomy of a P2Pinfect Kubernetes Compromise | FortiGuard Labs Fortinet Expands Cybersecurity Investment in the United Arab Emirates | Fortinet Blog PureLogs: Delivery via PawsRunner Steganography | FortiGuard Labs The Future of Connectivity | Fortinet Blog Fortinet at the World Economic Forum: Frontier AI models, AI-Driven Threats, Deepfakes, and the Future of Cyber Defense | Fortinet Blog The Fortinet 2025 Sustainability Report | Fortinet Blog Supercharged Security: Security in the Time of Mythos | CISO Collective Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign | FortiGuard Labs AI Security Is an Architectural Decision | Fortinet Blog Fortinet Training Institute Wins Industry Accolades | Fortinet Blog Shadow AI: The Invisible Risk Growing Inside Your Organization | Fortinet Blog Leading by Example in Sustainability: Fortinet Expands Global EPD Certification | Fortinet Blog When Cybercrime Becomes an Industry | Fortinet Blog FortiOS 8.0: Redefining Secure Networking in the AI and Quantum Era | Fortinet Blog Securing the Physical World as It Comes Online | Fortinet Blog Why the 2026 AI Cybersecurity Summit Matters | Fortinet Blog DPRK-Related Campaigns with LNK and GitHub C2 | FortiGuard Labs AI Is Changing Application Threats Faster Than Teams Can Adapt | Fortinet Blog Announcing the Fortinet Training Institute’s 2026 ATC Award Winners | Fortinet Blog Disrupting Cybercrime Networks at Scale Requires Sustained Global Collaboration | Fortinet Blog
Cyber Attacks Leveraging AI Require Behavior-First Security Training, Not Simply Better Awareness | Fortinet Blog
Melonia da Gama · 2026-07-13 · via Fortinet All Blogs

Artificial intelligence has made cybersecurity awareness more visible across the workforce. Employees increasingly understand that attackers can use AI to make phishing messages more convincing, impersonation more believable, and social engineering harder to detect. Many are also using AI tools to draft content, summarize information, analyze data, write code, review logs, or support daily decisions.

While visibility matters, awareness is not the same as readiness. The operational challenge for security and business leaders is no longer simply whether employees know AI-related cyber risks exist. It is whether they can make the right decisions when those risks appear in real time: when a message looks legitimate, when an AI-generated summary seems plausible, when a tool requests sensitive information, or when an urgent request appears to come from a trusted source.

According to the 2025 Security Awareness and Training Global Research Report, 88% of organizations report that the growing use of AI by bad actors has significantly or somewhat increased employees’ understanding of the importance of security awareness and training. That is encouraging. AI-driven threats are helping employees view cybersecurity as part of everyday work rather than as a responsibility owned only by IT or security teams.

But the same report shows a clear readiness gap. Only 40% of respondents say their employees are highly trained and prepared to identify, avoid, and report AI-based cyberthreats over the next year. Another 58% say employees are only moderately or slightly prepared.

That gap is where security awareness training must evolve. In an AI-driven threat environment, awareness alone does not reduce risk. Organizations need behavior-first training that helps employees apply judgment, follow policy, and respond appropriately when situations are unclear.

AI Makes Familiar Risks Harder to Recognize

Not only has AI created an entirely new category of employee risk, but it also makes existing risks harder to detect. A phishing email may be better written. A fake vendor request may sound more credible. A fraudulent message may be personalized using information from public sources, breached data, or prior interactions. An attacker may use AI to adjust tone, remove obvious grammar mistakes, or imitate the language of a trusted colleague, executive, customer, or partner.

This changes what employees need from cybersecurity training. Traditional warning signs still matter, but they are no longer sufficient. Employees need to understand how AI can alter the cues they have been trained to rely on. They also need practical ways to slow down, verify requests, report suspicious activity, and avoid risky shortcuts.

This is especially important because AI risk is not limited to attacks from outside the organization. Employees are also using AI tools as part of their work. Without clear guidance, they may paste sensitive data into public tools, rely on AI-generated content without review, use unapproved applications, or fail to recognize when AI output introduces business, security, privacy, or compliance risks.

That is why AI security awareness training must focus on behavior. The goal is not just to help employees understand that AI-enabled threats exist. It is to help them act differently when they encounter those threats.

AI Governance Depends on Employee Execution

Many organizations are already taking steps to manage AI-related risk. The report found that 53% train employees on the proper use of generative AI tools, and the same percentage use technologies to monitor or prevent the sharing of sensitive data with these tools. Forty-eight percent have established policies governing AI tool use, and 45% maintain lists of authorized applications.

While such controls are important, they only work if employees understand how to apply them. A policy prohibiting the sharing of confidential data with AI tools is necessary. But employees also need to know what qualifies as confidential, which tools are approved, what information can be used safely, and when to seek guidance. An authorized app list helps reduce risk, but only if employees know it exists, understand why it matters, and consult it before adopting a new tool.

The report also found that 96% of organizations have either adopted or are developing security policies for generative AI applications and other AI tools. The same percentage have established or are exploring methods to test and validate the security of deployed AI and large language model systems.

Those findings point to a broader shift toward AI governance. But governance cannot remain confined to policy documents, legal reviews, or technical controls. It must reach the employees who make everyday decisions about tools, data, content, and communication. This is the execution gap that leaders must address. AI governance reduces risk only when employees can translate it into action.

Behavior-First Training Builds Operational Readiness

AI-related training should not be treated as a single update to an annual awareness module. Risks are evolving too quickly, and employee use of AI tools is expanding too rapidly. Organizations need practical, frequent training tied to real work.

The report notes that many organizations remain in the early stages of managing AI-related risks. For example, only 42% of respondents report having tools to oversee employee AI use. This makes employee cybersecurity training even more important. When technical visibility is incomplete, employees need clear guidance on recognizing risky situations and responding appropriately.

Behavior-first training should center on the decisions employees actually face. That includes identifying AI-enhanced phishing, verifying unusual requests, protecting sensitive information, using approved AI tools, evaluating AI-generated content, and reporting suspicious activity. Short, scenario-driven modules can help employees connect policy language to real decisions without overwhelming them.

Regular, brief training sessions on recognizing AI phishing can be more effective than broad annual overviews. Short updates on approved AI tools can clarify when employees should seek guidance. Scenario-driven modules can help employees understand how to handle customer information, proprietary data, code, contracts, regulated content, or other sensitive material when AI tools are involved.

This approach also improves retention. Employees are more likely to remember and apply training when it is specific, timely, and relevant to their daily responsibilities. A finance employee may need training on invoice fraud and executive impersonation. A developer may need guidance on AI-assisted coding and code review. A sales employee may need examples involving customer data, meeting summaries, and CRM content. A support engineer may need to understand where AI can help and where sensitive logs or configuration details require extra caution. The more closely training mirrors real-world behavior, the more useful it becomes.

Workforce Resilience Requires Judgment, Not Just Knowledge

Security awareness has always depended on people recognizing risk. AI raises the bar because it makes risk harder to see and easier to act on too quickly.

That does not mean employees are the weak link. It means employees are often the decision point. They decide whether to click, report, verify, share, approve, download, summarize, paste, or trust. In an AI-enabled workplace, those decisions carry more weight because attackers can move faster, messages can appear more credible, and tools can blur the line between productivity and exposure.

The strongest security awareness programs help employees build habits that hold up under pressure. They teach users to pause before acting, verify before trusting, protect data before sharing, and report concerns before an incident escalates. They also make cybersecurity feel like part of everyday work rather than a separate compliance exercise.

That is where awareness becomes resilience. AI does not reduce the need for human judgment. It increases the need for employees to know where their judgment matters most. As AI-generated content becomes more convincing and AI tools become more embedded in daily workflows, organizations need training programs that help employees consistently make safer decisions.

Build AI-Ready Workforce Resilience with Fortinet Training

AI governance reduces risk only when employees understand how to apply policies in their daily work. While organizations can implement approved AI tools, data-handling protocols, and security measures, these are effective only if employees consistently make secure choices.

Fortinet Security Awareness and Training (FortiSAT) helps organizations translate AI governance into actionable workforce behaviors. Employees learn how attackers use AI for phishing, impersonation, and social engineering, and they also gain skills to use AI tools safely, protect sensitive data, verify unusual requests, and report suspicious activity.

By combining role-based training with real-world scenarios, organizations can strengthen secure behaviors among employees, minimize AI-related risks, and promote responsible AI use. This strategy fosters a more resilient workforce, enabling organizations to harness AI’s benefits while maintaining strong security measures.

Explore Fortinet’s security awareness and training programs and read the full 2025 Security Awareness and Training Global Research Report to learn how organizations can help employees recognize today’s threats, use AI tools responsibly, and make safer decisions as risks continue to evolve.