惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Stack Overflow Blog
Stack Overflow Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
H
Hacker News: Front Page
S
Security Affairs
Google Online Security Blog
Google Online Security Blog
Attack and Defense Labs
Attack and Defense Labs
H
Heimdal Security Blog
S
Securelist
S
Secure Thoughts
N
News and Events Feed by Topic
T
The Exploit Database - CXSecurity.com
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Last Week in AI
Last Week in AI
The Last Watchdog
The Last Watchdog
N
News | PayPal Newsroom
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
IT之家
IT之家
宝玉的分享
宝玉的分享
有赞技术团队
有赞技术团队
O
OpenAI News
V
Vulnerabilities – Threatpost
S
Schneier on Security
Cyberwarzone
Cyberwarzone
雷峰网
雷峰网
罗磊的独立博客
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
J
Java Code Geeks
Google DeepMind News
Google DeepMind News
The Cloudflare Blog
美团技术团队
人人都是产品经理
人人都是产品经理
T
The Blog of Author Tim Ferriss
T
Tor Project blog
P
Privacy International News Feed
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Google DeepMind News
Google DeepMind News
S
Security @ Cisco Blogs
Project Zero
Project Zero
Security Archives - TechRepublic
Security Archives - TechRepublic
Schneier on Security
Schneier on Security
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
P
Proofpoint News Feed
K
Kaspersky official blog
P
Privacy & Cybersecurity Law Blog
aimingoo的专栏
aimingoo的专栏
L
LINUX DO - 热门话题
V
V2EX
Blog — PlanetScale
Blog — PlanetScale
www.infosecurity-magazine.com
www.infosecurity-magazine.com
U
Unit 42

Human Risk Management Blog

Trust, Verify, Protect: Modernizing Email Security for the Cloud Report: Social Engineering Remains a Central Part of AI-assisted Attacks ClickFix Social Engineering is Now the Leading Malware Delivery Method CyberheistNews Vol 16 #28 Your 2026 Phishing by Industry Benchmarks: The Findings on Human Risk Scammers Can Use AI Tools to Pinpoint Your Location Based on a Photo Report: Attackers Are Using AI to Automate Social Engineering Your KnowBe4 Fresh Compliance Plus Content Updates from June 2026 Your KnowBe4 Fresh Content Updates from June 2026 Threat Actor Uses Phishing to Breach Orgs for Ransomware Gangs Invoice Phishing Attacks Are Abusing the Shop App Phishing Campaign Impersonates Interpol to Deliver Ransomware Prompt Injection and the Rise of Agentic Risk Hyper-Targeted Social Engineering Needs Real-Time Video Response Your Email is Protected. Is Your Teams Chat? CyberheistNews Vol 16 #27 [HOW TO] Your Cybersecurity Starts at Home on World Social Media Day 2026 Phishing by Industry Benchmarking Report: Findings on Human Risk Static DLP Is Leaving You in the Dark: Why It’s Time for Intelligent, Self-Serve Outbound DLP and Misdirected Content Analysis INC Ransomware Gang Targets the Legal Sector 5 Essential Cybersecurity Defenses for Cloud Email Security Cybercriminals Are Targeting the FIFA World Cup 2026 Why Bite-Sized Security Awareness Training Matters in an Age of TikTok and Digital Distraction Happy 3rd Birthday to Our KnowBe4 Community! Phishing Exposes Employee Data at 86% of Fortune 100 Companies Shadow AI Is Not Shadow IT With a Better Marketing Budget CyberheistNews Vol 16 #26 A New Extortion Scam Uses IT Impersonation to Breach Organizations Cybersecurity Starts At Home This World Social Media Day FTC Report: Americans Lost $3.5 Billion to Imposter Scams Last Year Report: Device Code Phishing is Surging Report: Online Shoppers Increasingly Ignore Scam Warning Signs Security Training Needs Google Maps, Not Christopher Columbus Turn Account Takeover Into Real-Time Security Coaching Extortion Gang Sends In-Person Attackers to Exfiltrate Data Attackers aren’t loyal to any collaboration channel CyberheistNews Vol 16 #25 [The AI Tell] How To Expose Machine-Written Phishing Fast Social Engineering Attacks Abuse Workplace Collaboration Tools New Extortion Brand Uses IT Impersonation to Breach Organizations APWG Report: Social Media Phishing is Surging Cybersecurity Awareness Training for AI: Key Focus Areas Americans Lost $900 Million to AI-Powered Scams Last Year What AI Can’t Hide When It Writes a Phishing Email Your AI Agents Are Eager to Please And Easy to Exploit From 1% to 26%: How AIDA Orchestration Fixes the Remedial Training Gap Best AI Agent Security Tools for SMB and Enterprise in 2026 4 Hot Summer Travel Tips To Avoid Scams CyberheistNews Vol 16 #24 [FBI Alert] Lock Down Your Microsoft 365 Device Code Flows Now The Role of Agentic AI in Phishing Security Training A Credit Score for Cyber Behavior Agentic AI Security in 2026: What to Know How to Secure AI Agents: 4 Best Practices An Overview of Email Compliance Regulations and Reporting Report: AI-Assisted Fraud is Surging Attackers Use Spoofed ChatGPT Site to Deliver Malware I Love Device-Bound Session Credentials, But They Are Still Phishable and Hackable Nearly Two-Thirds of CEOs Cite Cyberattacks as Their Top Concern A Look at Spam vs. Phishing: 4 Key Differences KnowBe4 Wins Multiple 2026 TrustRadius Top Rated Awards Cyber Insurance for Mid‑Market Organizations in Southeast Asia KnowBe4 Earns Multiple 2026 Buyer's Choice Awards from TrustRadius The New Frontier: Securing Japan’s Hybrid Digital Workforce (2026 & Beyond) CyberheistNews Vol 16 #23 Now Phishing Attacks Use Real Hotel Reservations to Target Travelers Report: AI-Enabled Social Engineering Attacks Are on the Rise Your KnowBe4 Fresh Compliance Plus Content Updates from May 2026 FBI: Kali365 Phishing Kit is Targeting Microsoft 365 Accounts KB4-CON - AI Is Everything How to Secure AI Adoption In Your Organization Your KnowBe4 Fresh Content Updates from May 2026 The Silent Invitation: A Deep Dive into Calendar Invite Phishing Cyber Insurance for Mid‑Market Organizations in Southeast Asia Chinese-Language Phishing Kits Are Growing More Advanced Phishing Attacks Are Using Real Hotel Reservation Info to Target Travelers Warning: Scammers are Exploiting Geopolitical Unrest Athletes Are Increasingly Targeted by Social Engineering Attacks AI Agent Governance Part 3 - Runtime Governance: The Hidden Performance Cost of Agentic AI AI Agent Governance Part 2 - What Good Looks Like: Governing AI Agents in Practice 8 Ways to Reduce False Positives in Email Security Ransomware Attacks Drive a Surge in Cyber Insurance Claims My Favorite 5 KnowBe4 Agents Perry Carpenter KB4-CON 2026 Q&A: Deepfakes & Deception Free Gift Fallacy: How Attackers Harvest Credit Cards via Fake Surveys When Global Conflict Becomes a Cyber Weapon: How Iran Tensions and Other Stressful Events Fuel Social Engineering Attacks CyberheistNews Vol 16 #21 [Heads Up] GitHub Breach Shows Developer Tools Are Social Engineering Targets Alert: Extortion Groups Are Using Phishing Kits to Automate Their Attacks Beyond the Chatbot: Why Your AI Agents are Your Newest (and Most Vulnerable) Colleagues Report: Adversarial Use of AI is Evolving
From Awareness to Digital Workforce Security
Martin Kraemer · 2026-07-11 · via Human Risk Management Blog

Evangelists-Martin KraemerSecurity must evolve from a static training program into dynamic, AI-powered human and AI risk orchestration embedded across the organization.

The traditional model of security awareness aimed to get a message into people’s heads and hope it stayed there long enough to stop insecure actions. Organizations trained, tested, reported a completion rate to the auditor, and moved on. Yet, incidents kept happening year over year, highlighting that human behavior contributes to the vast majority of all cyber incidents (62% according to the Verizon DBIR 2026).

The sector quickly realized the problem was not only bad content, poorly delivered, but that cybersecurity professionals were asking the wrong question. The real question always was: how do I shape an environment in which my entire workforce is most likely to behave securely?

Today, this reframing matters even more because the workforce itself has changed. Organizations now deploy AI agents that work alongside employees — reading the same inboxes, touching the same systems, and making decisions at machine speed. Protecting this workforce is no longer a training problem; it is a behavior orchestration problem that must be answered twice: once for humans, and once for agents.

Why Awareness Is No Longer Enough

The traditional model of compliance-driven training established a vital baseline for security awareness. However, as the threat landscape has grown more sophisticated, sustainable security requires moving from knowing to doing. Two distinct factors drive this natural evolution:

Attention: Hermann Ebbinghaus mapped this with his forgetting curve: without reinforcement, the majority of newly learned material decays over time. Because a phishing email rarely arrives on training day, the future of security requires continuous, bite-sized reinforcement rather than a single annual event.

Behavioral Design: Awareness alone does not automatically dictate action. B.J. Fogg’s behavior model illustrates that action only happens when motivation, ability and a prompt converge at the exact same moment. While traditional training builds motivation, we can now also address ability and timing.

The next step is to build an environment where people are seamlessly empowered to act securely, making the secure path the easiest one by prompting employees exactly when it matters most. This is how we elevate standard awareness into a sustainable security culture where people behave securely instinctively.

Agents That Behave Like Us

The workforce itself has changed. For 20 years we taught people to hover over links and verify the sender. Now we are deploying AI agents that read those same emails, summarize those same documents, and draft those same replies at machine speed. AI agents, however, do not possess the same conscience and caution that govern human behavior.

Consider the EchoLeak class of attack: a prompt-injection technique in which a malicious instruction, hidden inside ordinary content an AI assistant processes, causes the agent to leak sensitive data without the user ever clicking anything. The agent simply reads what an attacker planted, treats it as an instruction, and acts.

An agent can be socially engineered, manipulated through the content it consumes, and given an instruction it should refuse but follows anyway. We are deploying AI agents that are deliberately probabilistic and non-deterministic by design because the value they create outweighs the imperfection.

But compromise for AI agents looks different from “normal” software. It looks more like a bad decision taken by a human, but at machine speed and with limited transparency. To detect this, you need to understand what the agent was told, what it reasoned, and why. That information is stored in an agent’s context, its prompt, and its reasoning trace. Agent security demands its own layer operating at runtime, with its own visibility into intent. The same behavioral standard as for humans, but different mechanics.

Why This Cannot Be Done by Hand

Organizations cannot orchestrate behavior at this scale manually. AI-generated spear-phishing and adaptive attacks do not wait for your next quarterly campaign, and a human SOC cannot detect rogue AI agents at machine speed.

Furthermore, the only intervention that actually changes human behavior must be personal. Delivering the right content, to the right person, at the right moment requires AI agents of your own — the only mechanism fast and granular enough to match a workforce that changes by the hour.

One Digital Workforce, One Loop

The agentic enterprise cannot treat human risk and agent security as separate problems; it must treat them as an integrated challenge managed from a central point of view. Compartmentalizing these risks into separate scores fails for two reasons:

A lack of coordinated intervention: Three scores in three tools is not a single coordinated intervention. That requires a unified risk model and an intervention plan for adaptive responses. Only a platform that sees the whole workforce can decide what to do about it.

A lack of culture building: Culture is built through what people repeatedly experience. Managing disconnected vendors means disjointed narratives. One coherent experience spanning prevention, intervention and remediation across attack simulation, collaboration security and agent security turns a security message into something people internalize.

One loop to measure security risk for the entire workforce is the right approach. An integrated risk score and intervention plan tells organizations where to look and what to do next, turning every human and AI agent into a trusted, defensible part of the business.

The Bottom Line

Effective defense today includes important design-time decisions alongside runtime governance for your entire digital workforce. Awareness alone is no longer never sufficient, and neither was the interception of threats without behavior change.

Because AI agents are now running business processes alongside humans while being similarly vulnerable to manipulation, organizations must establish runtime governance, tools, and processes that work seamlessly for both.