惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Vercel News
Vercel News
The GitHub Blog
The GitHub Blog
博客园 - 【当耐特】
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Recent Announcements
Recent Announcements
D
Docker
GbyAI
GbyAI
酷 壳 – CoolShell
酷 壳 – CoolShell
WordPress大学
WordPress大学
The Cloudflare Blog
雷峰网
雷峰网
A
About on SuperTechFans
小众软件
小众软件
博客园 - Franky
博客园 - 聂微东
F
Full Disclosure
大猫的无限游戏
大猫的无限游戏
C
Check Point Blog
MongoDB | Blog
MongoDB | Blog
G
Google Developers Blog
Microsoft Azure Blog
Microsoft Azure Blog
U
Unit 42
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
V
V2EX
Engineering at Meta
Engineering at Meta
宝玉的分享
宝玉的分享
aimingoo的专栏
aimingoo的专栏
量子位
P
Proofpoint News Feed
Hugging Face - Blog
Hugging Face - Blog
博客园_首页
罗磊的独立博客
Martin Fowler
Martin Fowler
D
DataBreaches.Net
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
S
Secure Thoughts
Project Zero
Project Zero
L
LangChain Blog
阮一峰的网络日志
阮一峰的网络日志
C
Cybersecurity and Infrastructure Security Agency CISA
T
Tailwind CSS Blog
S
Schneier on Security
Blog — PlanetScale
Blog — PlanetScale
The Hacker News
The Hacker News
Spread Privacy
Spread Privacy
Security Latest
Security Latest
NISL@THU
NISL@THU
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
C
CXSECURITY Database RSS Feed - CXSecurity.com
J
Java Code Geeks

Human Risk Management Blog

Trust, Verify, Protect: Modernizing Email Security for the Cloud Report: Social Engineering Remains a Central Part of AI-assisted Attacks ClickFix Social Engineering is Now the Leading Malware Delivery Method CyberheistNews Vol 16 #28 Your 2026 Phishing by Industry Benchmarks: The Findings on Human Risk Scammers Can Use AI Tools to Pinpoint Your Location Based on a Photo Report: Attackers Are Using AI to Automate Social Engineering Your KnowBe4 Fresh Compliance Plus Content Updates from June 2026 From Awareness to Digital Workforce Security Your KnowBe4 Fresh Content Updates from June 2026 Threat Actor Uses Phishing to Breach Orgs for Ransomware Gangs Invoice Phishing Attacks Are Abusing the Shop App Phishing Campaign Impersonates Interpol to Deliver Ransomware Prompt Injection and the Rise of Agentic Risk Hyper-Targeted Social Engineering Needs Real-Time Video Response Your Email is Protected. Is Your Teams Chat? CyberheistNews Vol 16 #27 [HOW TO] Your Cybersecurity Starts at Home on World Social Media Day 2026 Phishing by Industry Benchmarking Report: Findings on Human Risk Static DLP Is Leaving You in the Dark: Why It’s Time for Intelligent, Self-Serve Outbound DLP and Misdirected Content Analysis INC Ransomware Gang Targets the Legal Sector 5 Essential Cybersecurity Defenses for Cloud Email Security Cybercriminals Are Targeting the FIFA World Cup 2026 Why Bite-Sized Security Awareness Training Matters in an Age of TikTok and Digital Distraction Happy 3rd Birthday to Our KnowBe4 Community! Phishing Exposes Employee Data at 86% of Fortune 100 Companies Shadow AI Is Not Shadow IT With a Better Marketing Budget CyberheistNews Vol 16 #26 A New Extortion Scam Uses IT Impersonation to Breach Organizations Cybersecurity Starts At Home This World Social Media Day FTC Report: Americans Lost $3.5 Billion to Imposter Scams Last Year Report: Device Code Phishing is Surging Report: Online Shoppers Increasingly Ignore Scam Warning Signs Security Training Needs Google Maps, Not Christopher Columbus Turn Account Takeover Into Real-Time Security Coaching Extortion Gang Sends In-Person Attackers to Exfiltrate Data Attackers aren’t loyal to any collaboration channel CyberheistNews Vol 16 #25 [The AI Tell] How To Expose Machine-Written Phishing Fast Social Engineering Attacks Abuse Workplace Collaboration Tools New Extortion Brand Uses IT Impersonation to Breach Organizations APWG Report: Social Media Phishing is Surging Cybersecurity Awareness Training for AI: Key Focus Areas Americans Lost $900 Million to AI-Powered Scams Last Year What AI Can’t Hide When It Writes a Phishing Email Your AI Agents Are Eager to Please And Easy to Exploit From 1% to 26%: How AIDA Orchestration Fixes the Remedial Training Gap Best AI Agent Security Tools for SMB and Enterprise in 2026 4 Hot Summer Travel Tips To Avoid Scams CyberheistNews Vol 16 #24 [FBI Alert] Lock Down Your Microsoft 365 Device Code Flows Now The Role of Agentic AI in Phishing Security Training A Credit Score for Cyber Behavior Agentic AI Security in 2026: What to Know How to Secure AI Agents: 4 Best Practices An Overview of Email Compliance Regulations and Reporting Report: AI-Assisted Fraud is Surging Attackers Use Spoofed ChatGPT Site to Deliver Malware I Love Device-Bound Session Credentials, But They Are Still Phishable and Hackable Nearly Two-Thirds of CEOs Cite Cyberattacks as Their Top Concern A Look at Spam vs. Phishing: 4 Key Differences KnowBe4 Wins Multiple 2026 TrustRadius Top Rated Awards Cyber Insurance for Mid‑Market Organizations in Southeast Asia KnowBe4 Earns Multiple 2026 Buyer's Choice Awards from TrustRadius The New Frontier: Securing Japan’s Hybrid Digital Workforce (2026 & Beyond) CyberheistNews Vol 16 #23 Now Phishing Attacks Use Real Hotel Reservations to Target Travelers Report: AI-Enabled Social Engineering Attacks Are on the Rise Your KnowBe4 Fresh Compliance Plus Content Updates from May 2026 FBI: Kali365 Phishing Kit is Targeting Microsoft 365 Accounts KB4-CON - AI Is Everything How to Secure AI Adoption In Your Organization Your KnowBe4 Fresh Content Updates from May 2026 The Silent Invitation: A Deep Dive into Calendar Invite Phishing Cyber Insurance for Mid‑Market Organizations in Southeast Asia Chinese-Language Phishing Kits Are Growing More Advanced Phishing Attacks Are Using Real Hotel Reservation Info to Target Travelers Warning: Scammers are Exploiting Geopolitical Unrest Athletes Are Increasingly Targeted by Social Engineering Attacks AI Agent Governance Part 3 - Runtime Governance: The Hidden Performance Cost of Agentic AI AI Agent Governance Part 2 - What Good Looks Like: Governing AI Agents in Practice 8 Ways to Reduce False Positives in Email Security Ransomware Attacks Drive a Surge in Cyber Insurance Claims My Favorite 5 KnowBe4 Agents Perry Carpenter KB4-CON 2026 Q&A: Deepfakes & Deception Free Gift Fallacy: How Attackers Harvest Credit Cards via Fake Surveys When Global Conflict Becomes a Cyber Weapon: How Iran Tensions and Other Stressful Events Fuel Social Engineering Attacks CyberheistNews Vol 16 #21 [Heads Up] GitHub Breach Shows Developer Tools Are Social Engineering Targets Alert: Extortion Groups Are Using Phishing Kits to Automate Their Attacks Report: Adversarial Use of AI is Evolving
Beyond the Chatbot: Why Your AI Agents are Your Newest (and Most Vulnerable) Colleagues
KnowBe4 Team · 2026-05-27 · via Human Risk Management Blog

The era of "typing into a box" is over. For years, we viewed artificial intelligence as a digital assistant—a sophisticated autocomplete tool that waited for human input. But according to Martin Kraemer, KnowBe4’s CISO Advisor for Europe and the Middle East, that dynamic has shifted. We have moved from asking AI questions to giving AI jobs.

In a recent deep-dive webinar, Martin explored the transition from AI tools to AI agents. These agents don’t just suggest text; they read emails, query proprietary documents, book meetings, and even write code—often without a human watching every step.

"AI has really become our digital colleague," Martin notes. "And that is the unique angle we are looking at: the hybrid workforce where humans and AI agents work side by side."

As these agents integrate deeper into our workflows, they bring a new set of security challenges that traditional perimeters aren't equipped to handle. Here are the key takeaways from Martin’s session on securing AI adoption.

The Four Traits Your AI Agent Shares With Your Staff

To secure AI, we must first recognize that agents behave more like employees than software. Martin identified four traits that AI agents share with your human workforce:

  1. Access: Just like a human, an agent has credentials to access mailboxes, file shares, and code repositories.
  2. Judgment Calls: AI is non-deterministic. Ask it the same question twice, and you might get two different actions—much like a human colleague.
  3. Influence: Agents can be swayed by the information they consume, making them susceptible to a digital form of social engineering.
  4. Agency: They act on behalf of a user, often inheriting permissions that may exceed what is necessary for a specific task.

The "Confused Deputy:" Why Agents are Easier to Manipulate

The most striking difference between a human colleague and an AI agent is the lack of "gut feeling." A human might hesitate if a request feels "off," but an AI agent complies by default.

Martin highlighted that 73% of production AI deployments have an exploitable prompt injection vulnerability, yet only 33% of organizations have deployed dedicated defenses. This gap leads to what security experts call "Shadow AI"—where employees use unsanctioned tools, or vendors enable AI features by default without IT’s knowledge.

"We spent 20 years teaching humans not to trust every email they read, and now we’ve just deployed AI agents that do exactly that," says Martin.

Social Engineering: Now for Machines

The webinar detailed how the classic "ingredients" of social engineering—authority, urgency, and trust—are being repurposed to target AI:

  • Indirect Prompt Injection: Hiding malicious instructions in a document (using white text on a white background) that the agent is asked to summarize. The human never sees it, but the agent follows it.
  • The Echo Leak: A vulnerability where an agent, while summarizing a benign email, is tricked into exfiltrating data via a markdown link to an attacker’s domain.
  • Context Manipulation: "Jailbreaking" an agent by framing a harmful request as "research" or "fiction" to bypass safety guardrails.

How to Onboard Your AI Safely

Security shouldn't be about saying "no"—it should be about "Yes, and here is how." Martin suggests a governance framework based on three categories: Sanctioned (Enterprise-grade with SSO), Guided (limited use cases), and Prohibited (consumer tools that train on your data).

To achieve "zero invisible AI risk," organizations should follow these steps:

  • Create an Inventory: You cannot protect what you don't know exists. List every tool, agent, and integration.
  • Apply "Least Privilege" by Task: Don't let an agent inherit a user's entire role; limit its access to the specific task at hand.
  • Prompt Hygiene Training: Just as we train for phishing, we must train for prompt safety.
  • Human-in-the-Loop: For sensitive actions, ensure a human is required to verify the agent's output.

Get the Full Picture

The webinar also featured a first look at KnowBe4’s Agent Risk Manager, a new tool designed to surface "Shadow AI" signals and detect risky agent behaviors like sensitive info disclosure and unbounded consumption.

Are you ready to start "onboarding" your AI agents with the same rigor you use for human hires? This session is a must-watch for any security leader navigating the "Wild West" of AI adoption.

Watch the full webinar here to see the live demos and learn how to close the gap between AI productivity and organizational security.