AI
AI
AI
Untrained AI agents are easy security targets — they don’t know bad people exist, says KnowBe4 CEO
The dual-threat landscape of enterprise AI security is coming into focus. The same autonomous agents transforming workforce productivity are also expanding the attack surface — and most organizations have no governance framework to manage either risk.
As a matter of fact, the gap between adoption and governance has become the defining security risk of the current technological moment. Most enterprises do not yet have a trust and governance framework in place for the agents running inside their own systems, according to Bryan Palma (pictured), president and chief executive officer of KnowBe4 Inc. The solution starts with treating agents the way KnowBe4 once treated humans — as untrained assets that need to be understood before they can be secured, he added.
“[Agents] haven’t been trained, they don’t know. Think about them as elementary school students; they don’t know that there’s bad people out there that may misdirect them or want them to download malware,” Palma said. “We’re working right now very hard to make sure, one, we can inventory the agents. Second is to identify what are those agents doing — what do they have access to? What creates trust is transparency. If I know what you’re doing, then I’m more able to feel good about it.”
Palma spoke with Scott Hebner at KB4-CON 2026, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how KnowBe4 is extending its human risk management platform into agentic AI security and how the dual-threat landscape is reshaping enterprise cybersecurity strategy. (* Disclosure below.)
A dual-threat landscape demands both offense and defense
Enterprises are discovering that the same AI agents boosting productivity can just as easily become liabilities in the hands of bad actors — a dynamic that defines the emerging dual-threat landscape. KnowBe4 is responding with a two-sided platform strategy: AIDA, its Artificial Intelligence Defense Agents suite, automates and personalizes security awareness training for human employees, while its newly launched Agent Risk Manager helps organizations inventory, map and govern the AI agents already operating in their environments, Palma noted.
“What we do there is we help companies get an inventory of what agents are in their environment,” he said. “We want to make sure that our customers are able to identify those agents, and then we map what processes are they using, what they are connecting to — an email system, a financial system — to make sure that there’s transparency back to whoever the users are. The final step is we help put some policy and guardrails [in place] about what the agents can and can’t do.”
KnowBe4 draws on more than 15 years of behavioral data across more than 100 million users at 70,000 organizations to train its models, a differentiator that gives AIDA capabilities competitors cannot easily replicate, Palma explained. According to the KnowBe4 “State of Human Risk” 2025 report, 45% of cybersecurity leaders cite constantly evolving AI-powered threats as their single greatest challenge. On the AIDA platform alone, customers are already seeing individual risk scores drop by about four points compared with manually administered programs, Palma added.
The company is also expanding its ecosystem to cover the full range of large language models its customers use — starting with Microsoft Copilot, then moving to Gemini, Claude and ChatGPT — so that agent risk management is multi-LLM by design, according to Palma. While the cat-and-mouse dynamic of cybersecurity has not changed, the attack surface has expanded considerably.
“Agents increase the attack surface, and you’re going to hear about a lot of attacks, unfortunately, over the next year where agents were the vulnerability and caused bad things to happen in companies and organizations,” he said. “The whole concept of agents being deployed is incredibly important and productive … but a huge attack surface [comes with that], and you better believe the bad guys are going to be after it.”
Stay tuned for the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of KB4-CON 2026.
(* Disclosure: TheCUBE is a paid media partner for the KB4-CON 2026 event. Neither KnowBe4, the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Photo: SiliconANGLE
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
