Agent risk management is evolving rapidly as AI moves into consequential decision-making arenas, collapsing the boundary between human and machine risk across the enterprise.

The dual-threat landscape now confronting enterprises means no longer worrying about humans and phishing emails — now they have to account for non-human digital workers as well. Those AI agents are being onboarded into business workflows at a pace that outstrips governance, and the same speed that makes them incredibly productive makes them undeniably dangerous when compromised, according to Matt Duren (pictured), vice president of AI and data at KnowBe4 Inc.

“The things that we’re able to do with modern AI are so, so impactful, so much more intelligent,” Duren said. “Most leaders have found that they don’t have a choice [between human and digital workers]. AI is getting used by everyone in every industry and every job role. What my focus is on right now this year is: How can we get out there and have the same level of protection for the entire digital workforce?”

Duren spoke with theCUBE’s Scott Hebner at KB4-CON 2026, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how KnowBe4 is extending agent risk management to secure the full digital workforce of humans and AI. (* Disclosure below.)

Securing the full digital workforce with agent risk management

The stakes for agent risk management are rising alongside the scale of deployment. KnowBe4’s own “State of Human Risk” 2025 report found that 45% of cybersecurity leaders cite constantly evolving AI-powered threats as their single greatest challenge, and KnowBe4 is responding on different fronts, Duren noted. Its AIDA Orchestration capability — launched in Q1 2026 as the eighth agent in the Artificial Intelligence Defense Agents suite — autonomously creates, schedules and personalizes phishing simulations and security awareness training at the individual user level, drawing on more than 1.4 billion processed risk events to tailor each intervention. On the agent side, its Agent Risk Manager product — currently in tech preview — gives security teams visibility into the AI agents operating across their organization.

“We really want to make sure that security teams understand what agents are there,” Duren said. “What they’re doing, what they have access to, how humans are interacting with those agents and then ultimately, how they impact their business and their workforce.”

The engine underneath both products is KnowBe4’s SmartRisk score — now built on 316 indicators spanning human behavior and, increasingly, AI agent activity. The company redesigned the scoring system to prioritize explainability, giving security teams clear visibility into why a score is rising or falling, and soon, AI-generated analysis that surfaces recommendations and insights at both the individual and organizational level, Duren explained.

“The previous risk score … was something that really didn’t have very much explainability because we were using custom trained AI models that we produced ourselves,” Duren said. “We’ve updated that. We’ve given lots of complex algorithmic type of approaches to the score now that, on our side, heavily involve AI and agents as well.”

The model architecture powering these capabilities is deliberately hybrid. Rather than committing to a single foundation model, KnowBe4 follows a principle of using the right model for the right job, depending on the task. That flexibility allows the engineering team to optimize for cost, accuracy, and latency across a growing fleet of agents that Duren described as closer to 10 or 20 distinct systems depending on how they are counted. What ties it all together is trust. With more than half of chief information security officers actively holding back AI rollouts because they cannot yet verify what agents are doing or why, the explainability gap is as much a business problem as a security one, he added.

“It’s a pause and, in a lot of ways, it’s a dangerous pause,” Duren said. “The companies that have figured that out, they’re able to move at a speed that we’ve never seen before. Agents move at machine speed — even small risks that are introduced there can really be exploited quickly.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of KB4-CON 2026:

(* Disclosure: TheCUBE is a paid media partner for the KB4-CON 2026 event. Neither KnowBe4, the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE