KnowBe4 Adds Agent Risk Manager to Address AI Workforce Security Gap
KnowBe4 is launching Agent Risk Manager, a new product in technical preview designed to monitor and control AI agents operating inside enterprise workflows. The tool offers real-time discovery of AI agents, automated threat detection, cost controls, and contextual coaching for users interacting with agents.
The product integrates with Copilot, Claude, Gemini, and ChatGPT-the hosted models most enterprises are adopting. KnowBe4 positioned the release as a response to governance gaps: AI agents are entering business processes faster than security teams can establish controls.
Duren, KnowBe4's vice president of AI and data, said in an interview that protecting the "entire digital workforce" is a priority. The company cited processing more than 1.4 billion risk events and data showing 45% of cybersecurity leaders name constantly evolving AI threats as their single greatest challenge.
What's Behind the Product
Traditional security tools-SIEM and DLP systems-were built to monitor human users and data flows. They struggle with agent-specific threats: indirect prompt injection, permission creep across chained tool calls, and unrecorded data exfiltration through API calls.
Agents operating with privileged API access create a new risk surface. They can execute actions at scale without human oversight between steps. When an agent is compromised or misused, the blast radius expands quickly.
KnowBe4 launched AIDA Orchestration in Q1 2026 as the eighth agent in its Artificial Intelligence Defense Agents suite. The company frames agent security as distinct from user awareness training-a recognition that the threat model has shifted.
What Product Teams Should Watch
As enterprises adopt hybrid human-plus-agent workflows, three areas merit attention:
- Agent telemetry standards. How vendors instrument API calls across SaaS and cloud platforms will determine detection coverage. Watch for adoption of common telemetry schemas.
- Agent-specific IAM and cost controls. Organizations will need to enforce identity and access management at the agent layer, separate from user-level policies.
- Integration with existing security infrastructure. Independent evaluations and vendor partnerships with EDR and SIEM providers will show whether agent management tooling actually closes the gaps in real deployments.
For product development teams, the shift is practical: agent security is becoming a feature requirement, not an afterthought. Teams shipping AI integrations into workflows now need to account for agent-layer monitoring and governance from the start.
Learn more about AI Agents & Automation and how they fit into enterprise product strategy.
Your membership also unlocks:
