Artificial intelligence is quickly becoming part of the workforce. Not just chatbots answering questions, but autonomous agents that can interact with systems, access data, and perform tasks with minimal human involvement. That convenience comes with a new problem, and cybersecurity company KnowBe4 thinks the industry is not fully prepared for it.
The company today announced Agent Risk Manager, a new tool designed to monitor and control the behavior of AI agents operating inside organizations. The goal is straightforward. If businesses are going to let software agents act like employees, those agents need oversight just like employees do.
According to KnowBe4, the shift from AI that merely assists humans to AI that actively manages workflows introduces a brand new security gap. Many security products today still focus on static code analysis or traditional API protection. Agent Risk Manager instead focuses on what the AI actually does once it is running.
Greg Kras, chief product officer at KnowBe4, explains the issue plainly:
“The industry has spent years securing the human element, but today, AI agents are the newest members of our workforce. However, securing the prompt is only half the battle. Our Agent Risk Manager focuses on the output and actions of these agents, ensuring that as they move through your network, they do not become the ultimate shadow IT or a backdoor for sophisticated prompt injection attacks.”
In other words, protecting the prompt alone is not enough. Once an agent begins interacting with tools, databases, and other systems, the risk shifts from what it reads to what it actually does.
The platform introduces what KnowBe4 calls an operational layer that governs agent behavior in real time. That layer is meant to keep watch over agents as they run across corporate environments.
One feature called Behavioral Guardrails monitors agent activity and attempts to stop unauthorized data transfers or questionable automated actions before they cause problems. Another component tracks the permissions and tools each agent has access to, giving administrators a clearer view of how powerful a particular AI agent really is.
There is also a stress testing component designed to simulate attacks against AI agents. These adversarial tests attempt to trick agents with prompt injection attempts and other manipulation techniques that attackers might use.
The system also keeps an inventory of AI agents running across an organization’s environment. It logs activity, records actions, and provides an audit trail intended to help with compliance and incident response.
Another area KnowBe4 is focusing on what it calls “runaway agents.” These are automated systems that start making excessive API calls or running large volumes of queries, sometimes racking up cloud costs or overwhelming systems before anyone notices.
Kras says the security landscape is evolving beyond just human error:
“We are moving from a world of human risk to universal risk. Whether it is a human being tricked by a deepfake or an AI agent being manipulated by a malicious prompt, KnowBe4 is the only platform capable of defending both.”
The launch also aligns with Identity Management Day, an industry initiative that focuses on improving identity security across digital systems. In the age of AI agents, identity management is no longer just about employees logging in. It may soon include software agents acting on behalf of organizations.
KnowBe4 says Agent Risk Manager will be available globally as part of its HRM+ platform. As companies continue experimenting with AI driven workflows, tools like this could become more common.
Whether businesses truly need dedicated guardrails for AI agents is still up for debate, but one thing seems clear. If AI agents are going to behave like coworkers, someone will eventually have to keep an eye on them.
Support independent tech journalism
NERDS.xyz is independently owned and operated. If you enjoy my coverage of Linux, AI, hardware, cybersecurity, and tech culture, consider supporting the site on Ko-fi.
Support NERDS.xyz