By Roger A. Grimes and Matthew Duren
AI agents can deliver incredible productivity gains, but their operational complexity makes effective threat modeling harder than ever, including for developers, administrators and especially end users. At the same time, both developers and non-developers are increasingly vibe-coding, or using AI to generate functional software from natural language prompts. While this dramatically accelerates innovation, it also creates massive volumes of code in minutes, introducing new opportunities for mistakes, misconfigurations, and security vulnerabilities.
Layer in the rapid rise of shadow AI and cyber risk begins to scale quickly.
Introducing KnowBe4 Agent Risk Manager (ARM)
KnowBe4’s Agent Risk Manager (ARM) helps organizations identify, monitor and reduce the risks introduced by AI agents operating across the enterprise.
ARM integrates directly with your primary AI platform (e.g., Copilot, Gemini, Claude) to provide centralized visibility and oversight. Once deployed, ARM:
- Discovers and inventories AI agents and their capabilities
- Identifies connected tools and data sources (email, calendars, file repositories, etc.)
- Monitors activity including prompts, outputs, connections, and actions
- Maintains detailed audit logs for transparency and compliance
- Detects risky or anomalous behavior and alerts administrators
- Delivers real-time user coaching when behavior introduces risk (e.g., entering sensitive data into prompts)
- Enables future policy enforcement, including blocking high-risk actions by default
Why AI Agents Introduce Unique Risk
Most users do not fully understand the risks introduced when enabling and interacting with AI-powered tools. Even experienced administrators often lack clear instrumentation into what an agent can access, what actions it can take, or how those capabilities evolve over time.
At the same time, AI lowers the barrier to building powerful integrations. Non-engineers can now assemble workflows that connect email, calendars, documents, and third-party applications, often without considering whether those connections introduce security or compliance exposure.
Imagine an employee installs a new AI agent promoted by a popular influencer. The tool promises to:
- Read and prioritize email
- Automatically schedule meetings
- Manage workflows
- Save hours of work each week
The agent has millions of downloads and glowing reviews online. What the user doesn’t realize:
- The agent was vibe-coded by someone without secure development experience
- It contains exploitable vulnerabilities
- It sends email metadata and document content back to an external cloud service for “training purposes”
- The data-sharing clause was buried in the end-user license agreement
Without visibility into installed agents and their evolving capabilities, both users and administrators are left exposed. AI agents can introduce continuous and compounding risk, often without obvious warning signs.
ARM changes this dynamic by providing real-time awareness of:
- Newly installed agents
- Expanding agent capabilities
- External data connections
- Potential exfiltration risks
Now multiply this scenario across dozens, or hundreds, of AI-enabled workflows.
Familiar Threats, New Attack Surfaces
AI operates at machine speed, not human speed. And while many AI-related threats resemble traditional attack techniques, they often scale faster and behave differently.
Examples include:
- Prompt Injection – Similar to SQL injection, manipulating AI instructions to produce unintended actions
- Indirect Prompt Injection – Comparable to cross-site scripting attacks
- Unbounded Consumption – Resource abuse similar to denial-of-service attacks
- Privilege Escalation – Agents gaining unintended access to sensitive systems
- Sensitive Data Exposure – Confidential information included in prompts or outputs
- Content Safety Risks – AI generating inappropriate or harmful material
- Agent Overreach – Agents taking actions beyond intended scope
Many of these risks align with guidance from OWASP’s Top 10 for LLM Applications.
How ARM Provides Visibility and Control
Agent Risk Manager continuously inventories:
- Installed agents within supported AI platforms
- Integrated applications and connected data sources
- Actions agents are authorized to perform
- Prompts, outputs, and behavioral patterns
All activity is analyzed and presented through an administrative dashboard, enabling security teams to quickly identify anomalies and prioritize response. Returning to the earlier example, ARM would:
- Detect the installation of the new AI agent
- Identify its access to email and document repositories
- Observe unusual data flows or risky prompt activity
- Alert administrators to potential data exposure risks
- Coach users in real time to prevent sensitive information disclosure
Security teams gain the visibility needed to manage AI risk proactively without slowing innovation.
Preparing for an AI-Driven Future
Organizations are rapidly moving toward environments where employees interact with hundreds of AI agents.
The question is no longer whether AI agents will be used inside your organization. The question is whether you will have the visibility, governance and risk controls in place to manage them effectively. AI adoption is accelerating and risk management must accelerate with it.
