CyberheistNews Vol 16 #16 How Identity at the Edge Highlights the New Frontiers of Trust

How Identity at the Edge Highlights the New Frontiers of Trust

By Dr. Kawin Boonyapredee, KnowBe4 CISO Advisor

Each year, Identity Management Day (IMD) serves as a global reminder that managing digital identities is more than a technical requirement; it is a cornerstone of modern trust. Now in its sixth year, IMD continues to emphasize how identity itself is evolving, stretching beyond human users to encompass machines, automated agents and even AI-generated personas.

In 2026, identity management is not just about who you are; it is about what represents you, who acts on your behalf and how these digital stand-ins are verified, monitored and secured.

This year's theme, "Finding Identity: The search for you, me, and the machines," highlights the importance of understanding and preparing for this evolving and ever-changing landscape, including the modern workforce.

The Expanding Definition of Identity

Originally, identity management focused on human users — verifying employees, managing access rights and keeping phishing at bay. But the explosion of machine identities (from APIs and IoT devices to bots and AI agents) has transformed that landscape.

Consider this: for every human identity in a large enterprise, there may now be hundreds or thousands of non-human ones, appropriately called Non-Human Identities (NHIs). Each API key, service account and automated pipeline represents a potential attack vector if not properly secured.

As AI systems gain more autonomy, the concept of identity becomes even more fluid and complex. Such autonomous AI systems are called "agentic," capabilities to act independently on behalf of humans or organizations.

In this new paradigm, orchestration is key: organizations must manage not only who can access what, but also how those entities (human or non-human) interact, delegate and authenticate.

Phishing Evolution Gains Massive Momentum

Microsoft reported that in 2025, AI-automated phishing emails achieved more than a 50% click-through rate. This is significantly higher than standard phishing attacks, so enterprises must adapt to AI-powered adversarial attacks by fighting AI with AI.

Almost every organization has reportedly leveraged AI and LLM processes to enhance their overall identity security strategies; however, this comes with even more risk. Shadow AI and the use of these tools leaves organizations a larger attack surface than traditionally known.

[CONTINUED] Blog post with links:
https://blog.knowbe4.com/identity-at-the-edge-how-the-sixth-annual-identity-management-day-highlights-the-new-frontiers-of-trust

Stop Threats Where They Start, Your Users' Inbox

A breach is the fastest way to lose customer trust. Despite existing defenses, sophisticated AI-powered phishing and negligent employee sends are still slipping through the cracks. Protecting your brand requires a defense-in-depth approach.

Join our live demo to see how KnowBe4's Cloud Email Security can help you detect the full spectrum of threats, both inbound attacks and outbound data loss.

Learn how to:

• Collapse your critical response gap to seconds, not hours
• Identify attacks that traditional filters miss in your Microsoft 365 environment
• Stop negligent or malicious data exfiltration
• Extend your team's abilities to identify errors and threats with behavioral AI
• Customize your incident response workflows

Plus, get an exclusive preview of the latest capabilities in Cloud Email Security. Secure your organization's reputation and compliance by defending against both inbound and outbound email threats.

Date/Time: TOMORROW, Wednesday, April 22 @ 1:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/ces-demo-month-1?partnerref=CHN

New KnowBe4 Agent Risk Manager Addresses Pervasive AI Agent Risk

By Roger A. Grimes and Matthew Duren

AI agents can deliver incredible productivity gains, but their operational complexity makes effective threat modeling harder than ever, including for developers, administrators and especially end users. At the same time, both developers and non-developers are increasingly vibe-coding, or using AI to generate functional software from natural language prompts.

While this dramatically accelerates innovation, it also creates massive volumes of code in minutes, introducing new opportunities for mistakes, misconfigurations and security vulnerabilities.

Layer in the rapid rise of shadow AI and cyber risk begins to scale quickly.

Introducing KnowBe4 Agent Risk Manager (ARM)

KnowBe4's Agent Risk Manager (ARM) helps organizations identify, monitor and reduce the risks introduced by AI agents operating across the enterprise.

ARM integrates directly with your primary AI platform (e.g., Copilot, Gemini, Claude) to provide centralized visibility and oversight. Once deployed, ARM:

• Discovers and inventories AI agents and their capabilities
• Identifies connected tools and data sources (email, calendars, file repositories, etc.)
• Monitors activity including prompts, outputs, connections and actions
• Maintains detailed audit logs for transparency and compliance
• Detects risky or anomalous behavior and alerts administrators
• Delivers real-time user coaching when behavior introduces risk (e.g., entering sensitive data into prompts)
• Enables future policy enforcement, including blocking high-risk actions by default

Why AI Agents Introduce Unique Risk

Most users do not fully understand the risks introduced when enabling and interacting with AI-powered tools. Even experienced administrators often lack clear instrumentation into what an agent can access, what actions it can take or how those capabilities evolve over time.

At the same time, AI lowers the barrier to building powerful integrations. Non-engineers can now assemble workflows that connect email, calendars, documents and third-party applications, often without considering whether those connections introduce security or compliance exposure.

Imagine an employee installs a new AI agent promoted by a popular influencer. The tool promises to:

• Read and prioritize email
• Automatically schedule meetings
• Manage workflows
• Save hours of work each week

The agent has millions of downloads and glowing reviews online. What the user doesn't realize:

• The agent was vibe-coded by someone without secure development experience
• It contains exploitable vulnerabilities
• It sends email metadata and document content back to an external cloud service for "training purposes"
• The data-sharing clause was buried in the end-user license agreement

Without visibility into installed agents and their evolving capabilities, both users and administrators are left exposed. AI agents can introduce continuous and compounding risk, often without obvious warning signs.

ARM changes this dynamic by providing real-time awareness of:

• Newly installed agents
• Expanding agent capabilities
• External data connections
• Potential exfiltration risks

Now multiply this scenario across dozens or hundreds of AI-enabled workflows.

Familiar Threats, New Attack Surfaces

AI operates at machine speed, not human speed. And while many AI-related threats resemble traditional attack techniques, they often scale faster and behave differently.

Examples include:

• Prompt Injection – Similar to SQL injection, manipulating AI instructions to produce unintended actions
• Indirect Prompt Injection – Comparable to cross-site scripting attacks
• Unbounded Consumption – Resource abuse similar to denial-of-service attacks
• Privilege Escalation – Agents gaining unintended access to sensitive systems
• Sensitive Data Exposure – Confidential information included in prompts or outputs
• Content Safety Risks – AI generating inappropriate or harmful material
• Agent Overreach – Agents taking actions beyond intended scope

Many of these risks align with guidance from OWASP's Top ten for LLM Applications.

[CONTINUED] Blog post with links:
https://blog.knowbe4.com/agent-risk-manager-ai-security

Automate Incident Response and Maximize SOC Efficiency

Your security team is drowning in alerts, and threats are slipping through. With SOC teams facing more than 4,400 daily alerts, over 40% of which are false positives, many organizations are drowning in backlogs. The result? A five-hour response gap that leaves threats sitting in your employee inboxes for days or weeks.

Stop gambling with unaddressed alerts with technology that collapses the time-to-containment from hours to minutes.

During this demo, you'll discover how PhishER Plus eliminates the dangerous vulnerability window between threat detection and containment by combining triple-validated threat intelligence with human oversight:

• Accelerate Response times with AI-powered automation that allows you to code custom rules in plain-English, reduce manual email review time by up to 99% and eliminates alert fatigue
• Leverage unmatched threat intelligence from 13+ million global users, KnowBe4 Threat Research Lab and leading third-party integrations, catching zero-day threats that bypass SEGs and other ICES defenses
• Maintain complete visibility and control over AI-driven decisions with PhishML Insights, eliminating black-box uncertainty and reducing false positives that waste $875K annually
• Remove threats automatically from all mailboxes with Global PhishRIP before users can interact with them, eliminating the risk of employees otherwise falling for the attack
• Convert real attacks into targeted training opportunities with PhishFlip, reinforcing vigilant employee behavior while showcasing security awareness gaps

Discover how PhishER Plus customers achieve 650% ROI within the first year. Transform your employees into your most valuable defenders while meeting SOC efficiency targets.

Date/Time: TOMORROW Wednesday, April 22 @ 2:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/phisher-demo-1?partnerref=CHN2

Your Guide to Beating 2026's Phishing Epidemic

In 2026, the threat landscape has shifted from scattergun to hyper-automation of sophisticated threats. AI-driven toolkits aren't new, it's what they're doing that matters. With top threat actors achieving greater scale and agility, the window to detect and react has all but vanished.

Join for a first look at the 2026 Phishing Threat Trends Report. Jack Chapman, KnowBe4's SVP of Threat Intelligence, will break down the data from extensive analysis of phishing attacks that successfully landed in users' inboxes in 2026. Get the intelligence you need for proactive risk management.

You'll gain insight into:

• The latest tactics, techniques and procedures behind the criminal landscape in email security and the reality of how AI is changing the threat landscape
• How multi-channel threats continue to evolve and why Teams-based attacks have surged 41%
• Dealing with the 139% spike in sophisticated M365 credential theft
• How a 49% surge in fake invites is weaponizing business processes to manufacture instant urgency
• Battle-tested guidance to transform your cloud email security from reactive to proactive

Don't miss this exclusive preview of the new 2026 Phishing Threat Trends Report, and earn CPE for attending!

Date/Time: Wednesday, April 29 @ 1:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/2026-phishing-threat-trends-report?partnerref=CHN

Let's stay safe out there.

Warm regards,

Stu Sjouwerman, SACP
Executive Chairman
KnowBe4, Inc.

PS: You can still register for KB4-CON!! May 12-14 on Sunny Orlando FL:
https://knowbe4.cventevents.com/event/5d3dfce6-ccb0-482d-83bb-0481ea07617f/register

PPS: My latest article is live on Forbes: How The Best Marketing Teams Are Building Smarter AI Foundations:
https://www.forbes.com/councils/forbestechcouncil/2026/04/17/how-the-best-marketing-teams-are-building-smarter-ai-foundations/

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-16-16-how-identity-at-the-edge-highlights-the-new-frontiers-of-trust

Report: Number of US Ransomware Victims Spiked in Q1 2026

The number of recorded ransomware victims remained steady in the first quarter of 2026, though the number of victims in the U.S. surged, according to a new report from Emsisoft.

"The United States accounted for 64.7% of all recorded victims, a significant increase from 48% in Q1 2025," the report says. "This sharp rise suggests either improved visibility into U.S.-based incidents, increased targeting or both. Meanwhile, Germany moved into the #2 position, displacing Canada, which had previously held that spot."

The researchers also highlight an increase in nation-state-sponsored ransomware and wiper attacks amid the wars in Russia–Ukraine and Iran. "Q1 2026 reinforces a critical reality: ransomware is no longer defined solely by financial extortion, but increasingly by its role as a tool of disruption within a broader geopolitical and technological shift," Emsisoft says.

"While overall incident volumes remain relatively flat, structural changes in the ecosystem—rising group fragmentation, geographic concentration in high-value economies such as the U.S. and the emergence of more destructive, ideologically motivated campaigns—signal a meaningful evolution in risk."

AI-assisted attacks are also a growing concern as LLM technology improves. Emsisoft outlines the following AI-related concerns that have recently come to the forefront:

• "The use of generative AI to create highly personalized, convincing and scalable spear-phishing and deepfake phishing attacks
• Seemingly benevolent open-source AI agentic tools like OpenClaw can introduce significant security risks
• Anthropic's claims that its Claude Mythos Preview was able to discover and exploit zero-days that have existed, undiscovered, for years. The risk was deemed so significant that it's only been released to a limited group of companies (presumably, the adults in the room)"

AI-powered security awareness training gives your organization an essential layer of defense against evolving social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day.

Emsisoft has the story:
https://www.emsisoft.com/en/blog/47562/the-state-of-ransomware-in-q1-2026/

Survey: Security Leaders Emphasize Need for Workforce Education

A new survey from LevelBlue has found that a majority of Chief Technology Officers (CTOs) believe the human-related elements of their cybersecurity strategies are falling short. These concerns are exacerbated by the emergence of new threats, such as AI-assisted attacks.

"CTOs have identified a serious need for cybersecurity education across the enterprise," LevelBlue says. "As many as 60% believe it is becoming more difficult for employees to discern genuine interactions from fake, which poses a significant threat to defenses.

"Little wonder that over the next 12 months the top four most likely types of attack all arise from workforce vulnerabilities. For example, 57% say ransomware attacks are imminent and 50% say the same about business email compromise."

The researchers also say that workforce security education should be aligned with business goals in order to ensure that the rest of the executive suite understands the benefits.

"The data also shows that better alignment of company leadership on the realities of cyber resilience will be essential to prepare for new and emerging cyber threats," the report says. "Whereas 42% of CTOs say they are investing significantly in cyber-resilience processes across the business, just 33% of the total sample say the same.

"This gap indicates the ambitious nature of CTOs' plans for a more unified organization. To achieve this alignment, CTOs should focus on calibrating cybersecurity risk management with business risk appetite (more than a third describe current measures as stalling or ineffective) and defining metrics and KPIs that connect cybersecurity with business outcomes (33% say current efforts are inadequate)."

LevelBlue has the story:
https://www.levelblue.com/resources/research-reports/cyber-resilience-insights-for-ctos

What KnowBe4 Customers Say

"I wanted to take a moment to recognize Blair for the outstanding support he's provided during the onboarding of the platform. From start to finish, Blair has been incredibly responsive, knowledgeable and easy to work with.

"I have recently been in onboarding meetings with other vendors, and the experience with Blair has stood out as exceptional. He's a credit to your team!"

- A.P., Senior Risk Specialist

1. FBI Dismantles $20 Million Phishing Operation W3LL:
   https://www.infosecurity-magazine.com/news/fbi-dismantles-phishing-operation/
   
   
2. Omnistealer uses the blockchain to steal everything it can:
   https://www.ransom-isac.com/blog/cross-chain-txdatahiding-crypto-heist-part-4/
   
   
3. UK warns businesses to address cyber risks amid Anthropic AI panic:
   https://therecord.media/anthropic-mythos-uk-cyber-risk
   
   
4. From Phishing to Deepfakes: Social Engineering Risks are Intensifying for Professional Service Firms:
   https://www.aon.com/risk-services/professional-services/from-phishing-to-deepfakes-social-engineering-risks-are-intensifying-for-professional-service-firms
   
   
5. "iCloud storage is full" scam is back, and now it wants your payment details:
   https://www.malwarebytes.com/blog/news/2026/04/icloud-storage-is-full-scam-is-back-and-now-it-wants-your-payment-details
   
   
6. UAC-0247 Hits Hospitals, Governments With Browser and WhatsApp Data Theft:
   https://gbhackers.com/uac-0247-hits-hospitals/
   
   
7. Recovery scammers hit you when you're down. Here’s how to avoid a second strike:
   https://www.welivesecurity.com/en/scams/recovery-scammers-hit-when-down-avoid-second-strike/
   
   
8. Two U.S. Nationals Sentenced for $5 million North Korea Tech Worker Fraud Scheme;
   https://www.justice.gov/opa/pr/two-us-nationals-sentenced-facilitating-fraudulent-remote-information-technology-worker
   
   
9. Insurance agency sues Citibank over alleged $1.5 million social engineering theft:
   https://www.insurancebusinessmag.com/us/news/claims/insurance-agency-sues-citibank-over-alleged-1-5-million-social-engineering-theft-572123.aspx
   
   
10. OpenAI unveils GPT-5.4-Cyber, an AI model for defensive cybersecurity:
    https://9to5mac.com/2026/04/14/openai-unveils-gpt-5-4-cyber-an-ai-model-for-defensive-cybersecurity/
    
    

• Virtual Vaca #1 - Rocamadour: France's Medieval Sanctuary Clinging to the Cliff:
  https://youtu.be/s9KTrCBWZEI
  
  
• Virtual Vaca #2 - Lake Como, Italy in 8K:
  https://youtu.be/ISMpqKc9sJ0
  
  
• Virtual Vaca #3 - PATAGONIA in 4K - The Hidden Fjords of the Darwin Route:
  https://youtu.be/MPUwEJYuE28
  
  
• Stunt pilot Dario Costa makes aviation history by landing his 400-horsepower race plane on a moving cargo train at 120 km/h — and then taking off again!:
  https://www.flixxy.com/pilot-lands-a-plane-on-a-moving-train-then-takes-off-again.htm?utm_source=chn&utm_medium=email
  
  
• The Most High-Tech Muscle Car Ever Built!:
  https://youtu.be/bLmqTZVkjy8
  
  
• [FUN] Spot's To Do List with Boston Dynamics:
  https://youtu.be/LP4-c5AK30g
  
  
• Epic Wingsuit Flight in the Heart of the Dolomites:
  https://youtu.be/J7RzLmmHBeY
  
  
• Back to Canada: Wingsuit BASE Jumping The Chief:
  https://youtu.be/FCCKeb_oiA8
  
  
• [Restored to Life] 1898: Seaside Life in Scheveningen The Hague, Netherlands:
  https://youtu.be/wUWx7nAs3-A
  
  
• Why Maglev is (Basically) Impossible:
  https://youtu.be/WICVlQOb09o
  
  
• LockPickingLawyer: Palm-Scanning Smartlock Defeated:
  https://youtu.be/rTXKEyCgQck?si=nENJgAdOTT9yPQeq
  
  
• For Da Kids #1 - New Yorker Devotes His Life to... Rescuacing Cats?:
  https://youtu.be/lb2ckBcwxVY
  
  
• For Da Kids #2 - Greyhound Thrown Away After 44 Races... Then A Little Girl Stepped In:
  https://youtu.be/q9pSOCh-jJE
  
  
• For Da Kids #3- Man's Chance Encounter With A Wild Octopus Changes Everything:
  https://youtu.be/mzXxC5cdYiI
  
  
• For Da Kids #4 - Lady Catches Her Hermit Crabs Partying Every Night:
  https://youtu.be/L98EQ47fK30
  
  
• For Da Kids #5 - Dwarf Horse Learns To Walk On Her Little Legs:
  https://youtu.be/7zveyEGLQ_k