Securing a human and agentic AI workforce

For years, the challenge in public sector security has been the human factor whereby threat actors target employees to gain access through compromised systems.

However, a more complex risk frontier is now emerging: one targeting artificial intelligence (AI) agents that work alongside civil servants, making decisions, accessing sensitive data, and acting on behalf of human officers.

KnowBe4’s Chief Information Security Officer (CISO) Advisor for Asia Pacific and Japan, Dr Kawin Boonyapredee, says this hybrid workforce, comprising both humans and AI agents, is resulting in a fundamental change to the threat model.

“Agents are now first-class identities and sensors that expand attack vectors from human social engineering and system exploits to prompt injection, context poisoning, compromised model integrity, and automated insider-style abuse,” he notes.

Adversaries, he warns, are already weaponising agents to launch faster and hyper-personalised campaigns that shorten detection windows and shift risk from individual humans to coordinated human-agent workflows.

Treating agents like employees

For public agencies, the immediate policy implication is that AI agents must be governed with the same rigour as employees.

Dr Boonyapredee recommends that agencies enforce identity and access management (IAM), maintain immutable audit trails, and require human-in-the-loop approvals for high-risk actions.

“Start by treating AI agents as members of the workforce,” he advises CISOs who are starting their journey of governing a hybrid workforce.

This means establishing identity and entitlement controls, requiring staged change control for models and plugins, and enforcing rules that ensure sensitive or classified data is never transmitted to unverified AI agents.

For high-stakes decisions like financial transactions and system configuration changes, he recommends pairing a mandatory human-in-the-loop gating with clear override rules.

Beyond technical controls, Dr Boonyapredee stresses role-based training and certification for human operators, covering AI agent limitations, prompt safety, and social engineering risks.

The governance framework, in other words, must be both technical and human.

Hidden danger of prompt injection

One of the risks in agentic deployments is prompt injection, which refers to attacks that manipulate an AI agent's inputs to make it act against its intended purpose.

"AI agent manipulation can make agents act against intent, lead data, perform unauthorised actions, or spread misinformation across systems and partners,” Dr Boonyapredee explains.

 He outlines four specific risks that agencies must account for: attackers crafting inputs that erase audit traces, making incident response nearly impossible; prompts that trick agents into revealing sensitive data; AI-generated misinformation reaching staff or the public; and the poisoning of AI models at scale, causing agents to ignore rules or bypass approval workflows entirely.

“Model compromise can alter AI agent behaviours at scale,” he notes, "spreading unauthorised actions such as ignoring rules or bypassing approval workflows.”

For public sector leaders, the lesson is that the integrity of the underlying model is now a national security consideration, not just a technical one, Dr Boonyapredee adds.

Fighting AI phishing with AI detection

Phishing, which is a most common form of attack used by hackers for government breaches, is boosted by generative AI (GenAI).

AI-powered phishing attacks make up highly contextualised lures that convincingly mimic government communications, and frequently slip past traditional secure email gateways (SEGs).

KnowBe4's response is to deploy AI agents that fight back on the same terrain.

According to Dr Boonyapredee, these agents combine individual user risk signals with generative-and-behavioural analysis with immediate remediations.

"They score individual susceptibility from historical interactions, pick or generate realistic phishing templates to test specific weaknesses, and use language and metadata indicators to flag messages      that traditional security email gateways (SEGs) miss,” he explains.

Critically, when a risky message is detected or clicked on, the affected user receives targeted education in real time, reducing the chance of repeated susceptibility.

The same AI-augmented logic applies to outbound monitoring.

AI-driven tools can now analyse intent, context, and writing style to catch accidental sends or stealthy exfiltration attempts that rule-based filters would miss.

Measuring culture in a hybrid workforce

The most difficult question for CISOs is how to measure security culture when agentic AI defenders are now part of the equation.

Dr Boonyapredee shares four criteria to measure the resilience of a security culture supported by both human officers and AI agents:

1. Agent trust and effectiveness: This measures interception rates of AI-crafted attacks, false-positive/negative ratios, and how often operators override AI agent decisions to reveal gaps in AI agent accuracy or excessive human reliance.
2. Continuous feedback loop: Running mixed human-agent red-team exercises and feeding results back into training and AI agent rules.
3. Learning velocity: Measuring training modules as a key performance indicator (KPI) for organisational adaptability
4. Enhancing KPIs for incidents: Agentic AI defenders can track combined Mean Time to Defend and Mean Time to Respond (MTTD/MTTR) across human and agent detection paths to show how quickly incidents are detected and resolved when AI agents trigger alerts or humans escalate.

Humans remain the most important variable in cybersecurity, Dr Boonyapredee emphasises, but they now work alongside agents that carry risks of their own and securing both together is today’s mandate for CISOs.

Therefore, the future of security lies in cyber-resilience rather than mere protection.

CISOs must move beyond traditional perimeter defence and embrace a philosophy of "co-botting," where human intuition is augmented, and not just replaced, by intelligent tools.

This requires fostering a culture of continuous, simulation-based training for employees, alongside rigorous governance for AI agents.

Ultimately, the goal is to build a trust-but-verify ecosystem where the human-machine partnership is fortified, turning what was once a vulnerability into a resilient, proactive defense, ensuring that in the race against threat actors, technology accelerates, but humans still steer.