AI Workforce Security: New Threats & Governance Needs

Threat actors are now targeting AI agents just like they target human employees. This means public agencies must govern AI with the same strictness as their staff. Here's the thing: For years, the human factor was the biggest security risk. But now, AI agents are making decisions and accessing sensitive data. KnowBe4's Dr. Kawin Boonyapredee says this "hybrid workforce" fundamentally changes the threat model. Attackers are already using AI agents for faster, more personalized campaigns. What's interesting is that AI agents are now "first-class identities." They expand attack vectors from social engineering to prompt injection and compromised model integrity. Agencies need to enforce identity and access management, keep audit trails, and require human approval for high-risk actions. Treat AI agents as members of the workforce. This means training human operators on AI limitations and prompt safety. The bottom line: The security of our digital systems and sensitive information now depends on protecting both people and the AI working alongside them.