IT Brief Canada - Technology news for CIOs & IT decision-makers
Canada
Flux result 8ee5bb76 0ccb 474f 8e40 23893661b265
#
Data Protection
#
Digital Transformation
#
Physical Security

KnowBe4 launches Agent Risk Manager for AI agent security

Tue, 14th Apr 2026
Author image
By Sean Mitchell, Publisher

KnowBe4 has launched Agent Risk Manager, a security product for autonomous AI agents aimed at organisations using them in operational workflows.

The launch comes as businesses move from AI-assisted tasks to more autonomous systems that can take actions, use tools and handle data with less human oversight. That shift has created a security gap around how such agents behave after deployment.

Agent Risk Manager is being introduced as part of the company's HRM+ platform, which focuses on managing risks linked to employees and AI systems. It is designed to monitor agent behaviour in real time, govern what agents can do, and flag actions that could lead to security incidents.

The product targets risks including unauthorised sharing of sensitive information, prompt injection attacks and excessive use of computing resources. It also aims to address AI agents operating outside formal oversight, which many security teams describe as a form of shadow IT.

How it works

The system applies behavioural guardrails to agent activity once the software is live in a customer environment. It monitors actions rather than focusing only on prompts or code, and is intended to detect when an agent departs from expected operating patterns.

It includes prompt injection detection, scanning for jailbreaks, logic overrides and indirect injections across user messages and tool outputs. It also includes sensitive information detection, using more than 20 classifiers to identify personal data and credentials and redact that material before it reaches an audit log.

Another feature is what KnowBe4 calls unbounded consumption detection, meant to identify runaway agents that trigger excessive API calls, queries or compute use. The product also includes an inventory tool that catalogues agents and connected tools across customer environments, along with an audit log for reviewing actions and detections.

Agent Risk Manager also covers identity governance for agents by identifying which permissions and tools an agent can access. It includes adversarial simulation features intended to test agent behaviour against prompt injection and social engineering tactics.

Market shift

Security vendors have increasingly turned their attention to AI governance as companies expand their use of generative AI tools and autonomous software agents in customer service, software development, internal search and operations. Much of the first wave of AI security tools centred on model access, code scanning and API protection, while newer products focus on the actions agents take once connected to business systems.

That change reflects a broader concern in the cyber security market that AI risk is moving beyond employee misuse to machine-led activity inside corporate environments. The challenge for customers is to give automated systems enough access to complete tasks without creating new routes for data leakage, fraud or disruption.

Greg Kras, Chief Product Officer at KnowBe4, framed the launch around that shift in workforce composition.

"The industry has spent years securing the human element, but today, AI agents are the newest members of our workforce," said Greg Kras, Chief Product Officer, KnowBe4.

"However, securing the prompt is only half the battle. Our Agent Risk Manager focuses on the output and actions of these agents, ensuring that as they move through your network, they do not become the ultimate shadow IT or a backdoor for sophisticated prompt injection attacks," said Kras.

KnowBe4 said the product draws on 15 years of behavioural data to help identify when an agent deviates from safe operating parameters. The company did not disclose pricing, but said the product will be available globally.

KnowBe4, which says it serves more than 70,000 organisations worldwide, has historically been known for security awareness training and human risk management. The move into agent-focused oversight reflects how vendors in that segment are broadening their product lines as AI tools become embedded in day-to-day business processes.

Kras said the company sees the issue as part of a wider expansion in the security perimeter.

"We are moving from a world of human risk to universal risk," said Kras.

"Whether it is a human being tricked by a deepfake or an AI agent being manipulated by a malicious prompt, KnowBe4 is the only platform capable of defending both," added Kras.

Related stories
Protegrity launches AI Team Edition for secure inferencing
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Testlio launches AI chatbot testing service amid scrutiny
Cyber insurance now common among North American SMBs

Top stories

TestRail launches AI test script generation in beta
FIRST conference highlights AI & CVE disclosure push
OpenAI expands Codex with desktop & workflow tools
OpenAI launches GPT-Rosalind for life sciences research
Mirantis integrates NVIDIA Run:ai to speed AI deployment