Tech
Inserting AI into cyber awareness | Computer Weekly
The concept of security awareness training is traditionally one of static procedures, including online training and tests, phishing simulations, and physical elements such as posters and displays.
This is all practical for compliance, but does this concept move with the times? In a world where AI is king, how does awareness training fit with this technology trend? As an example, delegates at KnowBe4’s recent user conference in London heard how the company’s more AI-driven direction is taking shape.
Increase in agents
CEO Bryan Palma predicts that AI would lead to an increase in the number of people and agents saying that “AI makes us more productive”, and with the number of agents being deployed in cyber security increasing. This could result in fewer people being employed; however, the attitude at KnowBe4 is to train the workforce regardless of whether they are man or machine.
“We don’t care as, ultimately, we’re going to prepare your organisation and your workforce to be trained correctly and be an advantage for you in the market,” he says. “Now it is probably 100% humans we train and zero agents, tomorrow it may be 60 humans and 65 agents – we’re not going to care.”
That movement towards agents, and supporting them as much as employees, is particularly forward-looking as the adoption of AI-based options increases. Palma claims that this adoption of support for agents is “about security culture, and that is really the outcome that we’re trying to build”.
He says: “The reality is that agents will be part of your security culture, and bots will be part of your world. If we turn the clock forward a few years, you will have multiple bots that work for you, and you’re going to tell them to do things, and they will work independently, and instead of managing only people, you’re going to need to manage bots as well.”
This move is all about culture, and agents have to be part of that culture “just as humans would be”, he explains.
Workforce trust management
Palma states that the company’s direction is towards the concept of “workforce trust management”, an extension of the original security awareness training and the more commonly used term “human risk management”.
He explains that workforce trust management considers autonomous security, which governs and trains both humans and AI agents, as the workforce will be diverse: “You need to protect them all, as each can be a vulnerability.”
The obvious question is how AI and automated functions are changing both workforce trust management and KnowBe4’s core awareness and training mission? Sitting with Palma, Computer Weekly had the opportunity to ask him about this move towards automation and if there was enough of a grasp of the roll-out of automated tasks in the way that KnowBe4’s technology works.
Palma says the company was thinking about it and developing around it, and then when he joined the firm, he realised both the impact of this from other things that he has done and the need to accelerate development.
“I’ve put more focus on it; I’m putting more investment behind it. I want to accelerate what we’re doing, but we have six agents in the market – we were already doing this, and it becomes critical because it just allows our system to run better,” he says.
Is there more demand from customers for that kind of automation in a workforce trust management offering? He explains that one of its agents creates a phishing landing page to save time for the IT and cyber security teams to build new versions of the phishing tests continually.
Donna Huggett, information security education and awareness manager at Belron – the parent organisation of Autoglass and Safelite – tells Computer Weekly that she uses KnowBe4 for phishing simulations. The AI-enabled technology “actually helps us massively cut down quite a huge chunk of work”, as time was previously spent on developing templates and choosing the right one to use, the options in the AIDA technology do the work for you.
She also said this determines the level of phishing message to be sent to an employee, for those who need to be challenged more and who will receive slightly harder emails. “And that’s all automated now, so that’s a massive help,” she says.
Paul Maxwell, cyber security engineer at retailer Poundland, says he primarily uses KnowBe4 for phishing simulation, and used 115 templates, but found that some were no longer working. This required new templates to be built, and it “was adding 35 hours a month” to his workload as users became savvier, and he needed to create new emails.
“I spent a good couple of hours at night, just thinking ‘That’s a good one, that’s going to catch people out’. With that kind of stuff, you can’t just go half measure, you’ve really got to try and catch them out,” he says. “Because if you don’t catch them out, you don’t help them learn.”
He explains that the most effective options were those that appeared to come from HR, such as clicking to claim annual leave, and finance and IT issues, including updating to Windows 11. However, the staff engagement has seen an increase in reported phishing attacks. While Maxwell admits that each alert takes time to investigate, he acknowledges that the platform has been really helpful.
“This is exactly what I need: firstly to help me move security forward in the business, but also to be able to take a step back and look at other areas I need to focus on,” he adds.
Automated agents
In terms of automated agents, Computer Weekly asked Palma if the intention was to add machine learning to enable the examples above, and if it could get to the level where it could replace the practitioner’s need to do awareness training by determining the right campaign for employees?
Palma explains that people are overlooking this link and are moving directly to AI, while the human link is vital; there is machine learning involved. “Everybody wants to think GenAI, everybody wants to think next generation: we’ve had lots of machine learning and regular vanilla AI for a long time, and that’s still very meaningful and that still does a lot of the work, but conceptually it will absolutely look and say, ‘Hey, these are the mistakes you’re making’, or ‘These are the mistakes the system is making’ and how you solve that.”
Palma says that the development of agents has increased over the past year, and he sees a future where “our email, our training, our compliance is all going to be in one single platform”, which will allow KnowBe4 to add in components and capabilities as it moves forward.
Different-sized businesses
Palma also discussed whether small- and medium-sized enterprises (SMEs) are more adaptable to a changing technology concept, compared to a large organisation that has been retrospectively building in security since the 1990s.
“I think the bigger organisations have more people, they have more process, they tend to move slower,” he says. “The smaller organisations are going to be very efficient – among many of our SMEs, they don’t have a CISO, and they don’t have an information security department.
“Now, if they have three or four agents that can help them around workforce trust, they’re going to be really happy about that. So, I think adoption at that part of the market is going to be faster and quicker.”
This move to offer automated technologies is one where the company can move with the times, but the question is how adaptive are the practitioners to this new form of technology to do this straightforward task? Creating phishing templates is time-consuming, and creating new emails takes time and effort, and we have not really begun considering the energy required to filter through the phishing simulation results.
It is interesting to see this adoption of the newer ways of working, and perhaps the next step will be for practitioners to go all in on an agentic approach. Being able to offload a cumbersome task and see the results without hours of extra work would surely be worth the effort.
Here in the Pacific Northwest, we’re heading into the cold and windy season, which generally means power outages. One of the best ways to stay prepared for those cold and dark days is a portable power station like the Jackery Explorer 300 Plus, which is currently marked down by $100 at Best Buy and by the same amount at B&H. It’s compact enough to tuck away in a cabinet for a rainy day, but still has enough juice to power small and medium sized devices.
I actually picked up one of these a few weeks ago ahead of a big windstorm, and although I fortunately didn’t have to use it, I did run some quick tests on it to make sure everything was in working order. Every device I connected to the Jackery started charging at its fastest rate instantly, and I plugged my router in as well, which happily ran off the outlet with no issue. While I didn’t get a chance to drain the battery, it has a 288-watt-hour capacity that’s excellent for many charges of smaller devices like phones and tablets, or hours of use keeping your small appliances awake.
It has a raft of ports for charging and powering your various devices. There’s a regular USB-A port with a 15W max for incidentals, plus two USB-C ports with a 100W max, one of which is also used as the input to charge the power station. There’s a traditional American 120V outlet too, with a 300W limit, in case the lower wattage USB ports don’t quite fit the bill for your most demanding equipment. There’s even a charger of the style you find in cars, in case you have accessories that need it.
If you’re worried the Explorer 300 Plus won’t have enough juice to get you through a long outage, or you’re a frequent road tripper, I also spotted several Jackery solar panels marked down at Best Buy. The smaller 40W solar panel is marked down to $79 from $130, and the larger 100W version is discounted down to $198 from $299. While this smaller model is great for individuals and occasional use, make sure to check out our other favorite portable power stations for bigger batteries.
The past year has been traumatic for many of the volunteer tech warriors of what was once called the United States Digital Service (USDS). The team’s former coders, designers, and UX experts have watched in horror as Donald Trump rebranded the service as DOGE, effectively forced out its staff, and employed a strike force of young and reckless engineers to dismantle government agencies under the guise of eliminating fraud. But one aspect of the Trump initiative triggered envy in tech reformers: the Trump administration’s fearlessness in upending generations of cruft and inertia in government services. What if government leaders actually used that decisiveness and clout in service of the people instead of following the murky agendas of Donald Trump or DOGE maestro Elon Musk?
A small though influential team is proposing to answer that exact question, working on a solution they hope to deploy during the next Democratic administration. The initiative is called Tech Viaduct, and its goal is to create a complete plan to reboot how the US delivers services to citizens. The Viaduct cadre of experienced federal tech officials is in the process of cooking up specifics on how to remake the government, aiming to produce initial recommendations by the spring. By 2029, if a Democrat wins, it hopes to have its plan adopted by the White House.
Tech Viaduct’s advisory panel includes former Obama chief of staff and Biden’s secretary of Veterans Affairs Denis McDonough; Biden’s deputy CTO Alexander Macgillivray; Marina Nitze, former CTO of the VA; and Hillary Clinton campaign manager Robby Mook. But most attention-grabbing is its senior adviser and spiritual leader, Mikey Dickerson, the crusty former Google engineer who was the first leader of USDS. His hands-on ethic and unfiltered distaste for bureaucracy embodied the spirit of Obama’s tech surge. No one is more familiar with how government tech services fail American citizens than Dickerson. And no one is more disgusted with the various ways they have fallen short.
Dickerson himself unwittingly put the Viaduct project in motion last April. He was packing up the contents of his DC-area condo to move as far away as possible from the political scrum (to an abandoned sky observatory in a remote corner of Arizona) when McDonough suggested he meet with Mook. When the two got together, they bemoaned the DOGE initiative but agreed that the impulse to shred the dysfunctional system and start over was a good one. “The basic idea is that it’s too hard to get things done,” says Dickerson. “They’re not wrong about that.” He admits that Democrats had blown a big opportunity “For 10 years we’ve had tiny wins here and there but never terraformed the whole ecosystem,” Dickerson says. “What would that look like?”
Dickerson was surprised a few months later when Mook called him to say he found funding from Searchlight Institute, a liberal think tank devoted to novel policy initiatives, to get the idea off the ground. (A Searchlight spokesperson says that the think tank is budgeting $1 million for the project.) Dickerson, like Al Pacino in Godfather III, was pulled back in. Ironically, it was Trump’s reckless-abandon approach to government that convinced him that change was possible. “When I was there, we were severely outgunned, 200 people running around trying to improve websites,” he says. “Trump has knocked over all the beehives—the beltway bandits, the contractor industrial complex, the union industrial complex.”
Tech Viaduct has two aims. The first is to produce a master plan to remake government services—establishing an unbiased procurement process, creating a merit-based hiring process, and assuring oversight to make sure things don’t go awry. (Welcome back, inspector generals!) The idea is to design signature-ready executive orders and legislative drafts that will guide the recruiting strategy for a revitalized civil service. In the next few months, the group plans to devise and test a framework that could be executed immediately in 2029, without any momentum-killing consensus building. In Viaduct’s vision that consensus will be achieved before the election. “Thinking up bright ideas is going to be the easy part,“ Dickerson says. “As hard as we’re going to work in the next three to six months, we’re going to have to spend another two to three years, through a primary season and through an election, advocating as if we were a lobbying group.”
In case you didn’t get the memo, everyone is feeling very Chinese these days. Across social media, people are proclaiming that “You met me at a very Chinese time of my life,” while performing stereotypically Chinese-coded activities like eating dim sum or wearing the viral Adidas Chinese jacket. The trend blew up so much in recent weeks that celebrities like comedian Jimmy O Yang and influencer Hasan Piker even got in on it. It has now evolved into variations like “Chinamaxxing” (acting increasingly more Chinese) and “u will turn Chinese tomorrow” (a kind of affirmation or blessing).
It’s hard to quantify a zeitgeist, but here at WIRED, chronically online people like us have been noticing a distinct vibe shift when it comes to China over the past year. Despite all of the tariffs, export controls, and anti-China rhetoric, many people in the United States, especially younger generations, have fallen in love with Chinese technology, Chinese brands, Chinese cities, and are overall consuming more Chinese-made products than ever before. In a sense the only logical thing left to do was to literally become Chinese.
“It has occurred to me that a lot of you guys have not come to terms with your newfound Chinese identity,” the influencer Chao Ban joked in a TikTok video that has racked up over 340,000 likes. “Let me just ask you this: Aren’t you scrolling on this Chinese app, probably on a Chinese made phone, wearing clothes that are made in China, collecting dolls that are from China?”
Everything Is China
As is often the case with Western narratives about China, these memes are not really meant to paint an accurate picture of life in the country. Instead, they function as a projection of “all of the undesirable aspects of American life—or the decay of the American dream,” says Tianyu Fang, a PhD researcher at Harvard who studies science and technology in China.
At a moment when America’s infrastructure is crumbling and once-unthinkable forms of state violence are being normalized, China is starting to look pretty good in contrast. “When people say it’s the Chinese century, part of that is this ironic defeat,” says Fang.
As the Trump administration remade the US government in its own image and smashed long-standing democratic norms, people started yearning for an alternative role model, and they found a pretty good one in China. With its awe-inspiring skylines and abundant high-speed trains, the country serves as a symbol of the earnest and urgent desire among many Americans for something completely different from their own realities.
Critics frequently point to China’s massive clean energy investments to highlight America’s climate policy failures, or they point to its urban infrastructure development to shame the US housing shortage. These narratives tend to emphasize China’s strengths while sidelining the uglier facets of its development—but that selectivity is the point. China is being used less as a real place than as an abstraction, a way of exposing America’s own shortcomings. As writer Minh Tran observed in a recent Substack post, “In the twilight of the American empire, our Orientalism is not a patronizing one, but an aspirational one.”
Part of why China is on everyone’s mind is that it’s become totally unavoidable. No matter where you live in the world, you are likely going to be surrounded by things made in China. Here at WIRED, we’ve been documenting that exhaustively: Your phone or laptop or robot vacuum is made in China; your favorite AI slop joke is made in China; Labubu, the world’s most coveted toy, is made in China; the solar panels powering the Global South are made in China; the world’s best-selling EV brand, which officially overtook Tesla last year, is made in China. Even the most-talked about open-source AI model is from China. All of these examples are why this newsletter is called Made in China.
NCAA tabs flag football as an emerging sport for women
This Jackery Power Station Can Save You in an Emergency, and It’s on Sale for $199
Novo Nordisk shares rise 8% after Wegovy obesity pill has ‘solid’ launch
-
Tech4 days agoNew Proposed Legislation Would Let Self-Driving Cars Operate in New York State
-
Sports6 days agoClock is ticking for Frank at Spurs, with dwindling evidence he deserves extra time
-
Sports7 days ago
Commanders go young, promote David Blough to be offensive coordinator
-
Fashion6 days agoSouth India cotton yarn gains but market unease over US tariff fears
-
Fashion6 days agoChina’s central bank conducts $157-bn outright reverse repo operation
-
Entertainment3 days agoX (formerly Twitter) recovers after brief global outage affects thousands
-
Business7 days agoSoftBank reduces Ola Electric stake to 13.5% from 15.6% – The Times of India
-
Sports6 days agoUS figure skating power couple makes history with record breaking seventh national championship