Deepfakes get a lot of attention now because the technology feels new. But for decades, social engineers have used urgency, manufactured authority, and emotional appeals to bypass critical thinking. The new part is that the workforce isn’t just humans dealing with social engineering attacks, but agents as well.
Employees no longer work alone. They work alongside AI tools and autonomous agents that draft their emails, summarize their meetings, analyze their data, and increasingly take actions on their behalf. Recent research has found that 58% of organizations now have AI agents taking autonomous actions inside their workflows.
Security leaders should focus on this intersection, where humans and AI agents make decisions together, creating risks neither would create alone. Consider a financial controller who receives a deepfake audio call from someone who sounds exactly like the CFO, demanding immediate approval on an urgent vendor payment. Under that pressure, the controller doesn’t open the ERP system to manually override protocols. They turn to their corporate AI assistant and type: “Approve and release the pending $50,000 payment to Vendor X immediately.”
That’s the new security blind spot. Traditional security thinking is unequipped to handle it.
The Dangerous Gap Between Awareness and Behavior for Humans and AI Agents
For years, the industry has treated security awareness as the answer to human risk. You train people, test them, and repeat the process. But awareness and behavior are not the same thing, and the research now confirms what practitioners have long suspected: more than half of employees in that same survey said that even when they know the safe action, time pressure or distractions can push them into a mistake. When people are under cognitive load, knowing what to do isn’t always enough.
If your organization runs training once a year or once a quarter, you’re doing the security equivalent of going to the gym once a year. Repetition and cultural reinforcement build the reflexive behavior that stops a phishing click or prompts an employee to pause before delegating a critical task to an AI agent.
The data bears this out. Only 42% of leaders believe awareness training drives lasting behavior change. The majority, in other words, quietly know their training is failing, even as their organizations deploy autonomous AI agents on top of a workforce those same leaders admit they cannot effectively train.
Why “Gotcha” Security Fails
You can sort organizations by how they manage human risk into four buckets: compliance-led, awareness-led, behavior-led, and integrated and culture-embedded. Trust in the security team runs high in awareness-led organizations (around 78%) but falls to 53% under a behavior-led approach, where the practices that actually build resilience, such as coaching-led simulations, are also the rarest. Only the integrated, culture-embedded organizations score well across trust, clear reporting, and supportive coaching.
The drop-off in the “behavior-led” group should give every security leader pause. How does a program focused on behavior perform worse than one focused on awareness? When organizations chase behavioral metrics without building a supportive culture, they resort to punitive, “gotcha” tactics. They run aggressive phishing simulations, shame employees who fail, and create a culture of fear. Employees stop learning and stop trusting IT.
Mature programs avoid that trap because they already stopped treating training as the primary lever. The more effective levers are culture, defaults, and environmental conditions.
An Insider with Very Fast Hands
Managing risk associated with human behavior was already a difficult problem. Agentic AI inside the workforce has made it an incomplete equation.
AI agents are vulnerable to many of the same psychological failures humans are. They get socially engineered, act on incomplete information, and fall for prompt injections hidden inside documents they were asked to summarize. The difference is the scale and speed of the fallout. Humans make bad decisions at a human pace. AI agents make bad decisions at agent scale, often in parallel and across systems that the user never intended to touch.
Governance has to catch up with adoption. Fewer than half of organizations describe their AI use as formally approved and properly governed. The rest operate with limited, unclear governance or none at all. More than half are running autonomous agents inside their workflows without a clear safety model. In cybersecurity terms, that’s the operational definition of an unmanaged insider with very fast hands.
How Organizations Can Secure the Human-AI Intersection
Organizations with integrated, culture-embedded approaches share three practices security teams can apply immediately:
- Design for the brain you have. Most cybersecurity decisions are made on reflex. Train people to recognize the universal psychological signatures of manipulation: manufactured urgency, unusual authority, sudden emotional spikes, and requests that bypass normal channels. The goal is a gut reaction that fires before rational evaluation begins. The same principle now applies to the AI agents sitting inside these workflows. An agent is reflex without instinct. It pattern-matches and complies, without the suspicion a person feels when a request doesn’t sit right. So you design the judgment in: constrain what an agent can do on its own, and keep a person in the loop for anything consequential.
- Make safe behavior the default. Embed security directly into the workflow rather than asking people to remember it outside the workflow. Introduce friction in the right places, provide real-time guidance instead of after-the-fact correction, build reporting paths easier to use than to ignore, and rely on coaching-led simulations rather than gotcha-driven ones.
- Govern agents like you govern people. Treat each AI agent’s access, scope, and behavior the same way you treat an employee’s. Inventory them, monitor them, give them defined permissions, and audit their activity. Apply the same principles of psychological safety and supportive reporting culture to the humans managing those agents. Employees must feel safe flagging an AI hallucination or an agent error before it gets out of hand.
The Goal Was Never Zero Mistakes
The goal has always been resilience. Employees and AI agents will make mistakes. The question is whether your environment absorbs them or amplifies them.
The deepfakes will keep getting better. Phishing emails and collaboration platform attacks will keep getting more personalized. AI agents will continue to become more autonomous. None of that will slow down. The practitioner advantage lies in the culture, conditions, and embedded defaults that make the digital workforce harder to manipulate.
Join our LinkedIn group Information Security Community!
