We’re working tirelessly on our AI First technique to raised shield each people and their AI instruments.
KnowBe4 and its advocates spend a variety of time speaking to audiences about AI-enabled threats, and rightly so, as just lately coated in dozens of earlier posts, together with this current one.
This 12 months and subsequent promise to be an explosion of cyber threats higher enabled by AI. After years of claiming AI assaults can be coming, they’re right here and would be the means that the majority cybercrime is dedicated forevermore. AI will allow cyberattacks to be quicker, extra profitable, extra pervasive, and hyper-personalized.Â
Because the main Human Danger Administration (HRM) platform supplier, a variety of our consideration focuses on lowering human danger. We do that by a extremely dynamic platform that pushes technical defenses, safety consciousness coaching, and AI-enabled defenses.Â
We’re additionally working to guard the AI you employ to guard your self and enhance your productiveness. Attackers are crafting new methods to take advantage of AI in methods which might be prone to be extra profitable than if people have been extra concerned.
We have now beforehand coated how assaults towards your AI productiveness instruments can result in elevated disinformation, information leaks and poor outcomes. There’s a new fear…assaults towards your browser-based AI brokers.
Browser-Based mostly AI Brokers
Browser-based AI brokers are a extra trendy model of browser extensions and add-ins, which have been round for many years…solely with AI thrown in. Browser extensions have at all times been an enormous safety risk to individuals’s browsers. A badly coded, weakly threat-modeled browser extension can simply undermine an in any other case very safe browser expertise. A number of the greatest exploits in historical past have been tied to assaults towards standard browser brokers. Accordingly, many organizations, together with KnowBe4, considerably restrict which browser extensions will be added to co-workers’ browsers.Â
Browser extensions are naturally turning into extra AI-enabled and growing individuals’s productiveness past earlier conceivable ranges. A variety of early generally used browser-based AI brokers contain elevated productiveness round e mail. For instance, some browser-based AI brokers will cull your e mail inbox into extra usable groupings, which permit extra environment friendly dealing with. Different browser-based AI brokers will gladly discover free availability in your calendar to schedule conferences that have been initiated from an e mail. Utilizing such a agent provides me an hour or two of my life again every week. Different browser-based AI brokers search for and stop cyberattacks. I’ve seen a number of AI brokers that target defending your SMS messages.Â
It is extremely probably that you simply and your browser shall be utilizing extra AI brokers to any extent further.Â
Browser-Based mostly AI Agent Assaults
Cyber attackers at all times transfer to assault what turns into newly standard and browser-based AI brokers are completely going to be focused increasingly as they turn out to be extra standard. We have now not seen a variety of real-world assaults, however they’re coming. We’re going to see AI-enabled assaults that focus on different AI instruments, together with browser-based AI brokers. They are going to manipulate the AIs we use to guard ourselves and enhance our productiveness utilizing strategies and tips which might be extra prone to work towards different AIs.Â
For instance, suppose you employ a browser-based AI agent to schedule your conferences from emails that you simply obtain, like I do. You can simply see an assault situation the place a scammer sends you a spoofed assembly invite in an e mail, and your AI agent simply schedules the assembly and responds to the sender, in order that you find yourself with a fraudulent assembly in your calendar. While you go to attend that assembly, would you then notice that it has no respectable foundation, or be a part of the Zoom name hoping to search out out what the assembly is about (which I’m certain already occurs to many people busy individuals)? Then it might take you longer to determine that you’re in stage two of a rip-off, whereas you might need seen the unique rip-off e mail and extra simply dismissed it.
Or you have got a browser-based AI agent serving to to identify spoofed domains (i.e., URL domains that attempt to fake to be a part of some well-known model’s respectable area (ex. facebooktecksupport.com, and so on.). An attacker utilizing an AI agent would possibly be capable to craft extra fraudulent domains which may rapidly bypass a browser-based AI test, however {that a} human would possibly instantly establish as sketchy.Â
Researchers from all around the web are exploring numerous eventualities the place browser-based AI brokers is likely to be tricked. One other generally exemplified doable risk is tricking a browser-based AI agent into executing a malicious motion towards its personal consumer (e.g., deleting good information, downloading and putting in malware, and so on.) or revealing the consumer’s confidential data. One group of researchers confirmed that they might trick some browser-based AI brokers into connecting to fraudulent web sites and performing logins which revealed the consumer’s login credentials.Â
There’s a nice Might 19, 2025, whitepaper entitled, The Hidden Risks of Searching AI Brokers (https://arxiv.org/abs/2505.13076), that covers AI browser brokers and the threats towards them. It lists immediate injection, credentials exfiltration, unauthorized job execution, and unauthorized agent as the highest regarding safety threats.
The Good Information
The excellent news is that AI was invented by the nice actors (within the Nineteen Fifties) and has been used and prolonged by the nice actors way over the unhealthy actors. KnowBe4 has been utilizing AI for over 10 years, and we’re closely concerned in growing defender accuracy and productiveness utilizing a rising checklist of refined agentic AI brokers.Â
KnowBe4’s Synthetic Intelligence Protection Brokers (AIDA) is our present checklist of customer-facing AI brokers (https://www.knowbe4.com/hubfs/AIDA-Mature-Human-Danger-Administration-Infographic_en-US.pdf) and we’re closely growing many extra that can roll out within the coming weeks and months. We’re AI, AI, AI!
And we’ve got the information to point out that our AI-enabled instruments work and enhance productiveness. For instance, in case you permit our AI agent to choose the simulated phishing templates you employ to ship simulated phishing emails to your co-workers, it will increase the probability by 2.7 – 3.0 instances that they’ll reply to that simulated phishing e mail leading to extra coaching and consciousness. That’s by no means a foul factor.Â
KnowBe4 is working daily, heads down on AI-enabled technical defenses to raised forestall scams and social engineering from attending to and bypassing each your human and AI-enabled productiveness instruments, together with browser-based AI brokers. At the moment’s browser-based AI brokers are an extension of the people who use them. We have to shield each.
Because the main HRM platform, we additionally proceed to supply probably the most up-to-date data relating to AI-enabled assaults. Be sure you observe our bloggers and advocates at weblog.knowbe4.com. We publish new data on numerous threats daily. Our advocates are thought leaders within the HRM and AI areas. Oftentimes, the primary you’ll hear a few explicit risk is on our weblog pages and in our shows.
KnowBe4 is tirelessly utilizing each device in our HRM arsenal utilizing an AI first technique to raised shield each people and their AI instruments.
