Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

How to Secure AI Agents: 4 Best Practices

Imagine you give an AI agent permission to triage support tickets. A few weeks later, it’s accessing a system no one intended it to reach, putting the data within at risk of exposure or misuse. Nothing dramatic happens at the moment. That’s what makes the risk tricky. AI agents don’t wait for approval the way traditional systems do, and they move faster than the controls you’ve set around them.

I Love Device-Bound Session Credentials, But They Are Still Phishable and Hackable

Google recently released Device-Bound Session Credentials (DBSC) for Google Chrome and Google Workspace. It is a long-awaited new security enhancement to fight back against local cookie theft. But, yes, it can still be hacked and phished. Nothing alone in cybersecurity is a complete panacea.

Attackers Use Spoofed ChatGPT Site to Deliver Malware

Researchers at Malwarebytes warn that a fake ChatGPT download site is delivering malware. The attackers use sponsored results and SEO manipulation to target users who search for “ChatGPT download.” The phishing page is a convincingly spoofed version of the legitimate ChatGPT website, which delivers malware tailored to Windows or Mac users.

KnowBe4 Wins Multiple 2026 TrustRadius Top Rated Awards

We’re proud to share that KnowBe4 has once again been recognized as a leader in cybersecurity, receiving six 2026 TrustRadius Top Rated Awards across our platform. These awards are especially meaningful because they’re based entirely on customer feedback—making them a direct reflection of how our customers view the value and impact of our partnership.

A Look at Spam vs. Phishing: 4 Key Differences

Spam and phishing are often used interchangeably in email security, but they serve distinct purposes and carry varying levels of risk. Understanding the difference between spam vs. phishing helps organizations better recognize threats and respond appropriately. This guide breaks down how spam and phishing differ, how to identify each, and what steps organizations can take to reduce risk.

Nearly Two-Thirds of CEOs Cite Cyberattacks as Their Top Concern

Cyberattacks are now the top concern of leading CEOs, overtaking fears over geopolitical turmoil or inflation, the Wall Street Journal reports. A survey by the Conference Board and the Business Council found that 65% of CEOs at blue-chip companies cited cyberattacks as their top worry in the second quarter of 2026, an increase from 56% in Q1 2026.

The New Frontier: Securing Japan's Hybrid Digital Workforce (2026 & Beyond)

As Japan navigates the mid-point of the decade, its cybersecurity landscape is undergoing a fundamental transformation. Driven by escalating geopolitical tensions and the rapid proliferation of agentic AI, the nation is shifting its focus from purely technical defenses to a broader strategy of "Cognitive Security" and national resilience. The emergence of a hybrid workforce - where human employees work alongside autonomous AI agents - has redefined the traditional enterprise perimeter.

Report: AI-Enabled Social Engineering Attacks Are on the Rise

Threat actors are increasingly using AI-enabled social engineering to get around technical security measures, according to a new report from Visa. Social engineering attacks were behind the largest number of losses in the second half of last year. “From July to December 2025, Visa identified nearly $1 billion in scam-related activity, making scams the single largest category of consumer payment fraud,” Visa says.

The Silent Invitation: A Deep Dive into Calendar Invite Phishing

As reported in the latest Phishing Threat Trends Report (Vol. 7), attackers are increasingly using calendar invites to bypass traditional email defenses, with this vector surging 49% over the past six months. In this Threat Labs deep dive, our team goes behind the scenes to provide a detailed analysis of this escalating campaign. We break down the technical underpinnings and tactical shifts in a unique multi-vector attack that turns your trusted corporate schedule into an instrument of compromise.

How to Secure AI Adoption In Your Organization

The era of "typing into a box" is over. For years, we viewed artificial intelligence as a digital assistant—a sophisticated autocomplete tool that waited for human input. But according to Martin Kraemer, KnowBe4’s CISO Advisor for Europe and the Middle East, that dynamic has shifted. We have moved from asking AI questions to giving AI jobs. In a recent webinar, Martin explores the transition from AI tools to AI agents.