Greg Kras has a question he likes to ask security teams. How many AI applications does your organization use? Most say one or two. Then they start looking. Then the number grows — by dozens, sometimes more — because the AI tools employees quietly adopted over the past eighteen months never made it onto any formal inventory list. Kras, the chief product officer at KnowBe4 Inc., told that story at KB4-CON 2026 on May 18 to make a point that GAIG has been making all week from a different perspective: the organizations most at risk from AI governance failures are often the ones who think they have a handle on their AI deployment and simply don't.
KnowBe4 used the conference to announce Agent Risk Manager, a product that gives security teams real-time visibility into the AI agents operating across their environments — what they are, who is running them, and what data they can reach. The announcement came alongside a broader argument from Kras about what makes the agent governance problem fundamentally different from anything enterprise security has dealt with before.
"The fact that agents can beget agents — it becomes very interesting, If you think of traditional human staffing, you usually know when you have a new person on your team, but with agents, an agent could spin up another agent or ingest a Model Context Protocol server that may or may not be what they should be doing."
Kras told theCUBE's Scott Hebner during a live interview at KB4-CON.
Key Terms
Agent Risk Manager
KnowBe4's new product announced at KB4-CON 2026. Provides real-time visibility into AI agents operating across an enterprise environment — inventorying what they are, who owns them, and what data they can access. Built around three pillars: visibility, accountability, and control.
AIDA Orchestration
The eighth agent in KnowBe4's Artificial Intelligence Defense Agents suite, launched Q1 2026. Autonomously creates, schedules, and personalizes phishing simulations and security awareness training at the individual user level. Early results show approximately a five-point drop in risk score — roughly a 15% reduction — with less manual effort than traditional program administration.
Human Risk Management (HRM)
KnowBe4's expanded platform framing that extends beyond traditional security awareness training to cover the full spectrum of human security behavior — and now, by extension, the behavior of AI agents operating alongside human employees.
Conditions Driving This Change
The agent governance problem has been building across a specific set of organizational conditions that we have documented across multiple reports and analyses this week. At KB4-CON, Kras named the same pattern from the security side of the house.
AI tool adoption outpaced IT visibility. Employees deployed AI tools without formal IT approval across the last eighteen months, creating shadow AI inventories that security teams have no record of. KnowBe4's own customer conversations suggest the gap between what security teams believe they have deployed and what is actually running is consistently larger than anyone expects.
Agents can create other agents autonomously. Traditional human workforce management works because adding a person to a team requires a deliberate hiring process. AI agents do not require the same friction. An agent can spawn a sub-agent. An orchestration framework can initialize multiple agents from a single workflow trigger. The workforce multiplies without a corresponding expansion of the governance record.
MCP integration created ungoverned access pathways. As the Model Context Protocol became a standard for connecting AI agents to enterprise systems, it created a new category of access pathway that sits outside traditional identity and access management frameworks. An agent that ingests an MCP server gains access to whatever that server connects to — and in many cases, nobody explicitly authorized that connection.
The security perimeter expanded faster than controls could follow. SentinelOne's 2026 AI and Cloud report, which GAIG covered this week, found that AI-related secrets — OpenAI API keys, Azure OpenAI credentials, and other agent access tokens — grew approximately 140% in a single year. Every one of those secrets represents an agent access point. Most were never formally inventoried.
Human risk management frameworks were not built for non-human actors. KnowBe4 built its platform around the insight that security awareness training changes human behavior. But when the entity taking actions in an enterprise environment is an AI agent rather than a human employee, the entire framework for measuring and managing behavior has to be rebuilt from scratch.
What AI Governance Looked Like Before
For most of the past decade, enterprise security governance around AI meant two things: controlling what AI tools employees could access and training those employees to recognize AI-enabled threats like phishing and deepfakes. KnowBe4 built a dominant market position on exactly that — simulated phishing campaigns, security awareness training, and the behavioral science behind why humans fall for social engineering attacks.
The governance infrastructure built around that model assumed a human was always the actor. An employee clicks a link, downloads a file, forwards a credential. The security controls — identity management, access policies, behavior monitoring — were all designed to govern what humans do. Even as AI tools proliferated, the governance framework still treated AI as a tool being used by a human, not as an autonomous actor making its own decisions and accessing its own credentials.
"How many different AI applications does your organization use? One or two? Okay, you forgot the word dozen — because that's when you start discovering: 'I had no idea that we were doing that.' You can't measure it and you certainly can't control it and protect it if you didn't know it even existed."
Greg Kras, Chief Product Officer,
KnowBe4 — KB4-CON 2026, May 18, 2026
The shadow AI problem that emerged across 2024 and 2025 started bending that framework. Employees using personal AI tools for business tasks — which GAIG's coverage of the RSM and AAA surveys documented at 88% of enterprise AI users — created data exposure that the human-centric governance model was not designed to catch. But even shadow AI was still, at its core, a human governance problem. A person made a choice to use an unsanctioned tool. The governance question was about that person's behavior.
What's Changing Now
KnowBe4's announcement at KB4-CON marks a specific shift in how the company — and, by extension, how the enterprise security market — is framing the governance problem. Agent Risk Manager is built on three pillars: visibility, accountability, and control. Kras was explicit that visibility has to come first, because accountability and control are meaningless when you do not know what you are trying to govern.
The product inventories what AI agents are running across an enterprise environment in real time — not the agents that were formally deployed and logged, but all of them, including the ones that spun up from other agents, the MCP servers that got ingested without explicit authorization, and the shadow deployments that never went through any approval process. That inventory is the foundation that every other governance action depends on.
"As a company, you're going to not do well if you shun AI because your competition is going to just eat your lunch. But the same thing applies if you just open the doors without having any governance or control — you don't know what's happening in there."
Greg Kras, Chief Product Officer,
KnowBe4 — KB4-CON 2026, May 18, 2026
On the human security side, KnowBe4 also used KB4-CON to highlight early results from AIDA Orchestration, the autonomous agent it launched in Q1 2026 to personalize phishing simulations and security awareness training at the individual level. Early customers are seeing roughly a five-point drop in their human risk scores — about a 15% reduction — with significantly less manual administration than traditional programs require. Kras connected the two products explicitly: AIDA Orchestration represents KnowBe4 using an AI agent to govern human security behavior, while Agent Risk Manager governs AI agent behavior. The company is building governance for the full digital workforce — human and non-human simultaneously.
The three-pillar framework KnowBe4 is using — visibility, accountability, control — maps directly to the agent-first governance architecture GAIG described in the agent-first governance piece published this week. Visibility is the prerequisite. Without an accurate inventory of what agents are running and what they can reach, accountability cannot be assigned and control cannot be enforced. KnowBe4's Agent Risk Manager addresses the visibility layer. The accountability and control layers — sanctioned purpose documents, agent cards, named signal owners with documented SLAs — have to be built on top of it.
Our Take
AI Governance Take
KnowBe4's move into agent governance is significant for a reason that goes beyond the product announcement. KnowBe4 built a dominant position in enterprise security by solving the human behavior problem at scale — phishing simulations, awareness training, behavioral scoring. The fact that the company is now extending that platform explicitly to AI agents signals something about where the enterprise security market believes the next major governance gap lives.
Kras's framing at KB4-CON — that you cannot measure, control, or protect what you did not know existed — is the same argument GAIG has been making about AI governance all week from a different direction. The Gartner observability prediction covers 40% of organizations getting visibility tools by 2028. The SentinelOne report covers AI-related secrets growing 140% in one year. The AAA survey covers 87% of organizations claiming governance while only 22% say it actually works. Every one of those findings has the same root cause: organizations have AI activity they cannot see, and the governance programs they have built are calibrated to the AI activity they know about rather than the AI activity that is actually running.
The agent inventory problem that Kras described at KB4-CON — agents begetting agents, MCP servers being ingested without authorization, shadow deployments multiplying faster than any catalog can track — is the governance version of the SentinelOne credential explosion. The solutions are connected. You cannot assign accountability to an agent you do not know exists. You cannot enforce a sanctioned purpose boundary on an agent whose scope was never formally defined. You cannot detect anomalous behavior from an agent whose baseline behavior was never established. Visibility is the prerequisite for everything else. KnowBe4 built a product for that prerequisite. The rest of the governance stack still has to be built on top of it.
