Latest news with #PerryCarpenter
Forbes
29-07-2025
- Business
- Forbes
AI Agents May End Search As We Know It
Perry Carpenter is Chief Human Risk Management Strategist for KnowBe4, a cybersecurity platform that addresses human risk management. When the World Wide Web first appeared, it was compared to a library without shelves, where all the books lay scattered on a basement floor. For over two decades, search engines have served as ubiquitous routers directing billions of clickers through the labyrinth of the internet. But that era is officially ending. At Google's 2025 I/O conference, the company unveiled a future where AI agents, not search results, will act as the new custodians of the web. No more sifting through pages or gaming results. Instead, these agents promise to fetch answers, shop for deals and even draft research papers. This shift signals two concurrent trends that business leaders can't afford to ignore: a new battleground for brand visibility and a growing dependence on agentic systems for customer interaction. From Links To Living Assistants The star of the I/O 2025 event wasn't a new gadget or algorithm tweak; it was the quiet rise of AI agents, tools designed to erase the friction between users and information. The message was clear: Search, in its traditional form, is obsolete. The most significant announcement was the rollout of AI Mode, a feature that allows users to converse directly with an AI assistant within Google Search. Instead of scrolling through links, users can now ask the agent to summarize articles, compare products or compile travel itineraries. The ChatGPT Hangover Effect This seismic shift didn't happen overnight. It was catalyzed by the rise of ChatGPT, which showed limitations to the search-first approach. When OpenAI's generative AI tool (chatbot) demonstrated that users preferred conversational answers over link lists, search engines scrambled to adapt. Last year's rollout of AI Overviews—a feature that placed AI-generated summaries atop search results—was a tentative first step for Google. But its launch faltered when the system "hallucinated" absurd answers, like recommending glue on pizza to make the cheese stick, claiming Barack Obama was the first Muslim president and suggesting that users eat at least one small rock per day. A year later, Google has refined its strategy. Rather than tacking AI onto search, it's rebuilding the entire experience around agentic AI. That should prompt leaders to ask: Is your digital infrastructure agent-ready? In support of this, Google announced native SDK support for Anthropic's MCP, a protocol that lets AI agents securely access data across apps and websites. The move aligns with broader industry trends: Microsoft CTO Kevin Scott recently championed an "open agentic web," where AI tools seamlessly interact with services, from hailing Uber to managing finances. Winners, Losers And Unanswered Questions The implications of this shift are profound and uneven. For online services like DoorDash or Ticketmaster, AI agents represent a golden opportunity. These platforms are already optimizing their systems for AI interactions, eager to serve users through automated assistants. A customer asking Gemini to "order my usual lunch" could trigger a DoorDash order without needing to open the app. Publishers, however, face existential threats. When AI agents summarize news articles or research papers, readers have little incentive to click through to the source. Traffic and its associated ad revenue may drop. For media companies, that kind of efficiency becomes a big problem. Outlets like The New York Times and Reuters have put up paywalls and made licensing deals, but the long-term viability of these purveyors of truth, backed by full-time fact-checkers, is worrisome, to say the least. Then there's the nagging hallucination issue. Despite advancements, AI agents still invent facts or misrepresent sources. Until these gaps close, the risk of misinformation looms large. Imagine an AI agent citing a fake clinical study or misidentifying a patient's diagnoses. Notably, the recent "Make America Healthy Again" report from HHS cited sources in the appendix that didn't exist. This is widely believed to be because the report likely over-relied on AI. Especially for leaders in regulated industries like healthcare, finance and legal—the reputational and compliance risks of AI-generated misinformation can be high. AI Security Risks Borne By Users AI agents can usher in a host of security concerns as well, something that's been well documented. Agentic AI can be utilized by threat actors to automate social engineering attacks, reaching thousands of users simultaneously. Prompt injection attacks can manipulate LLMs, seeding malware in the process. Human defenses are needed to thwart AI-fueled spearphishing campaigns, the main vector for system infiltration. The need for human risk management grows apparent. Human risk management (HRM) is a data-driven approach that aligns with traditional security awareness training but also focuses more broadly on quantifying and mitigating risks associated with human behavior. The idea is to transform employees into a strong layer of defense through personalized, adaptive learning and fostering a culture that is security resilient. We Stand At A Crossroads The promise of agentic AI is seductive: a world where tedious tasks vanish, research takes minutes and education is frictionless. Yet, we risk trading serendipity and depth for convenience, empowering algorithms to curate reality on our behalf. We risk the human talent for critical thinking by outsourcing it to a black box. The way many see dashboard and phone-based GPS systems has turned us into more careless drivers, agentic AI could make us less consciously mindful and maybe less intuitive. But despite flaws, AI agents are here to stay and evolve. I am certain other competitive search engines will follow suit with their own AI mega-assistants. The question is how the choices executives make today—about partnerships, data access, transparency and customer experience—will shape the AI agent ecosystem for years to come. Regulations ensuring things like transparency, cybersecurity safeguards, fair compensation for creators and rigorous AI accountability will be critical. So, too, will preserving spaces for human intuition and curiosity—the messy, exploratory web journeys that algorithms can't replicate. The age of search taught us to navigate the internet. The age of agents will test whether we can still navigate ourselves. Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
Techday NZ
30-06-2025
- Business
- Techday NZ
KnowBe4 launches free self-assessment to boost security culture
KnowBe4 has released a free self-assessment tool, the Program Maturity Assessment (PMA), aimed at helping IT and cybersecurity leaders evaluate and enhance their organisation's security culture with a particular focus on human risk management. Practical assessment for human risk The Program Maturity Assessment (PMA), developed by security culture specialist Perry Carpenter, seeks to bridge the gap between human behaviour and cybersecurity practice. Unlike many technical assessments or frameworks requiring external consultants, the PMA offers a structured and jargon-free self-assessment. It translates cybersecurity concepts into concrete, actionable recommendations suitable for organisations of varying sizes and across industries. The assessment examines ten critical dimensions of security culture, considering elements such as leadership involvement, employee behaviour, and the integration of business processes. Users receive quantifiable and visual feedback across 40 Culture Maturity Indicators (CMIs), enabling an objective understanding of both strengths and vulnerabilities in their current practices. Customised recommendations After completing the PMA, participants are provided with a personalised maturity classification mapped onto a five-level scale. This is visualised across each assessed dimension, giving a comprehensive picture of where improvements are needed. Alongside this, PMA delivers prioritised and actionable steps intended to strengthen what is often described as the 'human firewall' within organisations. Additionally, the tool's output identifies specific gaps, from employee mindset to executive communication. Organisations also receive a strategic roadmap with tailored recommendations, allowing for focused resource allocation and plans for ongoing cultural development. Developed with clarity in mind "Every meaningful program requires clarity: clarity of purpose and clarity of impact. This is especially true with Human Risk Management programs where lack of clarity and impact will leave an organization exposed in ways they may not appreciate." said Perry Carpenter, chief human risk management strategist at KnowBe4. "Organisations need a way to demonstrate effectiveness of their human risk management program and show leadership its value. This is especially true when programs fail to account for the human element—employees whose everyday decisions significantly impact organizational security. The PMA offers a clear, data-driven approach that helps leaders identify key areas for improvement, allocate resources more effectively, and build a stronger, more resilient security culture. It's about giving organizations the insight they need to make informed decisions and foster lasting cultural change." The PMA represents a response to increased targeting and exploitation of human actions by cyber attackers. According to KnowBe4's own "Security Culture: How-To Guide", security culture is a significant predictor of secure behaviour, yet many organisations lack the means to assess and improve it in a systematic way. Optional consultation for next steps Beyond the immediate recommendations provided by the PMA, organisations can opt for a follow-up consultation to explore KnowBe4's broader Human Risk Management (HRM+) platform. This includes further modules for awareness and compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing resources, and AI-driven defence tools, intended to provide ongoing support for building a more resilient security culture. KnowBe4 reports being used by more than 70,000 organisations globally and positions its offerings as a way to create measurable improvements in the security mindsets and behaviours of workforces. The new PMA tool is available free of charge to support organisations in understanding and developing data-driven strategies for security culture improvement starting with their people.
Business Upturn
30-06-2025
- Business
- Business Upturn
KnowBe4 Announces New Assessment Tool to Enable Data-Driven Security Culture Improvements
By GlobeNewswire Published on June 30, 2025, 19:59 IST TAMPA BAY, FL, June 30, 2025 (GLOBE NEWSWIRE) — KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, released today the KnowBe4 Program Maturity Assessment (PMA), a free, strategic tool designed to help IT and cybersecurity leaders measure and improve their organization's security culture—starting with the people. As human actions are targeted and exploited by attackers with increased sophistication, organizations need clarity on what is working and how to measure improvement. According to KnowBe4's Security Culture: How-To Guide , security culture is one of the strongest predictors of secure behavior, yet few organizations have the tools to assess and manage it effectively. Created by security culture expert Perry Carpenter, the PMA offers a structured, practical self-assessment framework focused on Human Risk Management (HRM). Unlike technical assessments or consultant-heavy frameworks, the PMA delivers actionable insights across ten critical dimensions of security culture—without the jargon. It translates abstract cybersecurity concepts into concrete actions that organizations can take immediately, regardless of size or industry. Key Features of the PMA: Holistic Evaluation : Examines leadership, employee behavior and business process integration Examines leadership, employee behavior and business process integration Objective Scoring : Provides clear, quantifiable results across 40 Culture Maturity Indicators (CMIs) Provides clear, quantifiable results across 40 Culture Maturity Indicators (CMIs) Identify Gaps : Pinpoints exact areas of weakness, from employee mindset to executive communication Pinpoints exact areas of weakness, from employee mindset to executive communication Strategic Roadmap : Offers customized recommendations based on maturity level Offers customized recommendations based on maturity level Actionable Next Steps: Delivers next steps to strengthen the human firewall After completing the assessment, users receive a personalized maturity classification on a five-level scale, visual feedback across all dimensions, and prioritized recommendations. Those looking to deepen their efforts can opt into a follow-up consultation to explore how the KnowBe4 HRM+ platform can accelerate maturity and build a lasting security culture. 'Every meaningful program requires clarity: clarity of purpose and clarity of impact. This is especially true with Human Risk Management programs where lack of clarity and impact will leave an organization exposed in ways they may not appreciate.' said Perry Carpenter, chief human risk management strategist at KnowBe4. 'Organizations need a way to demonstrate effectiveness of their human risk management program and show leadership its value. This is especially true when programs fail to account for the human element—employees whose everyday decisions significantly impact organizational security. The PMA offers a clear, data-driven approach that helps leaders identify key areas for improvement, allocate resources more effectively, and build a stronger, more resilient security culture. It's about giving organizations the insight they need to make informed decisions and foster lasting cultural change.' To learn more or complete the assessment, visit About KnowBe4 KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organisations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven 'best-of-suite' platform for Human Risk Management, creating an adaptive defense layer that fortifies user behavior against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilises personalised and relevant cybersecurity protection content, tools and techniques to mobilise workforces to transform from the largest attack surface to an organisation's biggest asset. Disclaimer: The above press release comes to you under an arrangement with GlobeNewswire. Business Upturn takes no editorial responsibility for the same. Ahmedabad Plane Crash GlobeNewswire provides press release distribution services globally, with substantial operations in North America and Europe.
Associated Press
30-06-2025
- Business
- Associated Press
KnowBe4 Announces New Assessment Tool to Enable Data-Driven Security Culture Improvements
TAMPA BAY, FL, June 30, 2025 (GLOBE NEWSWIRE) -- KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, released today the KnowBe4 Program Maturity Assessment (PMA), a free, strategic tool designed to help IT and cybersecurity leaders measure and improve their organization's security culture—starting with the people. As human actions are targeted and exploited by attackers with increased sophistication, organizations need clarity on what is working and how to measure improvement. According to KnowBe4's Security Culture: How-To Guide, security culture is one of the strongest predictors of secure behavior, yet few organizations have the tools to assess and manage it effectively. Created by security culture expert Perry Carpenter, the PMA offers a structured, practical self-assessment framework focused on Human Risk Management (HRM). Unlike technical assessments or consultant-heavy frameworks, the PMA delivers actionable insights across ten critical dimensions of security culture—without the jargon. It translates abstract cybersecurity concepts into concrete actions that organizations can take immediately, regardless of size or industry. Key Features of the PMA: After completing the assessment, users receive a personalized maturity classification on a five-level scale, visual feedback across all dimensions, and prioritized recommendations. Those looking to deepen their efforts can opt into a follow-up consultation to explore how the KnowBe4 HRM+ platform can accelerate maturity and build a lasting security culture. 'Every meaningful program requires clarity: clarity of purpose and clarity of impact. This is especially true with Human Risk Management programs where lack of clarity and impact will leave an organization exposed in ways they may not appreciate.' said Perry Carpenter, chief human risk management strategist at KnowBe4. 'Organizations need a way to demonstrate effectiveness of their human risk management program and show leadership its value. This is especially true when programs fail to account for the human element—employees whose everyday decisions significantly impact organizational security. The PMA offers a clear, data-driven approach that helps leaders identify key areas for improvement, allocate resources more effectively, and build a stronger, more resilient security culture. It's about giving organizations the insight they need to make informed decisions and foster lasting cultural change.' To learn more or complete the assessment, visit About KnowBe4 KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organisations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven 'best-of-suite' platform for Human Risk Management, creating an adaptive defense layer that fortifies user behavior against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilises personalised and relevant cybersecurity protection content, tools and techniques to mobilise workforces to transform from the largest attack surface to an organisation's biggest asset. Kathy Wattman KnowBe4, Inc. 7274749950 [email protected]
Forbes
22-05-2025
- Business
- Forbes
Five AI-Powered Threats Senior Leaders Should Be Aware Of
Perry Carpenter is Chief Human Risk Management Strategist for KnowBe4, a cybersecurity platform that addresses human risk management. We're all too familiar with warnings about phishing scams, and they're still a security issue we need to be aware of. But there are a wide range of other concerns, beyond phishing, that should have your attention—and that you should be sharing with colleagues so they can collaborate with you to protect your company and assets. We're moving into what I call the 'Exploitation Zone'—a widening gap between technological advancement and human adaptability. It is, admittedly, tough to keep up unless, like me, you're singularly focused on data security and staying on top of increasingly sophisticated ploys by bad actors to exploit your human nature. Here are five AI-powered threats you need to understand and take steps to respond to. It's not just emails we have to be worried about these days. Today's hackers can spoof more than email addresses. One of the quickly emerging scams is voice phishing, or vishing. Just last year, we saw a 442% increase in vishing attacks between the first and second half of 2024, according to CrowdStrike. Using publicly available voice snippets they can access via earnings calls, podcasts, video calls or media interviews, cybercriminals are able to create hard-to-detect voice clones. This can take the form of a frantic call from a 'grandchild' to a grandparent asking for money to help get them out of a jam. It can also take the form of a demanding call from a 'CEO' to release funds through a bank transfer. Suggestion: Put steps in place to verify any requests for financial transactions, especially those received via calls or voice messages; consider using authentication questions that only legitimate business representatives would know. Since the pandemic, it's not unusual for many types of meetings to take place in a virtual environment. That includes board meetings. When your board members are participating virtually, there's a chance for manipulation by bad actors. That's not just the stuff of science fiction. Deepfakes have already been used to influence critical business decisions or access sensitive information. A U.S. judicial panel has even considered how deepfakes could disrupt legal trials. Chances are that images and video clips of your board members and senior leaders exist. All cybercriminals need to do is get access to a few seconds of a voice recording, video, or sometimes even a single image and use generative AI tools to create audio and video that most people won't be able to discern from the real. Think I'm exaggerating? You can see me demoing the tools and tactics here. Suggestion: Make sure you're using authentication to protect the security of any video calls. Implement multifactor authentication and establish verification procedures that involve different communication channels. And also, similar to the suggestion for No. 1, consider creating safe words or a verbal challenge/response procedure. In 2023, a fake, likely AI-generated photo of an alleged explosion near the Pentagon briefly caused the S&P 500 to drop. Suggestion: Develop crisis response plans to address the potential for synthetic media attacks, including rapid verification channels that can be used with targeted news outlets and financial partners. Imagine a disgruntled employee using AI voice cloning to generate a fake audio recording of their CEO making discriminatory remarks. Or, picture an AI-generated video showing a senior-level official involved in questionable activities. It's all too possible with the rise of AI-generated content that is now literally at the fingertips of anyone with an axe to grind. Even when these attempts are proven to be false, the damage remains. It used to be true that 'seeing is believing.' That's still true, but what we're seeing may not be actually believable. Suggestion: Be aggressive in monitoring digital channels for synthetic content related to your organization and your key executives, board members and other representatives. Have rapid response plans in place to address any incidents that occur, and be prepared to provide evidence of manipulation. Large language models (LLMs) are the foundational technology behind many generative AI tools. While LLMs themselves don't access real-time information, threat actors can leverage these tools—often in combination with publicly available data about your organization—to craft hyper-personalized phishing campaigns and social engineering attacks. These messages can closely mimic the tone and style of internal communications, making it increasingly difficult for recipients to distinguish between legitimate and malicious content. In a now widely reported incident, what was likely a combination of voice cloning and video deepfakes were used to convince an employee at a multinational firm in Hong Kong to pay out $25 million. After participating in what turned out to be a fake, multi-person video conference call, and despite some initial misgivings, the employee did as requested. Suggestion: Train staff members to recognize the warning signs of AI-enabled impersonation, such as limited interaction or refusal to answer unexpected questions. And encourage them to trust their gut. If something feels off, it probably is, and they should pursue additional verification options. Repeated exposure to information and examples of the many ways bad actors are attempting to infiltrate and influence organizations and employees can help keep the threats top-of-mind and help minimize the chances of falling prey to these attacks. Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
