We are working tirelessly on our AI First strategy to better protect both humans and their AI tools.
KnowBe4 and its advocates spend a lot of time talking to audiences about AI-enabled threats, and rightly so, as recently covered in dozens of previous posts, including this recent one.
This year and next promise to be an explosion of cyber threats better enabled by AI. After years of saying AI attacks would be coming, they are here and will be the way that most cybercrime is committed forevermore. AI will enable cyberattacks to be faster, more successful, more pervasive, and hyper-personalized.
As the leading Human Risk Management (HRM) platform provider, a lot of our attention focuses on decreasing human risk. We do this through a highly dynamic platform that pushes technical defenses, security awareness training, and AI-enabled defenses.
We are also working to protect the AI you use to protect yourself and increase your productivity. Attackers are crafting new ways to exploit AI in ways that are likely to be more successful than if humans were more involved.
We have previously covered how attacks against your AI productivity tools can lead to increased disinformation, data leaks and poor results. There is a new worry…attacks against your browser-based AI agents.
Browser-Based AI Agents
Browser-based AI agents are a more modern version of browser extensions and add-ins, which have been around for decades…only with AI thrown in. Browser extensions have always been a huge security threat to people’s browsers. A badly coded, weakly threat-modeled browser extension can easily undermine an otherwise very secure browser experience. Some of the biggest exploits in history have been tied to attacks against popular browser agents. Accordingly, many organizations, including KnowBe4, significantly limit which browser extensions can be added to co-workers’ browsers.
Browser extensions are naturally becoming more AI-enabled and increasing people’s productivity beyond previous imaginable levels. A lot of early commonly used browser-based AI agents involve increased productivity around email. For example, some browser-based AI agents will cull your email inbox into more usable groupings, which allow more efficient handling. Other browser-based AI agents will gladly find free availability on your calendar to schedule meetings that were initiated from an email. Using this type of agent gives me an hour or two of my life back each week. Other browser-based AI agents look for and prevent cyberattacks. I have seen a few AI agents that focus on protecting your SMS messages.
It is very likely that you and your browser will be using more AI agents from now on.
Browser-Based AI Agent Attacks
Cyber attackers always move to attack what becomes newly popular and browser-based AI agents are absolutely going to be targeted more and more as they become more popular. We have not seen a lot of real-world attacks, but they are coming. We are going to see AI-enabled attacks that target other AI tools, including browser-based AI agents. They will manipulate the AIs we use to protect ourselves and increase our productivity using techniques and tricks that are more likely to work against other AIs.
For example, suppose you use a browser-based AI agent to schedule your meetings from emails that you receive, like I do. You could easily see an attack scenario where a scammer sends you a spoofed meeting invite in an email, and your AI agent just schedules the meeting and responds to the sender, so that you end up with a fraudulent meeting on your calendar. When you go to attend that meeting, would you then realize that it has no legitimate basis, or join the Zoom call hoping to find out what the meeting is about (which I am sure already happens to many of us busy people)? Then it would take you longer to figure out that you are in stage two of a scam, whereas you might have seen the original scam email and more easily dismissed it.
Or you have a browser-based AI agent helping to spot spoofed domains (i.e., URL domains that try to pretend to be part of some well-known brand’s legitimate domain (ex. facebooktecksupport.com, etc.). An attacker using an AI agent might be able to craft more fraudulent domains that might quickly bypass a browser-based AI check, but that a human might immediately identify as sketchy.
Researchers from all over the internet are exploring various scenarios where browser-based AI agents might be tricked. Another commonly exemplified possible threat is tricking a browser-based AI agent into executing a malicious action against its own user (e.g., deleting good files, downloading and installing malware, etc.) or revealing the user’s confidential information. One group of researchers showed that they could trick some browser-based AI agents into connecting to fraudulent websites and performing logins which revealed the user’s login credentials.
There is a great May 19, 2025, whitepaper entitled, The Hidden Dangers of Browsing AI Agents (https://arxiv.org/abs/2505.13076), that covers AI browser agents and the threats against them. It lists prompt injection, credentials exfiltration, unauthorized task execution, and unauthorized agent as the top concerning security threats.
The Good News
The good news is that AI was invented by the good actors (in the 1950s) and has been used and extended by the good actors far more than the bad actors. KnowBe4 has been using AI for over 10 years, and we are heavily involved in increasing defender accuracy and productivity using a growing list of sophisticated agentic AI agents.
KnowBe4’s Artificial Intelligence Defense Agents (AIDA) is our current list of customer-facing AI agents (https://www.knowbe4.com/hubfs/AIDA-Mature-Human-Risk-Management-Infographic_en-US.pdf) and we are heavily developing many more that will roll out in the coming weeks and months. We are AI, AI, AI!
And we have the data to show that our AI-enabled tools work and increase productivity. For example, if you allow our AI agent to pick the simulated phishing templates you use to send simulated phishing emails to your co-workers, it increases the likelihood by 2.7 – 3.0 times that they will respond to that simulated phishing email resulting in more training and awareness. That is never a bad thing.
KnowBe4 is working every day, heads down on AI-enabled technical defenses to better prevent scams and social engineering from getting to and bypassing both your human and AI-enabled productivity tools, including browser-based AI agents. Today’s browser-based AI agents are an extension of the humans who use them. We need to protect both.
As the leading HRM platform, we also continue to provide the most up-to-date information regarding AI-enabled attacks. Be sure to follow our bloggers and advocates at blog.knowbe4.com. We publish new information on various threats every day. Our advocates are thought leaders in the HRM and AI spaces. Oftentimes, the first you will hear about a particular threat is on our blog pages and in our presentations.
KnowBe4 is tirelessly using every tool in our HRM arsenal using an AI first strategy to better protect both humans and their AI tools.
