KnowBe4 Japan Survey Reveals Employee Security Awareness Regarding AI Agents

KnowBe4 Japan, Inc. (Headquarters: Minato-ku, Tokyo; Representative Director & President: Kazuhiro Riki), a global cybersecurity platform vendor comprehensively supporting human risk and agentic AI risk management, today announced the results of its "Survey on Awareness of the Security Impact of AI Agents" conducted among employees of companies and organizations in Japan.

This survey, following last year's "Survey on Awareness of the Security Impact of Generative AI," was conducted to understand the awareness and reality of security risks associated with the spread of "AI agents" that autonomously perform tasks.

The survey results highlighted growing expectations for the expanded use of AI agents, while also underscoring concerns about "human risks" such as information leakage and copyright infringement, and the stagnation of employee risk understanding. In particular, it revealed a "governance vacuum" in the era of "agentic AI," where AI operates autonomously, with ambiguous definitions of risk tolerance and unclear authority for budget and rule-making decisions.

In this transitional period where AI agents are becoming deeply integrated into business operations, there is an urgent need for discussions on shared organizational responsibility and the cultivation of a security culture that keeps pace with technological advancements. Key Survey Findings

Key Survey Findings ・AI Agent Usage and Intention for Future Use: 40% of respondents have already introduced AI agents in their organizations, and 70% expect their use to expand in the future ("Agree" 36%, "Somewhat Agree" 34%). In last year's generative AI survey, the adoption rate was 62% and the expectation for expansion was 73%. However, AI agents, being more specialized and autonomous tools compared to generative AI, suggest that adoption is proceeding more cautiously.

・Perception and Concerns Regarding Security Risks: 68% of respondents perceived the security risks associated with AI agent use as "significant" ("Agree" 27%, "Somewhat Agree" 41%). The most frequently cited concerns were "leakage of confidential information," followed by "infringement of copyrights, etc.," and "hallucinations (generation of misinformation)." Human risks, stemming from human judgment and operation, occupied the top positions.

・Current State of Risk Understanding: Only 30% of respondents answered that employees "understand" the security risks when using AI agents ("Agree" 6%, "Somewhat Agree" 24%). This is roughly flat compared to last year's generative AI survey (32%), indicating that "organizational risk understanding" has not kept pace, even as AI forms have changed.

・Location of Security Responsibility: Only 25% of respondents believed that security responsibility for using AI agents lies with "everyone" – including management, IT/security departments, and employees using the AI agents.

・Awareness of AI Misuse Threats: A total of 83% of respondents felt "threatened" by cyberattacks using AI ("Agree" 46%, "Somewhat Agree" 37%), an increase of 9 percentage points from 74% last year. "Phishing emails/SMS," "ransomware," and "Business Email Compromise (BEC)" were ranked similarly high as concerning attack types, indicating heightened vigilance against AI-enhanced social engineering attacks.

・Measures to be Strengthened: The most frequently chosen risk mitigation measure for AI agent use was "implementation of security education/literacy training," followed by "establishment and dissemination of usage regulations (policies)" and "strengthening access control to agents." For countermeasures against AI-enabled cyberattacks, "security training/education" was also the most common response, showing a continued emphasis on human-centric approaches rather than solely technical measures.

The full survey report can be viewed here: https://www.knowbe4.com/resources/whitepapers/impact-of-ai-agents-on-security?hs_preview=DiwXKeUE-209898710894

Three Major Challenges Revealed by the Survey ・Educational Institutions Lagging Behind Accelerating Adoption: While the expansion of AI agent use is certain, employee risk understanding remains at 30%, showing no improvement from the previous year (32%). The organization's educational system is falling behind the pace of technological evolution.

・Vulnerability to Unforeseen Events Due to "Governance Vacuum": Only a quarter (25%) of respondents indicated that security responsibility for AI agent use lies with "everyone." There is a lack of discussion on distributing responsibilities according to roles, leading to a "governance vacuum" where accidents involving autonomously operating AI could result in delayed responses or excessive burdens on specific departments.

・Even with Evolving Technology, "People" Drive Risk Innovation: Top concerns include "confidential information leakage," "copyright infringement," and "hallucinations (plausible falsehoods)." Regardless of how autonomous AI becomes, the judgment of the "people" who use and manage it remains the most significant defense layer (Human Firewall).

Comment from Kazuhiro Riki, Representative Director & President, KnowBe4 Japan, Inc. "While 68% of employees perceive significant security risks with AI agents, only 30% believe their organization's employees understand these risks. This reveals a gap where anxiety about risks is not matched by actual knowledge. The frontline appears to be in a 'governance vacuum,' caught between anxiety and convenience, without understanding the correct rules.

AI agents have evolved beyond mere tools to become 'partners' that autonomously perform tasks. Simultaneously, AI is making social engineering attacks incredibly sophisticated and natural. Traditional measures like 'blocking with systems' are reaching their limits. Risk management in the AI era requires building a robust 'Human Firewall' on the human side, by elevating the ethical standards and judgment capabilities of the entire organization, rather than solely relying on system-based physical barriers.

Precisely because agents operate autonomously, it is essential to establish a system that imposes the responsibility of proper handling on the humans who control them. To fill the governance vacuum of 'who is responsible,' clear guidelines must be established, and knowledge needs to be translated into actual behavior. Fostering a security culture where security is not 'something forced' but 'the norm for the organization,' and investing in 'continuous education' that adapts to evolving risks, will be the top priorities for 2026."

Survey Overview Survey Name: Survey on Awareness of the Security Impact of AI Agents Survey Period: December 2025 - January 2026 Target Audience: Employees working for companies and organizations in Japan Number of Respondents: 362 Survey Method: Online questionnaire conducted by Nikkei CrossTech Active Research

About KnowBe4 KnowBe4 helps organizations build a security-aware culture and manage their human risk. We are the provider of the world's most popular integrated awareness training and simulated phishing platform with over 70,000 customers. KnowBe4 empowers employees to make smarter security decisions, every day. A comprehensive, AI-driven "best-of-suite" platform for human risk management, KnowBe4 transforms human behavior and builds a strong defense layer against evolving cyber threats. KnowBe4’s HRM+ platform includes security awareness and compliance training, cloud email security, real-time coaching, cloud-based anti-phishing, and AI defense agents. As AI becomes increasingly integrated into business operations, KnowBe4 is equipping modern employees by training both humans and AI agents to recognize and respond to security risks. Through this integrated approach, KnowBe4 leads in "workforce trust management" and defense strategies. Learn more at https://www.knowbe4.com/ja.

Follow us on LinkedIn, X, TikTok, and Instagram.