This Knowbe4 and GovNet Technology roundtable at the House of Lords brought together stakeholders from across the public sector to explore how artificial intelligence is reshaping organisational security, operations, and human behaviours. Framed around the “agentic shift,” the discussion examined how organisations are moving beyond traditional security awareness models toward more dynamic, AI-enabled approaches.
The conversation reflected a shared recognition that AI is already embedded across workflows and decision-making processes. Participants emphasised that the challenge is no longer whether to adopt AI, but how to manage its risks while realising its benefits.
Below is a summary of what was an insightful and through provoking conversation, where together they discussed how to prepare an organisation for the agentic future, where securing human behaviour is only part of the equation.
AI as a Present and Disruptive Force
The Shift from Awareness to Action
AI as a Workforce Participant
Productivity Gains vs. Emerging Risks
Data Governance and Security Concerns
Limits of Control and the Need for Risk-Based Approaches
Skills, Training, and Culture
Governance, Ethics, and Accountability
Dependence on Technology Providers
1. AI as a Present and Disruptive Force
Participants consistently highlighted that AI is already transforming how organisations operate. Its influence spans everything from content creation and communication to service delivery and internal processes. In practical terms, AI is:
Examples shared included the use of AI tools to transcribe interactions, summarise large volumes of information, and reduce manual workloads. However, this transformation is not universally understood. Some participants noted uncertainty about where meaningful change is occurring, alongside concerns about overestimating AI’s current capabilities.
2. The Shift from Awareness to Action
A central theme of the discussion was the limitation of traditional security awareness approaches.
While awareness programmes remain widespread, participants acknowledged that they do not always lead to consistent behavioural change. This gap is particularly evident as AI tools become more accessible and widely used, often outside formal controls. The “agentic shift” reflects a move toward:
This aligns with the direction of KnowBe4, where the focus is evolving from static awareness training to behavioural reinforcement and adaptive security practices.
3. AI as a Workforce Participant
A notable insight was the framing of AI not just as a tool, but as a participant in the workforce. Participants discussed the idea of AI agents operating alongside humans; taking actions, making recommendations, and in some cases acting autonomously within defined parameters.
This raises important questions:
The concept of AI as “another employee” emerged, highlighting the need for organisations to rethink management, oversight, and accountability structures.
4. Productivity Gains vs. Emerging Risks
While AI is delivering clear efficiency gains, participants stressed that it also introduces new risks. One concern is accuracy. AI systems can produce outputs that appear credible but may be incorrect or misleading. This creates risks where outputs are accepted without sufficient scrutiny.
Another issue is the shift in workload. Rather than eliminating work, AI can generate additional outputs that require validation, potentially increasing the burden on staff. There were also examples of how AI could be misused; for instance, generating formal complaints or analysing internal communications in ways that could create organisational challenges.
5. Data Governance and Security Concerns
Data security emerged as one of the most pressing challenges. Participants raised concerns about:
Real-world examples were shared of unintended data exposure, reinforcing the risks associated with unregulated use of AI tools. Mitigation approaches discussed included:
6. Limits of Control and the Need for Risk-Based Approaches
Participants agreed that AI usage cannot be fully controlled. Attempts to restrict access, particularly in environments like education, have proven ineffective, as users can easily access tools independently. This has led to a shift toward risk management approaches, focusing on:
Rather than preventing use, organisations are increasingly focused on managing how AI is used and ensuring outputs are appropriately reviewed.
7. Skills, Training, and Culture
The discussion highlighted a significant gap in skills and understanding. AI tools are easy to access, but effective and responsible use requires:
Some organisations have introduced structured training and approval processes, requiring users to demonstrate competence before using AI in sensitive contexts.
Beyond formal training, there was a strong emphasis on cultural change - ensuring that users question outputs rather than accepting them at face value.
8. Governance, Ethics, and Accountability
Participants discussed the growing importance of AI governance frameworks, including ethics boards and formal review processes. Key challenges include:
There was recognition that governance must be ongoing and adaptive, rather than static, as AI systems continue to change and improve.
10. Dependence on Technology Providers
A further concern was reliance on large technology providers for AI capabilities. Participants noted:
There was interest in developing more local capability and reducing dependency, though this was acknowledged as a long-term challenge.
Conclusion
The roundtable highlighted that the “agentic shift” represents a fundamental evolution in how organisations approach security and technology. AI is no longer a peripheral tool but an integrated and increasingly autonomous component of operations.
While the opportunities are significant, particularly in terms of efficiency and capability, so too are the risks. Organisations must balance innovation with governance, ensuring that AI is used responsibly and effectively.
A key takeaway was the need to move beyond traditional security awareness toward continuous, behaviour-driven approaches, where systems, processes, and people work together to manage risk in real time.
In this context, public sector organisations are beginning to rethink not only their technology strategies, but also their operating models - recognising that success in an agentic world depends on combining human judgement with intelligent systems in a controlled and accountable way.