How Agentic AI Can Transform HRM From Reactive To Proactive

Forbes

10-07-2025

Uzair Ahmed is an entrepreneur and startup enthusiast currently serving as the Co-Founder and CTO of Right-Hand Cybersecurity.
Cybersecurity threats are evolving faster than traditional defense practices can adapt. As a result, the security awareness space is reaching a breaking point. Compliance-specific annual training, static phishing simulations and content-heavy platforms are no longer enough to address the behavior-driven nature of today's threats.
Many in the human risk management (HRM) space believe the future lies in agentic AI—systems that don't just analyze but act autonomously. This marks a shift from passive education to intelligent, real-time defense coaching. However, while agentic AI offers promise, it must be implemented with care and strategy.
What Is Agentic AI?
Agentic AI refers to systems that operate with a degree of autonomy—capable of perceiving, deciding and acting in pursuit of a defined goal. In HRM, that goal is to reduce human-induced cybersecurity risk by monitoring and learning from individual behaviors and contextual data in real time.
These agents don't wait for a human to assign training. They detect risk signals, interpret user intent and take timely action—coaching employees, flagging anomalies or triggering interventions automatically.
Why Traditional Approaches Fall Short
Conventional security awareness solutions often rely on pre-scheduled training regardless of user behavior, static phishing templates recycled across the company and a belief that more content equals better preparedness.
But today's risks are not static—they're behavioral, contextual and moment-driven. A user who passed last month's phishing test might still fall for a novel attack today. A developer with elevated privileges might become risky after installing unknown packages or working at odd hours.
Situational awareness and adaptability are now essential, and agentic AI has the potential to meet this demand.
Challenges Of Deploying Agentic AI In HRM
Despite its potential, agentic AI is not a plug-and-play solution. One of the most significant challenges is building trust—both with leadership and employees. Concerns about privacy, autonomy and errors can stall adoption. A poorly timed or incorrect AI action can damage credibility and reduce engagement.
Data integration is another barrier. Agentic AI relies on inputs from identity systems, communications tools, developer environments and more. Many organizations operate with fragmented data, making it hard for AI to form accurate insights.
To overcome these challenges, organizations should:
• Start with assistive mode. Let AI suggest actions before granting autonomy.
• Ensure transparency. Make decisions explainable to admins and, where possible, to users.
• Design for context. Adapt interventions to user roles and activity history to avoid false positives.
• Use human-in-the-loop models. For sensitive actions, combine AI guidance with human approval.
These strategies lay the foundation for trust and operational success.
How Agentic AI Can Transform Human Risk Management
When these steps are reflected in an organization's strategy, agentic AI can help reimagine cyber awareness and HRM across four key dimensions:
AI agents continuously analyze behavioral signals from systems like email, browsers, simulated exercises, training assignments and developer tools. This allows them to identify anomalies and evolving threats beyond what manual reviews or periodic training can detect.
Instead of generic e-learning, agents deliver micro-interventions tailored to the user's context, behavior and role. A salesperson clicking suspicious links might receive a quick deepfake vishing call of a real threat scenario. A developer committing secrets to GitHub might get an immediate Slack nudge with secure coding tips.
Agents can initiate nudges, recommend remediation or enroll users into adaptive coaching paths without needing admin intervention—saving time and scaling response.
With every interaction, agents can learn what works—refining nudges, timing, content and delivery channels to increase engagement and behavior change. It adapts with every user response.
From Awareness To Action: Why This Matters
The goal of human risk management has always been to reduce human cyber risk, but awareness alone isn't enough. Behavior is what matters.
The strategic use of agentic AI can help bridge the gap between awareness and action by reducing response time from detection to intervention, scaling personalized experiences across thousands of employees and ensuring interventions are timely, relevant and effective. This elevates HRM from being a compliance tool to a behavior-change engine.
Final Thought: Agentic AI Isn't A Silver Bullet—It's A Catalyst
Cybersecurity is entering an era where systems don't just alert—they act. Agentic AI introduces new ways to guide users, reduce risk and scale defensive behavior across the organization. However, these benefits only emerge when agentic AI is deployed strategically. Success depends on:
• Clear goals and boundaries
• Transparent communication
• Ethical considerations and user trust
• Strong integration with organizational systems
The organizations that thrive in this new era will be those that use agentic AI not as a magic solution, but as a catalyst within a thoughtful, holistic human risk strategy—one that evolves alongside the threats it aims to defeat.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?