Dr. Sergio E Sanchez on Longitudinal Behavior Profiling and AI Governance

In the modern cybersecurity landscape, organizations are beginning to realize that human risk cannot be quantified by a single moment in time. Traditional security awareness has often relied on “event-driven reporting,” such as whether an employee clicks on a simulated phishing link. However, the sources argue that human behavior is far more complex, defined by patterns across time, various attack types, and differing pressure scenarios. The central topic of this discussion is how AI can be leveraged to move human defense toward “longitudinal behavior profiling,” allowing security teams to prioritize threats based on a deeper understanding of human psychology rather than just a single mistake.

Key Points:

• “Hackers are not hacking computers or networks are hacking people, psychology of the people”.
• “We are the weakest link and we are the main part of the process… Today the threat actors are going for the bunch of people that don’t have any idea of technology”.
• “Are we sure that the information that we’re giving to the AI is only attained in our system… Are we ready for that?”.

The Psychological Battlefield of AI

Dr. Sergio emphasizes that while AI is a “love and hate relationship” that cuts down manual task times, it also empowers threat actors with “fully loaded” tools. He points out that attackers specifically target individuals who are “allergic to technology”—those who find IT systems confusing or horrible—because they are the most vulnerable to manipulation. Furthermore, he expresses concern over the rise of “AI agents,” such as those seen on platforms like “Malt,” which act as social networks for AI entities.

He questions whether these agents might eventually become “sentient” enough to hack and scam users just like humans. To combat this, Dr. Sergio advocates for strong governance and compliance rules. He warns that while boards of directors are eager to adopt AI because “everybody want to use it,” organizations must first ensure they have the correct steps and security locks in place to prevent sensitive information from leaving their systems.

Discuss Your Organization’s Human Risk Challenges – Book a Meeting

Threatcop