5 minutes reading
The Threatcop AI & Human Risk Management (THRM) 2026 Conference brought together over 20 industry leaders to address a critical reality: while technical firewalls and servers have become increasingly strong, 90% to 95% of successful cyberattacks still target the human element. Throughout the event, experts explored how AI is shifting the battlefield, moving human defense away from static compliance checkboxes toward dynamic, behavior-driven protection.
1. Automating Human Defense with AI
The conference established that the relationship with AI is a “love and hate relationship”. While AI can automate tasks that previously took hours into mere minutes, it also empowers threat actors who are now “fully loaded” with tools to manipulate humans.
- From Events to Behavior: Dr. Sergio E. Sanchez (CISO at Coleman Health Services) argued that security teams must move away from event-driven reporting (like a single click in a simulation) toward longitudinal behavior profiling. Governance and compliance rules must be established before full AI integration to ensure data remains secure and local.
- The Power of Patterns: Chris Bollerud (CISO for AppGen) emphasized using AI to detect emerging signals and patterns across an organization. He highlighted that the most vulnerable employees are often those with the highest level of access—such as accounting departments—rather than just non-technical staff.
- A Layered Approach: Awareness alone is insufficient. Experts advocated for a layered defense. This includes email security to prevent the initial click, sandboxing links, and mandatory Multi-Factor Authentication (MFA) for all credentials.
2. Assessing Human Behavior Beyond the Inbox
Attackers are increasingly exploiting human trust and emotions across multiple channels, including WhatsApp, Slack, SMS, and voice calls (vishing).
- The “People Stack”: Nikunj Rakesh (CISO at Threatcop) noted a major loophole: employees are often professional and cautious on email but lack the same scrutiny on collaboration tools like WhatsApp. He proposed a “People Pillar” governance model, correlating human activity logs across all domains to find vulnerabilities before hackers do—similar to how a SIEM correlates tech stack logs.
- The Impact of Operational Pressure: Gustavo Mastroianni (CISO at Schools Insurance Authority) explained that social engineering often succeeds because of operational pressure, such as quarter-end deadlines, authority bias from C-level executives, or financial stress. Testing employees only in a “calm environment” does not accurately measure their risk during a real breach.
- Time-to-Action Metrics: To truly gauge security posture, organizations should track “time-to-action” metrics, measuring how long it takes an employee to report a threat or verify a suspicious request under stress.
3. Scaling Compliance Training with AI Precision
Compliance breaches rarely happen by intent; they occur because people are overwhelmed, forgetful, or do not understand the rules.
- Proving Behavioral Change: Chandan Kochhar (CISO of the City of Plano) advocated for moving from “completion rates” to real-world signals, such as lower phishing click rates and fewer policy exceptions. AI enables continuous measurement rather than just an annual snapshot.
- Precision training vs. Fatigue: Alexander Oddo (Founder & CEO Freedom SecureIT) emphasized that “one-size-fits-all” training fails because it is often too hard for new employees and too easy for veterans. He suggested bite-sized “micro-training moments” (30 to 60 seconds) tailored to an individual’s specific role, tenure, and past failure rates to avoid fatigue.
- Embedded Controls: Laura Sawka (Founder and GRC Executive) suggested embedding training directly into daily workflows and applications. By putting guardrails early in business processes, organizations can detect issues proactively and reduce human error.
4. Making Security Training Feel Like Practice
Panelists agreed that for training to be effective, it must move from being a “mandatory chore” to a valued skill.
- Centering on Emotion: CISO Preetham Nayak highlighted that training must be centered on human emotions to become a “personal factor” for the employee. He warned that if leadership views training only as an inhibitor to revenue, the program will fail to gain traction.
- Incentives and Gamification: Ashok Kakani (CISO Compunnel Inc.) recommended using internal ambassadors to build relevant training and suggested hiding “coupon codes” in videos to encourage full concentration. Arunish Salotra noted that while leaderboards are common, true engagement often comes from linking security performance to performance reviews or extra credit.
- The Deep Fake Challenge: Aruneesh Salhotra (CEO, CISO SNM Consulting Inc) shared a social experiment where 92% of non-technical staff and 42% of security professionals failed to detect AI-generated imagery. Deep fakes represent the “hardest problem” currently facing organizations.
5. Secure Both Sides of the Inbox
The final discussions focused on granular, infrastructural email security and the “AI versus AI” landscape.
- Intent-Based Security: Lena Kannappan (CISO at Healthcare Triangle Inc.) discussed the shift toward intent-based email security, which analyzes communication context and behavioral anomalies to determine why a message was sent, helping detect zero-day attacks.
- Real-Time DMARC: Pavan Kushwaha (Founder & CEO of Threatcop) highlighted the power of real-time DMARC, which provides visibility into spoofing attempts in as little as 56 to 70 seconds. This allows organizations to uncover the exact email ID used by a hacker and automatically block compromised accounts.
- The Role of Automation: Anand Thangaraju (CISO ePlus Inc.) argued that security should ideally be fully automated. However, the consensus was a tiered approach: happily automate low-impact tasks while maintaining a “human-in-the-middle” for high-impact decisions, especially in sensitive sectors like healthcare.
Conclusion: The Path Forward
The THRM 2026 Conference concluded that human risk is a governance leadership priority that shapes organizational culture. To be effective, the next generation of defense must be personalized, adaptive, and embedded into the very fabric of how people work. By treating the “People Pillar” with the same technical rigor as infrastructure, organizations can move from reactive “checkbox” compliance to a proactive, risk-aware culture where secure choices feel intuitive, not intrusive.
Discuss Your Organization’s Human Risk Challenges – Book a Meeting
