Discover Gartner®
Managing GenAI Risk Through
Security Behavior and Culture Programs

GenAI is changing how work gets done and expanding the human attack surface in the process. As employees use AI to create, decide, and communicate, traditional security awareness can nolonger contain the risk. Discover why managing GenAI risk now demands a shift from awarenessto secure behavior and culture - without slowing innovation.

Why GenAI Has Broken Traditional Cybersecurity Defences

Accelerated GenAI adoption has exposed a critical gap in organizational defenses

Employees are using GenAI in ways existing training, policies, and detection controls were never built to handle; while attackers weaponize AI to make social engineering faster, more convincing, and far harder to spot.

Ask yourself:

  • Are your employees prepared to detect and respond to AI‑powered phishing and deepfakes?
  • Do you have real visibility into (and control over) shadow AI across your workforce?
  • Are your security programs shaping secure GenAI behaviors, or simply increasing awareness without reducing risk?

This Gartner® research helps cybersecurity leaders understand why unmanaged human interaction with GenAI has become a primary driver of cyber risk and why evolving security behavior and culture programs is critical to closing this gap before attackers exploit it at scale

GartnerClaim Report
Claim your copy

By clicking get started below, you consent to allow OutThink to store and process the personal information submitted above to contact you.

These global organizations are already tackling their cybersecurity human risk management challenges with OutThink

Trusted By

Over 7,000 security insights provided by learners shaping future policies and communications, 99.2% training completion.
Increased user engagement with cybersecurity by over 45% in 6 months.
Increased phishing reporting rate to 25% of all emails reported.
Reduction in human risk level by 10% through first 6 months of implementing a targeted adaptive security program
Ability to train 100% of employees, including factory workers, for the first time.

OutThink's Takeaways:

Managing GenAI Risk Through Security Behavior and Culture

Gartner analyst guidance on how accelerated GenAI adoption is reshaping the human attack surface; and what cybersecurity leaders must change to reduce employee‑initiated risk. Explore the critical shifts required to protect AI investments while strengthening organizational resilience.

1 Employee‑Initiated GenAI Risk Is Now a Primary Attack Vector
Human interaction with AI has become a core security exposure.
Accelerated GenAI adoption has introduced new, employee‑driven risk that traditional controls cannot contain. Unmanaged use of public GenAI tools, unsafe handling of sensitive data, and shadow AI on corporate devices are expanding the attack surface faster than detection and governance models can adapt. Cybersecurity leaders must now manage how employees interact with AI, not just the technology itself.
2 AI‑Augmented Social Engineering Has Outpaced Detection
Deception is more convincing, scalable, and difficult to recognize.
Threat actors are using GenAI to power deepfakes, highly personalized phishing, and adaptive social engineering attacks that bypass employee intuition and legacy training. As AI‑assisted malicious content continues to rise, employees can no longer rely on “spot the red flag” techniques. Security programs must evolve to build behavioral resilience against AI‑driven deception.
3 Shadow AI Is Undermining Data, Privacy, and Trust
Unauthorized GenAI use is quietly eroding governance
Employees frequently use personal or unapproved GenAI tools for work, often inputting sensitive or proprietary information without visibility or control. This “shadow AI” introduces significant privacy, IP, and regulatory risk - while remaining largely invisible to security teams. Managing GenAI risk now requires clear behavioral guardrails, not just policy statements
4 Security Behavior and Culture Programs Must Evolve
Reducing GenAI risk requires behavior change, not awareness
Traditional security awareness programs were not designed for continuous human‑AI interaction. Gartner emphasizes the need to strengthen security behavior and culture programs (SBCPs) to drive secure GenAI practices, reinforce vigilance against AI‑enabled attacks, and embed human oversight into daily AI use. This people‑centric shift is essential to reducing risk without slowing innovation.

Why We Believe This Report Matters for Security Leaders

Refine Investment Priorities:Redirect spending toward managing employee‑initiated GenAI risk, strengthening security behavior and culture programs that address how people actually interact with AI not just the technology itself.
Protect AI‑Driven Innovation:Enable faster, safer GenAI adoption by embedding secure behaviors and clear usage guardrails, reducing shadow AI and preventing misuse that can stall or derail innovation.
Reduce Human‑Led Risk Exposure:Strengthen organizational resilience by addressing AI‑augmented social engineering, deepfakes, and unsafe GenAI practices before they translate into material security incidents.
Secure Executive Alignment:Anchor GenAI risk discussions and behavior change initiatives in authoritative Gartner®research, helping leaders build executive confidence, align governance, and operationalize secure AI adoption at scale.
Stay Ahead of the Curve
Don't React.
Lead.
Access the full Gartner report now to understand the disruptive trends shaping 2025 and beyond.Prepare your organization for what's coming.
GartnerClaim Report
Claim your copy

By clicking get started below, you consent to allow OutThink to store and process the personal information submitted above to contact you.

Source: Gartner, “Cybersecurity Trend: GenAI Breaks Traditional Cybersecurity Awareness Tactics”, by Alex Michaels and Richard Addiscott, January 14, 2026.
GARTNER is a trademark of Gartner, Inc. and/or its affiliates.