SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Office workers guided by friendly ai away from phishing email
#
Firewalls
#
Data Protection
#
Network Security

Safe AI coaches staff to cut cyber attack errors

Fri, 12th Dec 2025
Author image
By Shannon Williams, News Editor

Cybersecurity vendors and corporate security teams are experimenting with a new generation of "safe AI" tools that provide real-time coaching for employees during potential cyber attacks.

The tools focus on human decision-making in high-pressure situations such as phishing emails, suspicious messages, or urgent payment requests.

Vendors claim that early deployments have cut recurring security incidents by as much as 95% in some organisations.

The shift comes as attackers adopt AI at pace.

Security researchers report that criminal groups now use AI systems to automate reconnaissance and tailor phishing content at scale.

The technology enables attackers to customise language, tone, and timing for individual targets.

These attacks often cost very little to run and can reach many employees at once.

Security leaders say this creates a structural disadvantage for staff who rely on memory, manual checks, or sporadic training.

Many organisations still rely on periodic awareness courses and simulated phishing exercises.

Industry data cited by vendors indicates that more than 80% of cyber incidents still originate from human error.

These errors often occur under pressure or distraction, and long after formal training sessions.

Employees rarely revisit training modules when they face an unexpected, time-sensitive request.

They also hesitate to contact security or IT teams in real time.

Many staff fear that asking for help may slow down their work or attract criticism.

As a result, they often act alone on messages that exploit urgency, authority, or fear.

Security firms argue that this gap between training and action is now the main weak point in corporate defences.

Human layer focus

AI is already common in many technical security tools.

Security operations centres use machine learning for anomaly detection, log analysis, and vulnerability scanning.

These applications focus on networks, endpoints, and applications.

The newer tools sit at the "human layer" and interact directly with employees.

The systems operate as conversational assistants embedded in email clients, browsers, or business applications.

They analyse the context of a user's question or task.

They then offer guidance that draws on internal policies, threat intelligence, and behavioural models.

Supporters say this guidance is most effective when it appears exactly at the moment of risk.

That moment could be a link click, an invoice approval, or a data sharing request.

Trust and accuracy

Security teams remain cautious about generic chatbots that rely on public large language models.

Many of these systems have produced incorrect answers or overconfident statements in sensitive situations.

These failures have damaged trust among employees.

Safe AI advocates say that defensive systems must operate on a different architecture.

They describe a design that separates information accuracy from behavioural influence.

The first layer uses curated, organisation-approved content such as policies, standards, and playbooks.

Vendors often use retrieval-augmented generation techniques that limit responses to this internal corpus.

They also add provenance checks and explicit signals when the system is uncertain.

The aim is to avoid "hallucinated" guidance that conflicts with policy or exposes the organisation to new risks.

Once the information layer is in place, the system adjusts how it communicates according to the user's decision style.

"When a decision carries real risk, information alone is not enough. Influence is what changes behavior, and you can't influence without trust," said Dr. James Norrie, DPM, LL.M., Founder and CEO, cyberconIQ.

Behavioural science

Companies in this space, including cyberconIQ, use behavioural science models to classify how employees respond to rules, rewards, and risk.

The systems do not change the underlying facts.

They alter the framing of those facts.

A rules-oriented user receives clear directives and policy references.

A reward-focused user sees the impact of a secure choice.

A risk-averse user receives reassurance, options, or a reversible course of action.

"People do not respond to security guidance the same way. Some want rules, some want reasons, and some prefer a challenge question," Norrie notes. "AI must adapt and create room for truly personalized responses if it expects to be believed."

Proponents say that this alignment with personal decision styles increases adherence in critical moments.

The approach aims to reduce the friction that often comes with traditional security controls.

Dynamic pacing

Safe AI systems also adjust the pace and depth of interaction based on the stakes.

When the system detects high-risk activity, it adds extra checks, sources, or challenge questions.

It may slow down the workflow and require explicit confirmation from the user.

When a task is low-risk or reversible, the assistant responds more quickly and with fewer hurdles.

Supporters say this mirrors competent human judgement, which behaves cautiously when consequences rise.

The result is a digital "coach" that is always available and non-judgemental.

It sits between formal training and technical controls.

Insurance and metrics

Cyber insurers and risk managers are watching these developments closely.

Early pilots reported reductions in recurring user-related incidents and lower claim volumes.

Vendors say the shift from awareness to action becomes measurable once guidance is delivered at the decision point.

The systems generate data on which scenarios cause confusion, hesitation, or insecure defaults.

Security teams can then adapt policies, playbooks, and user journeys based on observed behaviour.

Analysts expect broader trials in sectors with high levels of email fraud and business email compromise.

Financial services, healthcare, and professional services firms are among early adopters.

These organisations face strict regulatory expectations and frequent social engineering attempts.

Vendors argue that avoiding AI in this context will not slow adversaries.

They expect that the next phase of cyber defence will focus on trusted, personalised AI that sits alongside employees during daily tasks.

Related stories
Check Point unveils AI-ready continuous exposure management
GlobalLogic, Elektrobit deepen software-defined car push
AI agents race ahead of governance, security & trust
Fears UK under-16 social media ban will hurt creators
NCC Group, Delinea partner on managed PAM for AI era

Top stories

UK bill accelerates shift to offensive cyber security
Cyderes names Lana Knop Chief Product Officer for AI push
CrowdStrike gains ISO AI governance boost for Falcon
MOTHER AI unveils UK-built sovereign language model
Integrated Quantum unveils quantum-resilient AI data layer