Manage the Human Side of Risk
People are the largest, least-measured attack surface. AgentFence turns phishing results, training, and behavior into a human-risk score, so you can target the specific people and habits driving your exposure.
Illustrative product view
What human risk management is
Human risk management (HRM) treats people as a measurable risk surface rather than a training checkbox. AgentFence’s human-risk module (/api/v2/human-risk) combines signals - phishing-campaign outcomes, training completion, and risky behaviors like sensitive pastes into consumer AI - into a human-risk score with a real scorer, so you can see who and what drives your exposure and act on it.
What feeds the score
| Signal | Direction | Source |
|---|---|---|
| Phishing-campaign clicks | Raises risk | Phishing simulation |
| Credential submission on a phish | Raises risk sharply | Phishing simulation |
| Sensitive pastes into consumer AI | Raises risk | Shadow-AI detection |
| Targeted training completion | Lowers risk | Security awareness |
| Reporting phishing | Lowers risk | Phishing simulation |
The reduction loop
Score, target, reduce
- 1
Score
Combine phishing, training, and behavior into a human-risk score per person and org-wide.
- 2
Target
Identify the high-risk cohort driving most of the exposure.
- 3
Intervene
Assign targeted training and, where needed, tighter controls.
- 4
Re-measure
Re-run phishing and re-score to confirm risk is falling.
- 5
Report
Show the trend as evidence that the human-risk program works.
How it connects
- Phishing simulation and security awareness are its test and fix arms
- Shadow-AI signals feed risky-behavior into the score
- The org-wide trend becomes evidence for security-awareness controls
- High-risk users can inform tighter action-governance thresholds
Frequently asked questions
What is human risk management?
Human risk management (HRM) is measuring and reducing the security risk that comes from people’s behavior. AgentFence combines phishing outcomes, training completion, and risky behaviors into a human-risk score, so you can target the specific people and habits driving exposure instead of treating everyone the same.
How is a human-risk score calculated?
It combines signals: phishing-campaign clicks and credential submissions raise risk, risky behaviors like sensitive pastes into consumer AI raise it, and targeted-training completion and phishing-reporting lower it. A real scorer turns those signals into a per-person and org-wide score you can track over time.
How do I reduce human risk?
Follow the loop: score everyone, target the high-risk cohort that drives most of the exposure, assign them targeted training and tighter controls, then re-test and re-score. Because the score trends over time, you can prove the intervention worked rather than assuming it did.
Does human risk management tie into technical controls?
Yes. The signals come from phishing simulation, security awareness training, and shadow-AI detection, and the resulting risk picture can inform tighter thresholds elsewhere - for example, more conservative action-governance decisions for a high-risk user. People risk and system risk stop being separate silos.
Stay in the loop
One practical finance briefing a week - new guides, checklists, and benchmarks.
Put a number on human risk
Score it, target the cohort that drives it, and watch the trend fall.
Talk to us