The company is proud to introduce a risk model with 16 categories and 500+ indicators, including dedicated coverage of human AI usage and Agentic AI-providing visibility into tomorrow's attack surface, today.
AUSTIN, TX / ACCESS Newswire / August 25, 2025 / Living Security, the global leader in Human Risk Management (HRM), today announced the V1 launch of a publicly accessible Human Risk Management Framework designed to help security teams understand and govern risk across people, identities, and the emerging class of autonomous AI "co-workers." Unlike existing models that focus narrowly on systems and vulnerabilities, this framework expands coverage through the lens of an organization's greatest security risk-and greatest strength-its workforce. The framework includes categories that address identity access misuse, external threat exposure, human use of AI, and the risks posed by Agentic AI operating alongside employees. This gives enterprises a comprehensive structure to evaluate and govern risk across a blended workforce.
"Humans remain the most dynamic-and most overlooked-part of the attack surface," said Ashley Rose, CEO of Living Security. "But now, with AI agents capable of making decisions and taking actions at scale, the challenge has grown. This framework brings together behaviors, identities, and threats into a unified structure, ensuring that both human and non-human actors can be governed with the rigor today's risk landscape demands."
Why It Matters Now
Research from Cyentia Institute highlights the magnitude of the human risk challenge: just 10% of employees are responsible for 73% of risky behaviors, yet traditional tools detect only 12% of those actions. The addition of Agentic AI into the workforce compounds this challenge, introducing non-human actors capable of amplifying both risk and speed of impact.
Living Security has a proven history of engaging the community to close such gaps. A few years ago, the company invited industry leaders and practitioners to help shape the first HRM Maturity Model, creating a practical guide that defined how organizations evolve their approach to managing human risk. The new HRM Framework follows that same collaborative philosophy-bringing structure to an urgent problem, while opening its evolution to feedback from partners and industry thought leaders to ensure it remains non-biased and widely applicable.
What's in the Framework
The HRM framework is live and freely accessible today. It includes:
16 comprehensive categories of human cyber risk-two dedicated to human use of AI and Agentic AI, addressing near-future risks.
Over 500 indicators of risk activity-most inspired by insights surfaced in Living Security's Unify platform-are classified as risky, neutral, or vigilant. These classifications guide mitigation actions such as nudges, just-in-time training, phishing simulations, or policy updates.
This structure helps security leaders not only gain visibility, but also understand their observability of risk today, identify what to measure next, and prepare for mitigation strategies that will be introduced in future phases.
What's Next
This launch is Phase 1 of a multi-stage initiative:
Phase 2: Alignment of each indicator to MITRE ATT&CK, NIST CSF, and industry research like Verizon DBIR for technical and control mapping.
Phase 3: Introduction of actionable mitigation strategies and response playbooks-closing a missing layer that many industry leaders have said is critical.
Open Collaboration
Living Security is once again, as the company did for the HRM maturity model, inviting the industry to co-create the future of human risk governance. Security professionals, researchers, and technology partners are encouraged to explore the framework, provide feedback, and contribute to its evolution. By keeping it open and non-biased, the goal is to establish a widely trusted foundation that evolves with emerging risks, including the growing influence of Agentic AI.
Visit www.humanriskmanagement.com to explore Phase 1 and join the collaboration.
About Living Security
Living Security is the global leader in Human Risk Management (HRM), providing a risk-informed approach that meets organizations where they are-whether that's starting with AI-based phishing simulations, intelligent behavior-based training, or implementing a full HRM strategy that correlates behavior, identity, and threat data streams.
Living Security's Unify platform delivers 5X more visibility into human risk than traditional, compliance-based training platforms by eliminating siloed data and integrating across the security ecosystem. The platform pinpoints the 10% of users who pose the greatest risk and automates targeted interventions in real time-reducing exposure to human risk by over 90%. Powered by AI, human analysis, and industry-wide threat telemetry, Unify transforms fragmented signals into intelligent, adaptive defense.
Named a Global Leader in Human Risk Management by Forrester and trusted by enterprises like Unilever, Mastercard, Merck, and Abbott Labs, Living Security helps security teams move from awareness to action-driving measurable behavior change and proving impact at every stage of the journey.
Because when security teams can see clearly and act precisely, they can finally stay ahead of tomorrow's threats.
For more information, find us online or follow us on LinkedIn.
Media Contact:
media@livingsecurity.com
SOURCE: Living Security
View the original press release on ACCESS Newswire:
https://www.accessnewswire.com/newsroom/en/computers-technology-and-internet/living-security-launches-the-first-human-ai-cyber-risk-framework-1064434
