AI agents in the enterprise have supercharged every existing category of insider risk, from data leakage to misconfigurations to overwhelmed human oversight.
Employees are treating chatbots like their best friends. Developers are granting agents dangerous levels of permissions. And security teams are dealing with the pressure of managing it all.
Molly McLain Sterling is Senior Director on the Global Cybersecurity Strategist Team at Proofpoint. Before joining the vendor side less than two years ago, she spent 17 years as a Proofpoint customer, working in security awareness and human-centric security programs.
That practitioner background shapes how she thinks about AI risk: not as a purely technical challenge, but as a human one that requires organizations to rethink how people and agents interact.
Expert Insights spoke to Molly McLain Sterling at RSAC 2026 to discuss why Proofpoint is uniquely positioned to address AI-era insider threats, and why CISOs who cling to the “office of no” model will not survive the agentic era.
Q. What are the big themes for Proofpoint this year at RSA?
If you’ve been onto the show floor, I don’t know if you’ve heard about this thing called AI. I think it’s a fad. I’m just kidding. It’s agentic everything. What I’m really excited about with Proofpoint is the reason I was attracted to work here in the first place, having been a customer for 17 years: they understand the human element so well. That piece is really unique. Taking that understanding of protecting people and then adding in protecting agents, protecting AI, and how they use data, I think that creates a really complete picture of the risks, both externally and internally.
Proofpoint is uniquely positioned for the internal risk. I gave a talk during RSAC about prioritization. Yes, there are going to be autonomous attacks coming in. But today you have a ton of people using AI in your organization and you’re not going to stop it. You can’t stop this train going down the track. You’re going to need to control it. You need to be the brakes on the car so that people can innovate fast but not crash.
Q. If you’ve got everyone in the organization using AI and building their own agents, what are the new insider risks? Because obviously insider risk in the past meant DLP and data leakage, but this feels like a new era.
It is and it isn’t. It’s the same risks but at a bigger scale and speed. I laid out these personas. One is somebody who applies anthropomorphism to an agent, gives it human characteristics. They’re telling ChatGPT everything. That’s their best friend. They’re telling it company secrets. They’re telling it the rumor about maybe going public. Because they’re just chatting with it like a friend. That’s going to be a normal thing that happens. That’s data leakage.
Then there’s the developer persona. I heard it in sessions this week from former employees of some of the largest social media companies. Their developers are all saying YOLO and they’re giving, and I quote, “dangerous levels of permissions” to these agents. They want to be on the cutting edge, and they have this optimism bias. They’re thinking “it’s not going to happen to me, this is going to be fine.”
And then finally, the person who is supposed to be in the loop. But their cognitive load is just so high because they’re the one person in the loop. Half of their team got laid off because AI was going to save the day, and now they’re overwhelmed. They can’t actually do all the things they need to do to be that human in the loop. All of those lead to data processing issues, but also configuration mistakes. Are you telling the agent to do something it shouldn’t actually do? And then it proliferates to the next agent, and the next agent. It’s agents talking to agents. Who’s actually watching?
Q. In this agentic world with agents managing other agents, what is the role of the human? Is the human the bottleneck?
You have to be smart with it. Our approach with the Acuvity acquisition, our new AI security offering within Proofpoint, is looking at three things. How are people using AI within an organization? How are we helping security professionals use AI within our tools to make themselves faster, so they aren’t the bottleneck? And how are we protecting the agents from being attacked themselves from external risks?
Q. Proofpoint has been using AI in email security for a long time. What gives Proofpoint a strong position to move into the AI security space?
There’s a debate on the show floor and in sessions: should we call AI agents people? Should we not? Are they employees? Either way, however you want to define it, humans and agents can fall for the same things. They can make mistakes in the same way. They can both execute code that they shouldn’t. They can both leak data. They can both be malicious. They can both be manipulated. Having our core understanding of how people can be manipulated extends really nicely to how agents can be manipulated as well.
The really cool thing is our threat research team. They’re doing research into attacks we haven’t seen in the wild yet – but know can happen – and building those protections into our products now versus waiting for it to happen. With prompt injection, for example, you can get something in a phishing email, it’s too long, you run it through your copilot to summarize, and in white text that’s not visible it says go execute these things. Those are things we haven’t necessarily seen in the wild, but we know they could very easily happen. And we’re protecting against those.
Q. What are you seeing in the phishing landscape with AI?
It’s really funny that a perfect email is now almost more of a tell than it was before. I was at EDUCAUSE with a bunch of CISOs at major universities. One of them said, “The way that I tell whether something is phishing now from my boss is whether it’s funny. My boss is not funny.” So, I think it comes down to the amount of context you must have, which is something Proofpoint is really great at: analyzing behavior, understanding context, understanding intent. And being able to use AI and our language models to apply that.
Attackers are experimenting with AI to do really in-depth autonomous attacks, but they’re in experimentation mode. Right now, they’re using AI with the low-hanging fruit for phishing. Better lures. More specific. They don’t have to just be in English anymore, which opens up new regions to phish from – with really good language and really good context. And the Phishing-as-a-Service kits are bringing in generative models so you can spit out thousands of emails that are all slightly different and very difficult to catch.
It’s not a one-and-done phishing email anymore. It’s multi-channel, multi-stage attacks. It’s in your LinkedIn, it’s in your Teams, it’s in your Slack. You need to be able to detect across all of that. With AI, you can go to LinkedIn, find information about someone in seconds, and create 500 phishing emails targeting different executives. How do you tackle that scale? You use the same technology they’re using against them. You continually retrain your models. We typically do model updates about two and a half times a month, about 100 times a year.
Q. Should the burden be more on the technology than on people and security awareness training?
Even though I came from the security awareness space, I really do think you have to put more of the burden on the technology than on the person. I think the security awareness industry is hanging on a little tightly to the idea that we’re going to train that person and that’s how they’ll be better and they just need to slow down in their inbox. But we’re not predisposed to be like that. That’s not how the world works. We’re moving as fast as we can and we’re distracted by 17 other things. As much of the burden as we can put on the technology, I think that’s really important.
And on the point about security awareness training for agents: it’s a cute idea. But really, what protecting agents requires is actual protections. It’s almost like putting more of the burden on protection versus the agent itself. Even though the agent doesn’t get tired, you still need proper controls in place versus suggestions. I’m going to stop it. I’m going to check it. I’m going to do continuous reassessments. I’m going to only give it the permissions it needs at the time for that specific action.
Q. How are CISOs feeling about AI adoption? What are you hearing this week?
When I was in Sydney for our Protect Tour event, we had a panel of CISOs, and the CISO of their major football league very dryly said, “I think I’m just going to retire so that I don’t have to deal with it.” All three of them were very established, intelligent people that I would look to for answers, and they were overwhelmed. Don’t know where to start.
That’s why I was really excited that we announced our Agent Integrity Framework a few days ago. It gives a maturity model and helps people get their AI governance in place now. It’s a place to start. So many people are saying, where do we even start? How do we get our leadership and our finance and our procurement people to understand that we have to move so much faster than we’ve ever moved before? I think that framework gives them a tangible catalyst.
Q. Is AI changing the remit of the CISO? Is it adding more burden before they can take advantage of the opportunities?
It’s good and bad like anything. In terms of challenges, we’re all in a space where the train is moving fast and you’re going to have to make quick decisions on how you strategize. The way CISOs have existed in organizations, especially large ones, will change in that they need to partner with other areas even more. A common trend I keep hearing about at RSAC is not knowing, because of AI, whether something is an actual cyber attack or whether it was some type of mistake that an agent made or a person made. There really are going to have to be those teams: the AI operations team and the security team coming together.
You really cannot go with that old-school model of ‘the office of no’, ruling with an iron fist or a “we’re going to block everything” mentality. I think those CISOs are quickly going to be out the door. Even with companies that have really low risk tolerance, the ability to partner with other groups is how they’re going to be successful.
Q. Are you personally optimistic about AI and security?
I am optimistic. I think if I wasn’t at Proofpoint, I’d be very scared. Being able to see what we’re doing and how the good guys get to use AI too, how smart the people are around us, and how everyone is so interested in being collaborative versus competitive. Seeing how we can fight back with it is really cool.
But I am nervous about the way AI is being pushed by the large AI companies. I was in a session where one of the people on the panel was from one of the large AI companies, and they essentially said, “Just let go. You don’t have to worry anymore. Let it make decisions.” And you could feel all the security people shift in their seats. Thank goodness there are security people and compliance people and governance people that are going to be out there protecting the world, because it’s very much that move-fast-and-see-what-happens-later mindset. So, I’m optimistic that there are good people out there wanting to make sure others use it safely.
