As Data Privacy Day approaches on 28 January, the conversation around protecting information has shifted yet again. For years, the mantra was simple: train your people. But in 2026, the workforce has expanded. We have arrived at a point where we are managing the complex, high-speed intersection of human and Artificial Intelligence (AI) – and both hold the master keys to the most private data people and organisations have.

Anna Collard, SVP of content strategy & CISO advisor at KnowBe4 Africa, argues that the old binary of ‘people vs. technology’ is a dangerously outdated narrative now. The new standard is Human Risk Management+ (HRM+) – a strategy that trains humans and AI agents equally to form a unified, adaptive defence layer.

“We have entered the era of ‘Dual Defense’,” says Collard. “Your employees are using AI tools to process data and bad actors are using AI to steal it. You simply can’t only rely on training employees. You must now train your AI defence agents to spot the threats humans miss, while simultaneously training your humans to use those AI agents securely. If you ignore either half of that equation, you have an open door and a very important set of keys left in the lock.”

The Human-AI vulnerability gap

The vast majority of data breaches still involve a human element but the nature of that element has changed. It can certainly still involve clicking a suspicious link but it is also about how employees interact with unmanaged AI tools and how they respond to AI-generated attacks that are indistinguishable from reality.

“In 2026, a static defence cannot stop dynamic threats,” notes Collard. “Attackers are using automation to scale their social engineering. If your defence relies solely on an employee remembering a policy they read six months ago, you will fail. We need Agentic AI – intelligent defence agents that sit alongside the employee, offering real-time coaching and intervening the moment risky behaviour is detected.”

From ‘Security Awareness’ to ‘Adaptive Defense’

South Africa’s regulatory landscape, underpinned by POPIA, demands that organisations take "reasonable technical and organisational measures" to protect data. Collard suggests that in the current landscape, "reasonable" now means "adaptive".

“Compliance checklists are static. Risk is dynamic,” explains Collard. “Modern data privacy requires an adaptive human protection layer. This means using AI to analyse user behaviour in real-time and tailoring the defence to the individual. If an employee in finance is targeted by a spear-phishing campaign, your AI defence agents should immediately step in to offer hyper-relevant coaching or isolate the threat. It is not about restricting the human; it is about augmenting them.”

Training the unified team

To achieve this level of resilience, KnowBe4 advocates for a dual defence strategy that addresses the human-AI boundary:

• Train the human: Move beyond generic awareness. Use data-driven simulations that mirror the specific AI-enhanced threats (like deepfakes or intricate BEC scams) that employees face in their specific roles.
• Train the agent: Deploy AI Defense Agents (AIDA) that learn from your environment. Just as you train an employee to recognise a scam, you must train your security stack to recognise the nuanced behavioural anomalies that signal a human is about to make a mistake.
• Secure the interaction: Ensure that when employees use generative AI tools, they understand the privacy implications. Shadow AI – where employees paste sensitive customer data into public AI models – is the new shadow IT.

The future is collaborative

Data Privacy Day is more than just a reminder to update passwords. It is a call to modernise how we view our workforce.

“We need to stop talking about the ‘human firewall’ as if it stands alone,” concludes Collard. “The future of privacy lies in the collaboration between human intuition and machine speed. When you train your employees and your AI agents to work as a coordinated team, you get compliance, yes, but you also get a self-healing, adaptive defence system that gets smarter with every attack.”