People Are the New Perimeter: Securing the Human Attack Surface

SAN FRANCISCO, CA – June 02, 2026 – In the sprawling, interconnected world of enterprise security, the frontline has quietly shifted. It’s no longer just a network firewall or a secure cloud server; it’s the LinkedIn profile of your CFO, the public X posts of your engineers, and the digital footprint of every employee. This is the “human attack surface,” and a San Francisco-based firm, Kanary, just drew a new line of defense on it with integrations for X and LinkedIn, signaling a pivotal evolution in how we must think about corporate risk.

Kanary, a platform specializing in what it calls Human Attack Surface Management (HASM), announced it will now directly monitor and mitigate data exposure risks on two of the world’s most prominent professional and public social networks. The move aims to shield individuals—and by extension, their employers—from the escalating threats of doxxing, impersonation, and sophisticated social engineering campaigns.

The Human Element: From Weakest Link to Primary Target

The long-held adage of employees being the “weakest link” in security has become an understatement. Today, they are the primary target. The 2024 Verizon Data Breach Investigations Report (DBIR) starkly illustrates this reality, finding that the human element was a component in 68% of all data breaches. This isn’t just about accidental clicks on phishing emails; it’s about the systematic exploitation of publicly available personal data.

Threat actors treat platforms like X and LinkedIn as open-source intelligence goldmines. An employee’s job history, professional connections, project mentions, and personal interests create a detailed map for attackers. This information becomes the fuel for highly personalized spear-phishing campaigns, credential stuffing attacks, and social engineering ploys designed to bypass even robust technical defenses. According to a recent Palo Alto Networks report, a staggering 36% of all security incidents now begin with a social engineering tactic.

“Our integrations with X and LinkedIn give security teams the tools they need to manage the attack surface their people carry with them every day,” said Rachel Vrabec, Founder and CEO of Kanary, in the company’s announcement. “In an agentic internet where AI is weaponizing personal data at machine speed, human attack surface management isn’t optional, it’s a core function of enterprise security.”

The Agentic Internet's Dark Side

The term “agentic internet” describes an environment where autonomous AI agents can execute complex tasks. While this promises innovation, its dark side is already here. Malicious AI is being used to automate and scale attacks on individuals with terrifying efficiency. Industry reports reveal a 135% increase in social engineering attacks supercharged by generative AI, and some experts estimate that over 80% of all phishing is now AI-powered.

These are not the clumsy, typo-ridden emails of the past. AI can craft perfectly grammatical, contextually relevant messages, mimic writing styles, and even generate deepfake audio and video to impersonate executives. The surge in this activity is alarming, with deepfake fraud attempts skyrocketing by 3,000% in 2023. These tools lower the barrier to entry, allowing less-skilled actors to launch sophisticated campaigns that were once the domain of nation-state hackers.

This AI-driven weaponization of personal data transforms social media from a networking tool into a large-scale surveillance infrastructure for adversaries. Every public post and profile detail is scraped, aggregated, and analyzed to build a profile for exploitation. Kanary's new service is a direct response to this hyper-automated threat, aiming to provide a counter-measure that operates at a similar scale.

A New Front in Corporate Defense

Kanary’s approach represents a tangible shift from passive data removal to active Human Attack Surface Management. Unlike traditional services that focus on scrubbing information from data broker sites, HASM is a continuous process of identifying, monitoring, and mitigating risk across the high-impact digital territories where people live and work.

The new integrations allow organizations to scan X and LinkedIn for three critical risk areas:

• Public Posts: The platform scans posts for personally identifiable information (PII) that could be weaponized, as well as signs of doxxing, threats, or fraud.
• Profiles: It looks for impersonation accounts that could damage an individual’s or a brand’s reputation, and flags profiles that have been sources of targeted harassment.
• Settings: It audits accounts for security vulnerabilities like missing multi-factor authentication (MFA) or lax privacy settings that over-share data by default.

This isn't a one-size-fits-all solution. Kanary recognizes that a CEO facing a contentious merger has a different threat profile than a mid-level manager. Its platform allows for configurable scanning—from monthly to daily—enabling security teams to dial up monitoring for high-value targets or during periods of elevated risk. When a threat does materialize, the service provides structured incident response support, offering guidance and documentation to help contain the damage.

The Overwhelmed Individual and the Corporate Response

The need for such a service is underscored by a simple truth: individuals are losing the battle for their own privacy. Pew Research data shows that even among those most confident in their digital privacy skills, nearly half (47%) feel overwhelmed by the effort required to manage their online presence. A staggering 84% admit to skipping privacy policies altogether. It’s an unwinnable war for one person to fight alone.

This is why CISOs and business leaders are increasingly accepting that protecting their employees' digital lives is a corporate responsibility. The cost of inaction is simply too high. With the average data breach now costing a company $4.88 million, according to IBM, investing in protecting the human perimeter is not just a security measure—it's a financial imperative.

By offering a managed service to monitor and mitigate these personal digital risks, companies are not only reducing their own vulnerability but also alleviating a significant source of stress for their employees. As Kanary expands its coverage to other platforms like Instagram, TikTok, and YouTube, this new category of security is poised to become a standard part of the enterprise defense stack, acknowledging that in the modern era, an organization is only as secure as the digital lives of its people.