Bayer’s Chief Information Security Officer revealed at Infosecurity Europe 2026 that the company has abandoned legacy security awareness tactics in favor of a psychology‑centric program. Rather than drilling employees to spot misspelled words or dubious links, the new curriculum focuses on recognizing the subtle cues of social engineering that AI‑powered attackers now employ at scale. This shift acknowledges that generative models can flawlessly mimic language, tone, and branding across multiple languages, rendering traditional red‑flags obsolete. By training staff to question urgency, authority, and emotional pressure, Bayer aims to transform its workforce into a living sensor network capable of detecting manipulative narratives before they result in compromise.
Technical indicators such as odd URLs or unexpected attachments have lost their predictive power because adversaries now use large language models to craft convincing lures in real time. Jones highlighted that attackers can generate flawless prose in five languages simultaneously, making spelling‑error hunts futile. Consequently, the awareness program emphasizes behavioral psychology: employees learn to ask whether a request creates undue pressure, whether the sender is impersonating a trusted figure, and whether the ask deviates from normal process. The core habit encouraged is a deliberate pause—stop, reflect, and verify—before any action that could break security policy.
A vivid illustration of the program’s effectiveness came from a recent incident involving Bayer’s CFO for the Europe, Middle East and Africa region. The executive received a phone call that sounded indistinguishable from the global CFO, urgently requesting a weekend money transfer. Because staff had internalized the new guidance, every individual who encountered the request reported it through the proper channels, and no funds were moved. Jones cited this case as proof that teaching people to spot psychological manipulation can turn employees into an early‑warning barrier against increasingly realistic AI‑driven scams.
The success of the phone‑call example underscores a broader principle: human vigilance, when guided by an understanding of attacker motives, can outperform static technical filters. Bayer’s mandatory, behavior‑focused training is now embedded in the onboarding cycle and refreshed quarterly, ensuring that the knowledge remains current as threat tactics evolve. Metrics show a measurable rise in reporting rates and a decline in successful phishing simulations, indicating that the workforce is internalizing the pause‑and‑verify habit as a default response to suspicious communications.
Beyond awareness, Bayer has linked AI proficiency directly to access controls for its internal generative AI platform, myGenAssist. Employees must complete concise, role‑specific training modules before they are granted permission to interact with the system, and additional certifications are required for those who wish to build and deploy AI agents within the environment. This prerequisite model ensures that only individuals with a demonstrable grasp of responsible AI use can experiment with agentic workflows, reducing the risk of inadvertent data exposure or model misuse.
The tiered access framework functions as both an incentive and a governance mechanism. By tying progressive privileges to completed training, Bayer motivates staff to upskill while giving the security team clear visibility into who is developing or running agents. The ability to track usage data in real time allows for rapid anomaly detection and policy enforcement, creating a feedback loop where learning directly informs risk management. This approach aligns with broader industry trends where organizations treat AI literacy as a gatekeeper to innovation rather than an afterthought.
Bayer’s Security Operations Center is undergoing a parallel transformation, moving from a model of manual alert triage to one of supervised automation. Jones warned that human analysts simply cannot match the speed and volume at which AI agents can generate and correlate threat data. Consequently, the SOC is being re‑architected so that analysts oversee agent‑driven processes, intervene only when exceptions arise, and focus on higher‑order tasks such as threat hunting and strategy refinement.
Looking ahead, Jones anticipates a shift from “human in the loop” to “human on the loop” within the next two to three years. In this evolved state, AI agents will handle the bulk of routine analysis, enrichment, and initial response, while humans provide strategic guidance, validate outcomes, and adjust playbooks. To support this transition, Bayer is investing in new operational procedures, simulation exercises, and continuous learning programs that teach analysts how to direct, monitor, and correct autonomous agents effectively.
The evolving role of the analyst necessitates a mindset change: professionals must become adept at managing AI agents as they would manage junior team members—setting clear objectives, providing feedback, and overseeing performance. This goes beyond using AI as a co‑pilot for suggestions; it requires the ability to commission agents, define their scope of authority, and intervene when their behavior drifts from policy. Such skills are rapidly becoming a core competency for modern security teams operating in AI‑augmented environments.
Jones urged attendees to reconceptualize the SOC not merely as a security operations center but as a cyber resilience hub. In this view, the team’s mandate extends beyond detection and response to actively shaping the environment to withstand and recover from attacks. This includes the capacity to make controlled, reversible changes to configurations, deploy decoys, or adapt defenses in real time—all orchestrated through agent‑assisted workflows that preserve operational integrity while enhancing adaptability.
Recognizing that risk extends beyond internal boundaries, Bayer has imposed matching AI‑competence requirements on its suppliers. Third‑party partners must complete the same AI training curriculum before they are granted tiered access to myGenAssist, ensuring that external entities interacting with Bayer’s AI ecosystem adhere to comparable security standards. This creates a uniform baseline of understanding across the supply chain, reducing the likelihood that a vendor becomes a weak link in the AI‑driven threat landscape.
To formalize these expectations, Bayer has instituted an internal AI Governance Council that oversees every strategic decision related to AI adoption, deployment, and risk management. The council defines policies, approves use cases, and sets performance benchmarks that suppliers integrating with Bayer’s AI platform are expected to meet. By centralizing governance, the company ensures consistency, accountability, and alignment with broader corporate objectives while providing a clear framework for external collaborators.
Procurement contracts have also been updated to include AI‑specific security annexes. These clauses obligate suppliers to disclose how they utilize Bayer‑provided data, enumerate the AI tools and models they employ, and commit to timely incident reporting. The annexes are being rolled out to major partners now, with a planned extension to the full supplier base over the next eighteen months. This contractual approach transforms vague expectations into enforceable obligations, fostering transparency and enabling Bayer to monitor AI‑related risk across its extended enterprise.
For organizations seeking to emulate Bayer’s success, the first step is to reassess security awareness through a psychological lens—investing in training that teaches employees to discern manipulation rather than rely on superficial technical cues. Second, align AI literacy with access controls, ensuring that competence is a prerequisite for privileged use of generative AI platforms. Third, redesign security operations to embrace supervised automation, preparing analysts to manage AI agents as trusted collaborators. Fourth, extend these standards to third parties via updated contracts and governance councils, creating a unified security posture that spans the supply chain. By combining human‑centric education, controlled AI enablement, and resilient operational models, companies can turn their workforce and partners into a formidable defense against the next generation of AI‑driven threats.