Security awareness programs are built on measurement. Before you can reduce human risk, you need a clear understanding of where knowledge gaps exist across your workforce. For many organizations, that process starts with a baseline assessment.
For years, KnowBe4’s Security Awareness Proficiency Assessment (SAPA) has provided that foundation. Used by more than 50,000 organizations and completed over 5 million times, SAPA has helped security leaders measure workforce awareness with consistent, scalable insights.
But as security programs mature, many organizations are discovering that baseline awareness alone isn’t enough.
Traditional assessments are designed to apply broadly across organizations. While this makes them effective for establishing general knowledge levels, they don’t account for the unique policies, technologies and workflows that define how security actually operates inside a specific environment.
And that creates a challenge.
When assessments are disconnected from the realities of an organization’s security stack and internal processes, security leaders are often forced to make high-impact decisions using generalized data. That can make it harder to justify training investments, prioritize remediation efforts or clearly communicate human risk to leadership.
Today, we’re introducing the Custom SAPA Agent, a new capability within KnowBe4’s AIDA suite of AI agents for human risk management. The Custom SAPA Agent measures security awareness with organizational precision.
Instead of delivering a fixed, one-size-fits-all assessment, the Custom SAPA Agent starts by understanding your environment. Using insights gathered from the Environment Survey, the agent analyzes your organization’s security stack, internal policies, workflows and industry context. From there, the agent curates assessment questions that reflect how security actually works inside your organization.
This transforms the assessment from a general proficiency check into a diagnostic instrument. Rather than simply measuring baseline awareness, the Custom SAPA Agent helps identify the knowledge gaps that matter most to your organization’s specific risk profile.
By aligning assessment questions with real policies, tools and processes, security leaders gain more accurate and actionable insights. Detailed question-level analytics show how users engage with specific security concepts, helping identify patterns, trends and high-priority risk areas across teams and roles.
The result is a clearer understanding of where targeted training can have the greatest impact.
The Custom SAPA Agent also gives administrators full visibility into the assessment itself. Security teams can review and curate generated questions to ensure they reflect real-world scenarios relevant to their environment. This level of transparency and control ensures the assessment remains both precise and practical.
Most importantly, assessment results don’t stop at reporting. The insights generated by the Custom SAPA Agent directly inform targeted Security Awareness Training campaigns, enabling organizations to build data-driven training roadmaps that address real risks.
The introduction of the Custom SAPA Agent represents the next evolution of SAPA.
After more than five years of real-world use across tens of thousands of organizations, KnowBe4 has developed a deep understanding of how security leaders measure awareness—and where greater precision is needed. That insight directly shaped the development of this new agent within AIDA.
By combining the proven SAPA framework with adaptive intelligence, the Custom SAPA Agent delivers an environment-aware approach to measuring security awareness.
For IT and InfoSec leaders who rely on assessments to guide their security programs, this means moving beyond one-size-fits-all measurement toward a smarter, more precise way to quantify human risk and guide training decisions.
Because the more accurately you measure awareness, the more effectively you can reduce risk.
