Can agentic AI personalize phishing security training for different users?

Yes. Agentic AI can tailor training based on how individuals interact with simulations, email, and AI tools. Users who show higher risk, such as repeated clicks or missed reports, can receive more targeted scenarios and reinforcement aligned to their specific exposure.

What role does human risk management play in AI-supported phishing training?

Human risk management helps connect user behavior, training outcomes, and risk signals into a unified view. This ensures that AI-supported training reflects real patterns of exposure and leads to measurable improvements in decision-making.

How does agentic AI for phishing training adapt to changes in user behavior over time?

Training evolves as behavior changes. Patterns like improved reporting, repeated mistakes, or new risk signals influence how simulations and follow-up are adjusted, keeping reinforcement aligned with current user activity.

How can agentic AI help security teams deliver more relevant phishing simulations?

By analyzing current threat patterns and user behavior, agentic AI can generate simulations that better reflect real-world attacks and scenarios users are more likely to encounter.

Can agentic AI improve phishing reporting behavior, not just simulation performance?

Yes. Timely, contextual feedback helps reinforce what to report and why it matters. Over time, this builds stronger reporting habits and improves how users respond to suspicious activity, not just how they perform in simulations.

Extortion Gang Sends In-Person Attackers to Exfiltrate Data

An extortion gang tracked as “Silent Ransom Group” is targeting US law firms with voice phishing and in-person social engineering attacks, according to researchers at Mandiant and Google’s Threat Intelligence Group (GTIG).

“UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments,” the researchers write. “Using pretexts such as data migration or invoice-related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities. Once inside the environment, the threat actors either directly conduct searches to locate and exfiltrate highly sensitive data, or manipulate the victim into executing these actions on their behalf. This data typically includes proprietary legal agreements, personally identifiable information (PII), and financial records for subsequent extortion demands.”

Notably, if the voice phishing attempt fails, the gang sends an individual to physically infiltrate the company by posing as an IT worker. This individual attempts to gain access to computers inside the building and copy data to a USB drive.

“The onsite threat actor will claim they need to image the device or create local backups to address a security issue,” the researchers write. “Once they gain access to the endpoint, they attempt to exfiltrate corporate data directly to an external drive.”

The researchers recommend that organizations provide employee awareness training tailored to these techniques, as well as implement the following policies to prevent malicious actors from entering the building:

“Require visitors to display official credentials and photo identification.
“Require front-desk staff to copy and log all physical visitor IDs before granting access.
“Verify the arrival of all technicians against pre-scheduled work orders directly with the verified parent organization or helpdesk dispatcher.
“Enforce a policy requiring physical technical service personnel to be escorted by a corporate supervisor at all times.”

Google has the story: Seeking Counsel: Ongoing Targeted Campaign Against US Law Firms

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

Extortion Gang Sends In-Person Attackers to Exfiltrate Data

KnowBe4 Agent Risk Manager

Secure the Digital Workforce: Human + AI

ABOUT KNOWBE4 TEAM

Subscribe the KnowBe4 Blog

Posts By Topic

Get the latest insights, trends and security news. Subscribe to CyberheistNews.

Get the latest insights, trends and security news. Subscribe to CyberheistNews.