Although artificial intelligence (AI) seems relatively new to a lot of people, it was first officially created in 1956 and has been a large, improving branch of computer science ever since. The mass appeal of AI took off in late 2022 when OpenAI publicly released ChatGPTicial iintelligence (AI) seems relatively new to a lot of people, it was first officially created in 1956 and has been a large, improving branch of computer science ever since. The mass appeal of AI took off in late 2022 when OpenAI publicly released ChatGPT.

Similarly, when other Human Risk Management (HRM) vendors started jumping on the AI bandwagon, we like to remind them that KnowBe4 was the first to use AI and has been using machine learning (ML), the backbone workhorse of AI, since early 2016. We were also the first HRM vendor to have multiple active AI agents in the market available for customers to use without requiring complicated hand holding with customer support technicians.

KnowBe4’s Artificial Intelligence Defense Agents (AIDA) allow you to successfully manage human risk with the power and efficiency of AI. This is not a marketing-only claim. We have years of experience and more data than anyone else to show the power of AI in the field of HRM. With AIDA, you can significantly reduce your organization’s risk and demonstrate positive impacts on real-world user behavior.

Today, we have over a dozen AI agents, with many more new ones coming all the time.

Many of our agents are part of our Artificial Intelligence Defense Agents (AIDA).

Here is what we have today covering risk assessment, training, and automated simulated phish testing:

Risk Assessment

We start by assessing each participating user’s cybersecurity risk. Everything we do at KnowBe4 is focused on decreasing cybersecurity risk.

SmartRisk™ Engine

All of KnowBe4’s products and services are built around the ultimate goal of reducing an organization's cybersecurity risk. To that end, every participating user is monitored, assessed, and assigned a risk score. Admins can track individual user risk score ratings to see if they go up or down over time, and aggregate them into various groups, culminating in a single risk score for the entire organization. Management can see if that risk score goes up or down (as it should) over time. Our SmartRisk™ Engine is an AI-enabled risk assessment tool, which looks at dozens of individual factors (such as the user’s position, training completion metrics, simulated phishing scores, and use of other products, such as SecurityCoach™) to calculate and track risk scores.

For more information, see:

• SmartRisk Agent™ and Risk Score Guide
• FAQ: SmartRisk Agent™ and Risk Score Guide

Your organization can easily assess how well your users understand your organization’s specific cybersecurity policies and products.

Custom Security Awareness Proficiency Assessment (SAPA) Agent

The Custom SAPA Agent is designed to measure the cyber risk of an organization across seven security knowledge areas (such as password policy, email security, and data privacy, etc. ) by users answering 10 – 35 questions (soon to be in 36 languages) about the organization’s own security policies. Admins can assess the user’s general knowledge about the organizational policies and identify strengths and weaknesses for more training and attention.

For more information visit:

• Announcing the Custom SAPA Agent: Security Awareness Measurement Built for Your Environment
• Custom Security Awareness Proficiency Assessment (SAPA) Guide

Policy Quiz Agent

You upload a PDF of your company’s policy document(s), and this agent will generate an assessment quiz that can be sent out to users. You can review, modify, and delete the draft questions before they are officially sent out to users.

For more information: Video: AIDA Policy Quizzes

Training

Users need to be trained.

Ongoing Training Agent

The old days of the same training at the same time for everyone are gone! The Ongoing Training Agent continuously monitors for knowledge gaps across your organization and automatically assigns personalized training to each user based on their individual needs and risk profile. Instead of preset schedules (e.g., monthly, quarterly, etc.), this agent continuously evaluates who needs training and delivers the right training content at the right time. The agent automatically selects and assigns training modules tailored to each user’s specific risk profile, training history, and past performances. As a user’s risk score fluctuates based on their behavior, the agent adjusts the difficulty and topic of the training accordingly.

Knowledge Refresher Agent

For any significant training to stick and be remembered, it has to be taught and reemphasized more than once. The Knowledge Refresher Agent automatically creates and delivers bite-sized security quiz refreshers to users based on previous video training sessions. Instead of long or repetitive training, it reinforces key security concepts from the previous training videos in small, easy-to-absorb pieces designed to help users more easily remember and apply what they have learned in real situations.

For more information, see:

• AIDA Knowledge Refresher Guide
• Video: AIDA Knowledge Refreshers

Remedial Training Agent

The Remedial Training Agent automatically assigns targeted training the moment a user fails a simulated phishing test. It tailors content to individual risk scores, behavior, and training history, eliminating manual admin work to improve security habits efficiently.

Simulated Phish Testing

Each user needs to be sent phishing tests to see how well they comprehended, remembered, and put into action the security awareness training they received.

Phishing Agent

The Phishing Agent uses AI to generate realistic phishing tests and sends the right test to the right person at the right time, so you do not have to build or schedule simulated phishing campaigns yourself. It looks at how users have performed on previous tests and topics, their role in the organization, and other existing risk factors. It then picks the best existing simulated phishing template to send a new phishing test to each user. We have years of data to show that AI-selected templates “trick” users more often than human admin-selected templates, which leads to more education and an overall reduced cyber risk.

Template Generation Agent

KnowBe4’s simulated phishing campaigns use “templates” as master guides to making particular simulated phishing emails that are sent to users. The Template Generation Agent uses generative AI to create highly realistic phishing templates based on current attack vectors, so admins do not have to create them. You can guide the agent into particularly difficult levels, based on NIST’s Phish Scale Framework, use location-specific settings, personalized greetings, and pick and customize various Social Engineering Indicators (or “red flags”).

For more information see:

• AIDA Template Generation Guide
• Video: AIDA Template Generation

Deepfake Training Content Agent

2026 is likely the year when social engineering messages containing AI-generated deepfakes (e.g., fake audio, video, and/or images) become super popular, perhaps eclipsing even human-only generated social engineering. You should test your users before malicious hackers do. Our Deepfake Training Content Agent allows you to upload a video of someone in your organization (e.g., CEO, CFO, CISO, etc.) and generate a realistic deepfake of that individual trying to socially engineer employees, which can then be sent out as a phishing test campaign. It literally is as easy as uploading the video (with appropriate permission, of course), and then clicking on next, next, next.

For more information, see:

• Personalized Deepfake Training
• Deepfakes Training Guide

Callback Template Generation Agent

Callback phishing is a type of social engineering message (https://blog.knowbe4.com/fbi-warns-callback-phishing) in which the potential victim is usually sent a message containing text with a false sense of urgency and a phone number to call, both presented as part of a graphic. An example is a fake bill claiming your credit card will be charged for something you know you did not buy. These types of phishing messages are difficult for technical content filtering tools to detect. The Callback Template Generation Agent can be used to more easily create and deploy simulated callback phishing tests.

For more information, see:

• Create and Edit Callback Phishing Templates
• Video: Creating Custom Callback Phishing Templates

Recommended Landing Pages Agent

When users perform a negative interaction (or failure) within a phishing test message, education is best retained when the user is immediately given related education and training. The initial landing page after failing a phishing test is the first step in that security awareness training. The Recommended Landing Pages Agent autonomously suggests the most contextually appropriate landing page to pair with your AI-generated phishing templates.

Orchestration Agent

The Orchestration Agent is the always-on control center of your HRM program. It autonomously plans, launches, and manages phishing simulations and security awareness training at the individual level, eliminating manual administration and campaign-based approaches. It continuously adapts to each user’s risk profile to deliver personalized, goal-driven training that drastically reduces organizational risk.

For more information, see:

• AIDA Orchestration
• AIDA Orchestration Technical Overview
• AIDA Orchestration Guide

The best part is that we have the experience and data to show that our customers who use our AI agents decrease cybersecurity risk faster and better than our customers who do not. AI is a proven benefit to those who use it.

You should be using KnowBe4’s AI agents today!