Can agentic AI personalize phishing security training for different users?

Yes. Agentic AI can tailor training based on how individuals interact with simulations, email, and AI tools. Users who show higher risk, such as repeated clicks or missed reports, can receive more targeted scenarios and reinforcement aligned to their specific exposure.

What role does human risk management play in AI-supported phishing training?

Human risk management helps connect user behavior, training outcomes, and risk signals into a unified view. This ensures that AI-supported training reflects real patterns of exposure and leads to measurable improvements in decision-making.

How does agentic AI for phishing training adapt to changes in user behavior over time?

Training evolves as behavior changes. Patterns like improved reporting, repeated mistakes, or new risk signals influence how simulations and follow-up are adjusted, keeping reinforcement aligned with current user activity.

How can agentic AI help security teams deliver more relevant phishing simulations?

By analyzing current threat patterns and user behavior, agentic AI can generate simulations that better reflect real-world attacks and scenarios users are more likely to encounter.

Can agentic AI improve phishing reporting behavior, not just simulation performance?

Yes. Timely, contextual feedback helps reinforce what to report and why it matters. Over time, this builds stronger reporting habits and improves how users respond to suspicious activity, not just how they perform in simulations.

Social Engineering Attacks Abuse Workplace Collaboration Tools

Threat actors are increasingly abusing workplace collaboration tools like Microsoft Teams to launch social engineering attacks, according to researchers at Palo Alto Networks’s Unit 42. Attackers are sending Teams messages that impersonate IT personnel, asking users to approve a multifactor authentication prompt. Both criminal and nation-state threat actors are using this social engineering technique to compromise organizations’ environments. While Microsoft Teams has measures to warn users about potential attacks, the user can still be tricked into accepting the message.

“These chat messages can appear directly in an employee’s feed,” the researchers write. “Microsoft Teams has an impersonation protection feature that presents additional warnings to the chat recipient, but the onus is still on the user to decide whether to accept the message as legitimate. While Teams provides visual indicators that a sender is external, users may overlook these warnings when the sender appears to represent a known vendor, partner, or internal support function. Threat actors count on this combination of visual and domain familiarity to impersonate trusted entities. This lowers user suspicion and increases the likelihood of successful social engineering.”

Unit 42 notes that workplace collaboration tools are a growing attack vector as organizations continue to rely on these tools for day-to-day activities.

“Threat actors have increasingly moved away from traditional phishing techniques toward trusted collaboration tools,” the researchers write. “In the first four months of 2026, phishing alerts from collaboration tools represented 42% of all phishing alerts in Cortex, up from 30% of all phishing alerts in the preceding four months. Organizations continue to make progress in the effort to prevent email phishing. Email gateways are more intelligent. Awareness training and regular phishing simulations have conditioned users to be cautious with email, but far less so with collaboration tools. Using collaboration tools for malicious operations helps a threat actor blend in with legitimate operations. Threat actors know this and use collaboration tools for phishing, with Microsoft Teams being one of those tools.”

Unit 42 has the story: When “Hi, This Is IT” Comes Through Microsoft Teams

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

Social Engineering Attacks Abuse Workplace Collaboration Tools

KnowBe4 Agent Risk Manager

Secure the Digital Workforce: Human + AI

ABOUT KNOWBE4 TEAM

Subscribe the KnowBe4 Blog

Posts By Topic

Get the latest insights, trends and security news. Subscribe to CyberheistNews.

Get the latest insights, trends and security news. Subscribe to CyberheistNews.