



















As we speak, bad actors are using AI agents to do their dirty work.
Our own research tells us 85.8% of phishing attacks were AI-driven in the past 12 months. Agentic power is helping social engineering and malware get smarter, faster and harder to detect.
But enough of what you probably already know. Let’s talk about how we can address these risks.
Our CISO Advisor Dr. Martin Kraemer wrote recently about AI agents being used for good. Agentic AI has the ability to address technical and strictly infosec-based organizational roadblocks (SOC alert fatigue, out-dated email security, etc.).
But AI agents are not just for the IT side of the house. Those responsible for security awareness training (SAT), admittedly sometimes one and the same, should get to play with these toys too.
This is where AI Orchestration comes in.
KnowBe4’s AIDA (Artificial Intelligence Defense Agents) Orchestration transforms security awareness from a manual process into an always-on system designed to keep pace with modern threats.
AIDA Orchestration acts as the “Moderator Agent” for SAT programs, coordinating how other agents work together as a single system. Admins maintain control by defining guardrails called "Plans" that set boundaries such as testing frequency, training limits and user group policies. Within those boundaries, AIDA Orchestration executes autonomously.
By coordinating multiple KnowBe4 AI agents around the single goal of reducing human risk, it delivers smarter training, stronger defenses and real operational relief. This technology monitors behavior, detects risk signals and responds automatically with targeted interventions at the moment they're most likely to drive behavior change.
Adversaries operate in real time. Even the best SAT programs can operate on a batch schedule. When an employee fails a phishing simulation, any remedial training that has to be manually assigned could take days to deliver. Organizations could be asking employees to learn from mistakes they've already forgotten making.
For large security teams, the hidden cost of SAT isn't the license fee; it's hours spent on manual triage, list management and campaign scheduling. Every hour an SAT admin spends managing training logistics is an hour not spent on researching emerging risks and improving the security posture and culture.
Some of the smartest folks at KnowBe4 have spent most of 2026 tracking AIDA Orchestration usage across a select number of KnowBe4 customers. Here’s what they’ve found so far:
| Metric | No Orchestration | With AIDA Orchestration |
|---|---|---|
| Remedial training assignment rate after phishing failure | <1% | 26% |
| Total training coverage | 20%-30% | 50%-60% |
| Risk score reduction speed | Baseline | 4x faster |
| Users trained | Baseline | 2x more users |
| Phishing emails reported | 20% | 36% |

By automating the response to a phishing simulation failure, AIDA Orchestration-driven environments see remedial training rates jump from less than 1% to 26%. The difference isn't just frequency—it's proximity. A targeted, relevant nudge delivered at the moment of failure drives behavior change in a way that a delayed generic module never can.
Organizations using AIDA Orchestration experience a 4x faster reduction in risk scores compared to those using traditional methods. By identifying training gaps across multiple risk dimensions and intelligently doubling the number of actively trained users, AIDA Orchestration transforms a passive training program into a dynamic defense layer.
When training is relevant and timely rather than repetitive and delayed, employees stop being passive targets and start behaving as active participants in the organization's defense. AIDA Orchestration's personalized reach drove a 79% increase in phishing email reporting rates, turning the workforce into a distributed early-warning system.
For organizations with 500+ employees, distributed workforces or high-frequency phishing exposure, the ROI case for AIDA Orchestration is clear: administrative savings alone often justify the investment before factoring in risk reduction.
The ultimate goal of a culture-embedded security awareness strategy is more sensors, not just fewer clicks.
In 2026, the question for the CISO isn't whether the organization has an SAT program. The question is: Does the program move as fast as the attackers do?
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。