KnowBe4 has expanded its Artificial Intelligence Defense Agents (AIDA) suite with the launch of a new AI-powered assessment tool designed to help organisations measure human cyber risk more accurately.
The company has introduced the Custom SAPA (Security Awareness Proficiency Assessment) AI Agent, which generates tailored security awareness assessments based on an organisation’s own technology environment, policies and workflows. The move aims to address the limitations of traditional standardised testing by providing security leaders with data that more closely reflects their internal security posture, the company said.
The new agent builds on KnowBe4’s long-standing SAPA framework, which has historically been used to benchmark employees’ security awareness. While such assessments provide a baseline of knowledge, KnowBe4 said many organisations now require measurement tools that align with their specific security stack and operational context.
Delivered within the AIDA platform, the Custom SAPA Agent uses information about an organisation’s infrastructure, policies and industry environment to dynamically generate assessment questions that mirror real-world scenarios employees may encounter.
Bryan Palma, CEO at KnowBe4, explained that the tool is designed to give security teams more meaningful data when evaluating training programmes and risk levels.
“Security leaders often struggle to justify training and remediation decisions because they’re working with generalised assessment data that doesn’t reflect their organisation’s reality,” Palma said. “The Custom SAPA Agent provides precise insights into how employees understand security within their actual working environment, enabling teams to clearly communicate risk, prioritise remediation and make informed investment decisions.”
According to KnowBe4, the new agent also gives administrators full visibility into the questions being generated, allowing them to review or refine assessments to ensure relevance to their workforce.
The platform also provides per-question response analytics, helping security teams identify knowledge gaps, track engagement with security concepts and uncover areas of heightened human risk.
Greg Kras, chief product officer at KnowBe4, said the goal is to turn assessments into a diagnostic tool that directly informs security training strategies.
“By aligning questions to an organisation’s real-world controls and policies, the Custom SAPA Agent transforms a traditional proficiency check into a diagnostic instrument,” Kras said. “This enables security leaders to develop targeted training programmes that address their most critical risks.”
Assessment results can be used to automatically inform follow-up Security Awareness Training (SAT) campaigns, ensuring that remediation efforts are driven by data and aligned with real risk areas.
KnowBe4 said the development of the new agent draws on more than five years of data from over 50,000 organisations and five million SAPA completions, allowing the company to evolve the framework into a more adaptive assessment tool for IT and information security teams.
The Custom SAPA Agent is available now to customers with an AIDA subscription.
