KnowBe4, a platform for human and agentic AI risk management, has launched its Custom SAPA (Security Awareness Proficiency Assessment) AI Agent within AIDA, its suite of Artificial Intelligence Defense Agents. This new offering aims to evolve how organizations measure security awareness by providing tailored, environment-aware testing rather than generalized assessments.
Historically, security professionals have utilized standardized assessments like KnowBe4’s Security Awareness Proficiency Assessment (SAPA) to establish a baseline of user knowledge. However, as security programs mature, there is an increasing demand for assessments that accurately reflect an organization’s internal policies, specific technologies, and individual workflows. The Custom SAPA Agent addresses this by leveraging specific organizational information, including its security stack and industry context, to generate questions that align with the organization’s operational security environment.
Bryan Palma, CEO at KnowBe4, stated, “Our goal with the Custom SAPA Agent is to eliminate the guesswork security leaders face when trying to justify training and remediation efforts. Decisions are often made using generalized assessment data that doesn’t reflect an organization’s true internal reality. This lack of specific data creates obstacles for security teams, leading to friction when they need to secure investments, set remediation priorities, or communicate risk. We provide the precise data teams require to confidently articulate their security posture.”
Key features of the Custom SAPA Agent include Organization-Specific Precision, where assessments are generated based on an organization’s unique environment and security stack. Administrators maintain full control, allowing them to review and curate questions to ensure relevance to their specific workforce. The agent also provides Granular Risk Insights through per-question response analytics, which help identify hidden trends and high-priority risk areas. Additionally, it offers Actionable Training Roadmaps, where assessment outcomes directly inform targeted Security Awareness Training (SAT) campaigns, ensuring follow-up training is data-backed and aligned with identified risks.
Greg Kras, chief product officer at KnowBe4, commented, “The Custom SAPA Agent transforms the traditional assessment from a general proficiency check into a diagnostic instrument designed to identify the knowledge gaps that matter most to an organization’s specific risk profile. By aligning questions to the organization’s real-world controls and policies, we are giving security leaders the opportunity to create training programs that address their high-priority risks.”
The development of the Custom SAPA Agent is supported by over five years of real-world usage data, derived from more than 50,000 organizations and five million SAPA completions. This extensive dataset has enabled KnowBe4 to refine its SAPA framework into a more adaptive tool for IT and InfoSec leaders.
The Custom SAPA Agent is currently available to customers with an AIDA subscription.
KnowBe4, based in Tampa Bay, Florida, provides solutions that empower workforces to make informed security decisions. The company, trusted by more than 70,000 organizations globally, focuses on building security culture and managing both human and AI agent risk. Its HRM+ platform offers awareness training, integrated cloud email security, real-time coaching, crowdsourced anti-phishing, and AI Defense Agents. KnowBe4 aims to prepare the modern workforce by training both humans and AI agents to recognize and respond to security threats, supporting workforce trust management and defense strategies.
