New Assessment Agent Delivers Personalized Security Measurement Tailored to an Organization’s Controls and Policies
KnowBe4, the world-renowned platform that comprehensively addresses human and agentic AI risk management, announced the launch of its Custom SAPA (Security Awareness Proficiency Assessment) AI Agent. This intelligent agent, delivered within AIDA – KnowBe4’s suite of Artificial Intelligence Defense Agents – marks an evolution in how organizations measure security awareness by transitioning from generalized assessments to environment-aware, tailored testing.
Also Read: CIO Influence Interview With Jake Mosey, Chief Product Officer at Recast
For years, security professionals have relied on standardized assessments like KnowBe4’s Security Awareness Proficiency Assessment (SAPA) to establish baseline user knowledge. However, as security programs mature, organizations increasingly require assessments that reflect their unique internal policies, specific technologies, and individual workflows. The Custom SAPA Agent addresses this need by using specific organizational information such as its security stack and industry context, to curate questions that reflect how security actually operates within that specific environment.
“Our goal with the Custom SAPA Agent is to eliminate the guesswork security leaders face when trying to justify training and remediation efforts,” said Bryan Palma, CEO at KnowBe4. “Decisions are often made using generalized assessment data that doesn’t reflect an organization’s true internal reality. This lack of specific data creates obstacles for security teams, leading to friction when they need to secure investments, set remediation priorities, or communicate risk. We provide the precise data teams require to confidently articulate their security posture.”
Key Features of the Custom SAPA Agent include:
- Organization-Specific Precision: Assessments are generated by the AIDA agent based on an organization’s unique environment and security stack rather than a fixed, one-size-fits-all question set.
- Admin Control: Administrators maintain full visibility and can review or curate questions to ensure they are relevant to their specific workforce.
- Granular Risk Insights: Per-question response analytics allow admins to see exactly how learners engage with security concepts, revealing hidden trends and high-priority risk areas.
- Actionable Training Roadmaps: Assessment outcomes directly inform targeted Security Awareness Training (SAT) campaigns, ensuring follow-up training is data-backed and aligned to real risk.
“The Custom SAPA Agent transforms the traditional assessment from a general proficiency check into a diagnostic instrument designed to identify the knowledge gaps that matter most to an organization’s specific risk profile,” said Greg Kras, chief product officer at KnowBe4. “By aligning questions to the organization’s real-world controls and policies, we are giving security leaders the opportunity to create training programs that address their high-priority risks.”
The development of the Custom SAPA Agent is backed by more than five years of real-world usage data from more than 50,000 organizations and five million SAPA completions. This deep pool of insight has allowed KnowBe4 to refine its proven SAPA framework into a more adaptive, intelligent tool for IT and InfoSec leaders.
Catch more CIO Insights: Why CIOs are becoming chief risk orchestrators?
[To share your insights with us, please write to psen@itechseries.com ]
