KnowBe4’s AI tools help credit union cut phishing risk to 1%

KnowBe4 has highlighted significant progress made by First Community Credit Union in reducing its Phish-prone Percentage (PPP) to nearly one percent, following the deployment of KnowBe4's HRM+ platform and AI-based security tools.

The HRM+ platform, supported by six artificial intelligence agents with plans for six additional agents by the end of 2025, offers a suite of tools to manage and reduce human risk in cybersecurity. The platform's AI-driven element, AIDA (Artificial Intelligence Defence Agents), leverages data from more than 13 million users worldwide collected over 15 years.

AI and insights

AIDA integrates human expertise with artificial intelligence, combining information from 316 indicators across 37 factors and seven knowledge areas. It automates targeted security actions for organisations based on their distinct threat environments, supporting security teams in faster operations, smarter training, and enhanced defensive capabilities.

KnowBe4's approach draws on what it calls the industry's largest data pool of simulated phishing events and user-oriented cybersecurity protections. This foundation enables the development and expansion of its agentic AI capabilities, which aim to address an evolving cyber threat landscape shaped by both increasingly sophisticated attack methods and the progress of AI technologies.

Customer experience

Bryan Perkola, Senior Vice President of Information Security at First Community Credit Union, described the impact of the AIDA tools on the organisation's security awareness programme and outcomes.

"We've recently started using the AIDA products in our defences," said Perkola. "So being able to show how AI is actually influencing what we're doing with the defences now versus the threats has been very significant. I couldn't imagine switching to anything else."

The credit union's experience reflects a broader trend noted by KnowBe4, where customers are benefiting from more informed, actionable insights into their own vulnerabilities and user behaviour. The improved security outcomes demonstrate the practical use of AI in controlling and mitigating phishing risks, which remain one of the most common and effective attack vectors.

Organisational context

With data showing that cybersecurity threats often succeed due to human error or lack of readiness, KnowBe4 continues to focus its technological and training products on the people-centric aspects of defence. The availability of six AI agents currently, along with the planned introduction of six more by the end of 2025, highlights an ongoing investment in updating defensive measures in response to AI developments in the hands of both attackers and defenders.

KnowBe4 Chief Executive Officer Bryan Palma commented on the company's direction and the environment confronting security teams globally.

"One of the reasons I joined KnowBe4 is because of the company's AI leadership," said Bryan Palma, CEO, KnowBe4. "Our customers are engaged in an AI arms race with cybercriminals. We are expanding the agentic capabilities of our HRM+ platform to allow defenders to outpace attackers with smarter, data-driven defences."

Additional AI features

The company has also expanded its product suite to include PhishML Insights as part of PhishER+. This new AI capability equips information security departments with the ability to interpret emerging email attack patterns by adjusting confidence thresholds for threat classification. PhishML Insights also provides detailed, accessible rationale for each classification decision - whether an email is marked as clean, spam, or a threat.

This focus on transparent and customisable AI-driven tools reflects the growing need for security teams to adapt in real-time to increasingly complex, AI-enabled cyber threats and social engineering techniques targeting organisations of all sizes.