Security awareness training was meant to answer a deceptively simple question: how do you promote better security behaviors and educate an entire workforce at scale?

For years, standardized phishing simulations and annual training modules ensured every employee received the same baseline instruction. The goal was consistency, broad coverage, and a repeatable process to reinforce best practices. But as attackers evolved, the limits of that model became clear.

Over time, the exercise became less about actually reducing security risk and more about going through the motions of tracking training module completion rates. According to researchers from the University of Chicago and UC San Diego, “training programs as implemented today by most large companies do little to reduce the risk that employees will fall for phishing scams.” And yet most organizations still rely on one-size-fits-all simulations and off-the-shelf content because there is no better option. Click rates have become the proxy for susceptibility, and training video completion rates the proxy for preparedness.

Boards and executive teams, however, are no longer satisfied with proxies. In this era of AI-powered cybercrime, they demand actual behavioral risk reduction. They want to know whether employees are less susceptible to the real threats they will inevitably face. The risk of a security breach is not an abstract hypothetical, and human error remains the most reliable entry point into the enterprise.¹

Reducing that risk requires more than awareness. It requires adaptive Human Risk Management: a system that continuously adapts to shifting behavioral patterns and evolving threats to deliver automated coaching tailored to each employee, supporting preparedness to measurably reduce risk.

Abnormal is known for cloud email security, but the intelligence behind the platform goes beyond “email AI.” It is powered by Behavioral AI, built to understand how people communicate across the organization to better detect malicious inbound threats and compromised accounts. AI Phishing Coach applies that same intelligence to training.

Built as an extensible layer atop Abnormal’s Behavioral AI, AI Phishing Coach uses deep insight into communication patterns and risk signals to automatically deliver tailored simulations and training to better prepare employees for real-world threats. This is not simply Security Awareness Training modernized with a few AI features. It is a fundamentally AI-native approach to Human Risk Management. The capabilities released this week demonstrate that shift.

Human risk can only be managed with clear, continuous measurement. Abnormal now provides a foundational dashboard that captures ongoing behavioral signals across the workforce. This is the intelligence that fuels AI Phishing Coach’s personalized approach, delivering dynamic phishing risk scores for each employee and the organization as a whole.

Security leaders now have ongoing visibility into company-wide risk trends, comparisons against global benchmarks, and a clear distribution of phishing-related risk signals across high-, medium-, and low-risk segments.

Teams can drill into simulation behavior patterns and trends to prioritize coaching and follow‑up. Rather than waiting to retrain the entire organization, security leaders can target additional training where it is needed most.

Risk visibility goes beyond a simple “clicked or not” metric. It captures layered signals, spanning simulation opens, credential submission on simulated suspicious landing pages, and susceptibility across specific simulated attack tactics. Security teams can see how employee vigilance against suspicious emails strengthens over time.

Instead of reporting isolated campaign results, organizations gain a continuous, measurable view of how human risk is trending across the business.

For a look at how Phishing Risk Scoring works, watch the product demo.

AI Phishing Coach also introduces business email compromise (BEC) and vendor email compromise (VEC) simulations to address one of the most financially damaging forms of social engineering.

BEC and VEC attacks exploit trusted relationships and legitimate business workflows. They often contain no links or attachments, relying instead on contextual manipulation.

Using PeopleBase and VendorBase relationship data, AI Phishing Coach builds text-only simulations that mirror manager, colleague, and vendor interactions. Human risk is measured by identifying how employees are interacting (or not) with realistic, simulated attacks. AI Phishing Coach also surfaces how employees engage with simulations (for example, replying or advancing a request), enabling teams to trigger targeted coaching as needed.

This provides direct insight into exposure to fraud-related financial and data loss while creating safe opportunities to strengthen employees’ ability to recognize and avoid risky behavior before it leads to a breach.

For years, security leaders approximated human risk using indirect metrics. But approximation is no longer enough.

By combining dynamic risk scoring and realistic threat simulations, AI Phishing Coach creates a stronger data-driven understanding of human susceptibility across the organization for more informed Human Risk Management.

For CISOs, this replaces vanity metrics with measurable risk posture, giving executive stakeholders and board members new insights into security preparedness amid a rapidly changing, AI-powered threat landscape.

For training teams, AI Phishing Coach reduces manual campaign management and frees capacity for higher-impact engagement across the business, whether that means security roadshows, newsletters, or myriad other activities those security educators would rather be engaging in.

With AI Phishing Coach, Abnormal advances security awareness with a more autonomous and behavior-driven system designed to keep pace with modern threats.

To learn how AI Phishing Coach can help your organization quantify and reduce human-driven risk, connect with your Abnormal team or request a personalized demo.

¹ The 2025 DBIR reports that the "human element" (social engineering, error, or misuse) is involved in approximately 60% of breaches. https://www.verizon.com/business/resources/reports/dbir/

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Abnormal AI’s products remains at the sole discretion of Abnormal AI and is subject to change.