Notifications
Clear all
Topic starter
27/06/2026 1:54 pm
TL;DR: Static security awareness training creates a false sense of coverage when attacker tactics change daily, and Abnormal AI argues that AI Phishing Coach uses behavioral signals and automated coaching to close that gap. The deeper issue is that annual review cycles assume human risk changes slowly, which no longer matches modern phishing operations.
NHIMG editorial — based on content published by Abnormal AI: Key Insights on AI Phishing Coach and the limits of static security awareness training
By the numbers:
Questions worth separating out
Q: How should security teams modernise security awareness training for phishing risk?
A: They should move from fixed annual content to continuous coaching that reflects current attack patterns and observed user behaviour.
Q: Why do static phishing simulations fail to reduce human-driven incidents?
A: Static simulations fail when they teach generic scenarios that no longer match how attackers operate.
Q: What should organisations measure in adaptive security awareness programmes?
A: They should measure repeat risky behaviour, reporting rates, response speed, and whether high-risk users improve after coaching.
Practitioner guidance
- Replace static template libraries with live threat-linked training Map current phishing themes, impersonation tactics, and AI-generated lure patterns into the awareness programme so content reflects active attack conditions rather than annual assumptions.
- Use behavioural signals to target coaching Prioritise role, communication patterns, risky actions, and attack exposure when selecting who receives follow-up guidance and what the guidance contains.
- Audit the automation inputs behind adaptive coaching Review the detection sources, user-risk criteria, and escalation logic that drive personalised coaching so the programme remains explainable and defensible.
What's in the full article
Abnormal AI's full analysis covers the operational detail this post intentionally leaves for the source:
- How the AI Phishing Coach workflow automates simulation selection, follow-up, and content adjustment across the awareness cycle.
- Examples of the behavioural signals used to personalise coaching by role, exposure, and risky actions.
- The practical differences between generic training libraries and continuously adaptive coaching in a live security programme.
- The administrative burden the vendor says security teams remove when the system updates training automatically.
👉 Read Abnormal AI's analysis of adaptive phishing coaching and static SAT limits →
AI phishing coaching and the security awareness gap teams miss?
Explore further
27/06/2026 3:25 pm
Static SAT creates training debt, not resilience. Annual coursework and template libraries assume attacker tactics remain stable long enough for scheduled updates to matter. That assumption no longer holds in environments where phishing content changes daily and AI-generated lures are cheap to produce. The practical conclusion is that awareness programmes now need continuous adaptation, not periodic refresh.
A few things that frame the scale:
- 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
A question worth separating out:
Q: How can teams tell whether AI-driven coaching is actually improving security?
A: Look for narrower attack success rates, better user reporting, fewer repeated mistakes, and coaching that changes as the threat landscape changes. If the programme still looks identical month after month, it is probably automation around old content rather than a real adaptive control.
👉 Read our full editorial: AI phishing coaching exposes the limits of static SAT programs
