Cofense is the leading provider of protection, detection and response email security solutions, and the only company to combine a global network of 32 million people reporting phish with advanced AI-based automation to stop phishing attacks. Our 400 worldwide employees and 5 global phishing defense centers (operating 24×7) work to support Cofense’s more than 2,000 enterprise customers, who include 50% of the Fortune 500. With 27 patents, and greater than 500 million simulations delivered, Cofense provides the technology and insight to help businesses improve security, remediate threats, and reduce the risk of compromise.


Combine a global network of 32 million people with advanced automation and AI-based technology to stop phishing attacks fast.

We are relentlessly focused on creating value for our customers through technical innovation designed to solve business problems.

We see a future where phishing attacks are stopped before a recipient has the chance to interact.

We believe in the power of the collective and sharing the intelligence, globally and instantly, to stop phishing attacks.


At Cofense we live by our values day in and day out. Our values not only guide how we work together but also how we work with our customers.


We can only achieve greatness by working together


We strive to be bigger, better, faster for our customers and our internal people and processes


We own what we do. We accept responsibility for our actions, our own mistakes and honor our commitments.



We share pertinent information to promote collaboration and learning and eliminate working in silos

Our Phishstory

Phishing Prevention Solutions & Services

The Early Days

At Cofense, we know that you need a human involved in email security – in fact, we pioneered this idea. In the early 2010’s, the philosophy that ‘the human is the weakest link’ was prevalent among enterprises. Most information security breaches were being blamed on employees clicking malicious links, leading businesses to view humans as liabilities. Despite this mentality, we went out of our way to prove to the cybersecurity industry that humans aren’t just worthy of detecting phish – they are vital to detecting phish.

Cofounders Rohyt Belani and Aaron Higbee met in 2002 at Foundstone Services, an incident response team acquired by McAfee. The two worked as penetration testers, ethically hacking businesses such as casinos and banks to find security vulnerabilities.

In February 2007, Rohyt and Aaron cofounded a company called Intrepidus Group – an information security professional services company offering a variety of services including code auditing and internal/external network testing.

Despite Intrepidus Group’s humble beginnings, the team was on the verge of a breakthrough. Intrepidus Group pinpointed an issue that was rapidly growing and largely unaddressed – phishing. With over $3 billion in losses caused by phishing in 2007 alone, it was obvious that action needed to be taken. Aaron had the idea of creating a SaaS offering that would allow enterprises to conduct immersive phishing training for their employees. The solution, called PhishMe, immediately received traction with security teams at large and high-profile companies. PhishMe, Inc. was spun off as a stand-alone solution in April 2011. In August 2012, Rohyt and Aaron received an offer and ultimately sold Intrepidus Group to focus their attention on PhishMe.

After PhishMe’s success, we found that our customers were undergoing a painful process of reviewing all of the individual emails to determine if they were a phishing attempt in users’ inboxes – a waste of time and resources. Enter Reporter™, an easy way to report suspected phish after someone was trained. With this success of identifying and reporting phish, another problem was born.

How do you effectively review all of these reported phish?


Industry Innovation

Enter Triage (2015). Triage automates the analysis and orchestration of workflows associated with user-reported emails, reducing the detection deficit facing enterprises. Triage uses intelligence to cluster emails based on the details of the phish (called indicators of compromise, or IOC) and the reputation of the person reporting. This allows analysts to focus on the most likely phish and identify campaigns they would have a difficult time doing relying solely on their analysis or pattern matching. With the trust built in Triage and previous products, people wanted to automate the removal of the identified phish.


2015 ended on a high note: Cofense Intelligence was added to our product portfolio through the acquisition of Malcovery Security. Cofense was able to leverage the added layer of malware analysis and threat intelligence in everything from sourcing content for simulations to augmenting Triage with enhanced analytics and automated response to phishing incidents. Today, Cofense Intelligence is phishing-centric threat intelligence with a level of insight, reporting, relevancy and context that no other vendor currently has. Seeing the value of global phishing intelligence, organizations wanted to include that data in their other security systems like SIEMs, TIPs and SOARs to get a complete view of risk. In addition to powering our own products and making them more effective, companies could now include this high-fidelity intelligence to understand overall risk.

After the success of PhishMe, Reporter and Triage, many customers asked us to manage their email security for them.

Vision was born (2018). Vision allows operators to leverage the intelligence of Triage to quarantine phish in users’ inboxes – before they are even reported. And even more impressive, this can be configured to remove phish automatically with AutoQuarantine. In effect, once a phish is reported, it and others like it can be removed instantly. In addition to this removing phish, we produce reports to ensure customers are always aware of how phishing threats are evolving.

Adding in Vision to the mix we released our Managed Phishing Detection and Response service. Cofense Managed PDR is staffed by expert phishing analysts in our Phishing Defense Center™ (PDC). The PDC operates 24/7 in five locations across the globe. With this team, we can process millions of emails reported by enterprises annually. The combination of our PDC and 32 million human reporters has given us much deeper insight into the threat landscape and provided us with the largest pool of enterprise phishing data in the world. This data has informed our strategies and products from the beginning, and we will continue to inform users of our intelligence.

The Future of Email Security

As we looked at some of the emerging AI technology for use in email security, we saw a very compelling AI subset called Computer Vision. Computer Vision “looks” at an email much like a person who has been trained to spot phish looks at an email. But it looks before it’s reported. In other words, when one of the millions of phishing emails makes it past existing email security, Cofense looks at the phish before it’s reported and will take appropriate automated action to stop an attack. If the phish does make it to the inbox a person can look at it and report it, and again the automation technology takes over. Then Computer Vision gets smarter by having that intelligence fed back to it to learn and stop future attacks. We acquired Cyberfish for this advanced AI technology.

This technology was recently launched as a managed service for managed service providers (MSPs) to add to their list of services they provide to their clients. Enter Cofense Protect MSP.  We will continue to develop this technology for the enterprise.

But we won’t stop here. In fact, we feel we’re just getting started disrupting the email security market. We will continue to innovate and develop breakthrough technology.

We’re Cofense. We Stop Phish.


Discover how Cofense stops phish and protects your company against evolving threats.