KnowBe4 logo

KnowBe4 Status Page

Security & Identity · monitored by Alert24

knowbe4.com
All Systems Operational

Is KnowBe4 down right now?

No — KnowBe4 is up. All systems operational as of Jul 13, 11:42 PM UTC.

Current Status

All Systems Operational

View KnowBe4 status page ↗

Components

Console
Operational
Console
Operational
Console
Operational
Console
Operational
Phishing
Operational
Notification Service
Operational
Security Vendor Integration Service
Operational
Mail Flow
Operational
Mail Flow
Operational
Training
Operational
Inbox
Operational
Authentication
Operational
Authentication
Operational
Learner Experience (LX)
Operational
Integrations
Operational
Real-Time Coaching Campaigns
Operational
Web Add-In
Operational
Web Add-In
Operational
PhishRIP
Operational
Real-Time Delivery Methods
Operational

Recent Incidents

KSAT Intermittent Login Issues - US

minor

Jul 1, 2026 · resolved Jul 1

## **Executive Summary** On July 1, 2026, the KnowBe4 Security Awareness Training \(KSAT\) platform experienced a period of degraded performance resulting in intermittent login errors and high latency for users on our United States \(US\) instance. The issue was initiated following a routine platform deployment that introduced an unoptimized database query. This query placed an excessive operational load on our primary database reader cluster, causing database sessions to saturate and subsequent login requests to queue up. Engineering teams promptly identified the degradation, reverted the deployment, and systematically cleared the backlogged database sessions to restore optimal performance. The issue did not affect data integrity or security, and service was fully stabilized. ## **Technical Root Cause** The root cause was determined to be a newly introduced query within a standard application update. Upon deployment, this specific query pattern bypassed optimal indexing strategies, resulting in full table scans and highly extended execution times on the database reader infrastructure. As a high volume of authentication and application requests arrived concurrently, the database reader quickly exhausted its available connection pool due to these long-running, unmitigated database sessions. This resource starvation immediately manifested as severe application latency and intermittent timeouts during the user authentication process. ## **Timeline of Events** The incident began in the mid-morning hours and progressed through identification, remediation, and verification stages over a period of approximately 152 minutes. An internal high-severity incident response group was established immediately following automated monitoring alerts indicating that health checks targeting our application programming interface \(API\) routing layer were failing from regional cloud monitoring nodes. This behavior was confirmed by concurrent engineering analysis of user HTTP Archive files, which demonstrated severe latency spikes specifically isolated to the authentication endpoints. Within three minutes of establishing the response team, cross-referencing recent system changes pointed to a recent application deployment as the primary catalyst. Engineers immediately initiated the rollback process, drafting and approving a revert modification to extract the problematic code from the deployment pipeline. The deployment of the reverted codebase to the US production cluster commenced shortly thereafter. While the deployment processed over the subsequent twenty-five minutes, technical personnel prepared direct database interventions to clear the residual system strain. Once the stable code version was completely active across the fleet, engineers began systematically terminating the lingering, long-running database sessions that had been spawned by the unoptimized query. To ensure a pristine state, the database reader infrastructure was cycled twice. Following these administrative infrastructure restarts, operational telemetry showed the database reader load dropping significantly to a healthy baseline of approximately thirty-six percent. System performance normalized, and administrative logging verified that authentication requests were processing within standard latency thresholds. After monitoring the environment to confirm sustained stability, engineers officially marked the incident as mitigated, later shifting the status to fully resolved following an extended window of zero performance spikes and complete passes on all automated sanity test suites. ## **Mitigation** To alleviate the immediate infrastructure distress and restore user access, the engineering team executed a multi-phased mitigation strategy: * **Codebase Rollback:** The changes introduced in the recent deployment were immediately isolated, reverted, and redeployed to production to prevent any further generation of the unoptimized query. * **Database Session Termination:** Internal engineering tools were utilized to explicitly terminate active, long-running database queries that were blocking the connection pools. * **Infrastructure Cycling:** The database reader instances were restarted twice in succession to flush out stale memory allocations and guarantee that all orphaned database sessions were permanently cleared. ## **Preventative Measures** To prevent a recurrence of this specific issue and mitigate the impact of similar query-based database bottlenecks in the future, KnowBe4 is implementing the following actions: * **Enhanced Query Linting and Analysis:** Integrate automated query execution plan analysis into our continuous integration and continuous deployment pipelines to flag unindexed or high-cost queries before they reach production environments. * **Database Connection Pooling Guardrails:** Adjust database timeouts and implement aggressive circuit-breaker thresholds for user authentication paths to prevent single, long-running query patterns from exhausting the entire connection pool. * **Load Shedding Policies:** Implement strict application-level timeouts on read-heavy database calls to ensure they fail gracefully rather than degrading the overall availability of the core login workflows. ## **Conclusion** We sincerely apologize for the inconvenience and friction this performance degradation caused our customers and partners. KnowBe4 is dedicated to maintaining high availability and reliability across our product suites. By refining our pre-deployment automated query validation and bolstering our database connection resiliency, we are actively working to ensure the continuous, seamless operation of the KSAT platform. ## **Glossary of Technical Terms** * **API \(Application Programming Interface\):** A set of protocols that allows different software applications to communicate with one another. In this context, it routes authentication requests from the user interface to the backend servers. * **Database Reader:** A dedicated database instance or cluster responsible for handling read-only queries \(such as fetching user profiles or validating login configurations\), separating this traffic from write operations to optimize performance. * **HAR \(HTTP Archive\) File:** A JSON-formatted log file that records a web browser's interaction with a website, used by engineers to diagnose performance and network latency issues. * **Latency:** The time delay or duration it takes for a data packet or request to travel from its source to its destination and return a response. * **Sanity Suite:** A collection of automated tests executed against a deployment environment to quickly verify that the core functionality of an application is working correctly.

Defend - Increased Email Latency (US Only)

minor

Jun 30, 2026 · resolved Jun 30

#### Summary On June 30, 2026, customers using the Defend US service experienced delays in email processing. The incident began at approximately 14:00 UTC and was fully resolved by 19:45 UTC. ‌ #### What Happened A scheduled maintenance operation began in the early morning of June 30. As this operation progressed, it placed an unexpectedly high load on our infrastructure, which caused email processing to slow down across our US service. ‌ Our team identified the issue and declared an incident at 16:00 UTC. Steps were taken to reduce the load and restore normal processing speeds, including pausing non-essential background activity and engaging our infrastructure provider for additional support. ‌ By 17:45 UTC, email delivery delays had been fully resolved. Email analysis continued to recover and was back to normal by 19:45 UTC. ‌ #### Customer Impact Email delivery \(SMTP customers\): Emails were delayed in transit by up to 30 minutes between approximately 14:00 UTC and 17:45 UTC. All emails were delivered; no messages were lost. ‌ Email analysis \(Microsoft 365 / Graph API customers\): Email analysis was delayed by an average of 30 minutes before emails were analysed, between approximately 14:00 UTC and 19:45 UTC. Email delivery to end users was not affected. ‌ #### What We Are Doing We have rescheduled the maintenance operation that triggered this incident to run during an overnight, low-traffic window, giving it sufficient time to complete without affecting the live service. ‌ We are also investing in infrastructure improvements to better isolate maintenance operations from customer-facing workloads, so that future maintenance cannot affect email processing in this way.

PhishML Evaluations Causing PML:BYPASSED Tags to Apply

minor

Jun 30, 2026 · resolved Jun 30

This incident has been resolved.

KCM GRC - 500 Errors Upon Login

minor

Jun 24, 2026 · resolved Jun 25

We have identified an issue where users may receive a 500 error upon logging into KCM GRC. A fix has been implemented, and users should be able to login without error.

Phishing test report tab unavailable

minor

Jun 18, 2026 · resolved Jun 19

From Tuesday, June 16, 2026, at approximately 17:34 \(UTC\), to Thursday, June 18, 2026, at approximately 22:41 \(UTC\), some customers experienced intermittent unavailability of the **Phishing Security Test Reports** page in the KnowBe4 console. This issue was caused by a code change that introduced a conflict between two methods for processing phishing campaign data. As a result, phishing campaigns still using legacy phishing categories were unable to load the **Phishing Security Test Reports** page. To resolve this issue, we updated the code to process campaigns correctly under both classification systems, and the **Phishing Security Test Reports** page returned to normal performance by June 18, 2026, at 22:41 \(UTC\). No data loss occurred as a result of this issue.

Get alerted when KnowBe4 goes down

Alert24 monitors KnowBe4 and 3,700+ other cloud and SaaS providers. When an outage is detected, it updates your status page automatically and pages your on-call team. No manual updates at 2 AM.

Start free — no credit card

KnowBe4 status — frequently asked questions

Is KnowBe4 down right now?

No — KnowBe4 is up. All systems operational as of Jul 13, 11:42 PM UTC.

What is KnowBe4's current status?

KnowBe4: All Systems Operational. Alert24 checks KnowBe4's status page continuously and can notify you the moment it changes.

How do I get alerted when KnowBe4 goes down?

Alert24 monitors KnowBe4 and 3,700+ other cloud and SaaS providers. When an outage is detected it updates your status page automatically and pages your on-call team — no manual checks. Start free at alert24.net.

More Security & Identity status pages