Cofense Phishing Defense Platform API
Cofense REST API for phishing defense platform combining simulation, reporting, and threat intelligence. Enables AI agents to manage phishing simulation campaign creation and scheduling, handle PhishMe reporter button integration for user-reported phishing, access Cofense Triage automated phishing email analysis and disposition, retrieve Cofense Intelligence threat feed data for phishing indicators, manage simulation scenario and template library, handle reporter data and user susceptibility analytics, access playbook automation for phishing incident response, retrieve threat cluster and campaign attribution data, manage mailbox remediation and email quarantine workflows, and integrate phishing intelligence with SIEM, SOAR, and email security platforms.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Phishing defense. SOC2, ISO27001, GDPR. OAuth2. US/EU. Phishing simulation and threat indicator data.
⚡ Reliability
Best When
An enterprise using Cofense wants AI agents to automate phishing simulation, automate triage of user-reported emails, ingest phishing threat intelligence, and integrate with SOAR for automated response.
Avoid When
LEGAL RISK: Phishing simulation must comply with employee consent requirements in some jurisdictions. Automated email remediation for user-reported phishing must prevent deletion of legitimate emails — false positive rate must be validated before automated remediation.
Use Cases
- • Automating phishing simulation campaigns from security awareness agents
- • Processing user-reported phishing emails from SOC triage agents
- • Accessing phishing threat intelligence from threat intelligence agents
- • Integrating phishing indicator data with SIEM from security operations agents
Not For
- • General email security gateway without phishing simulation and user reporting
- • Technical security controls without human-centric phishing defense
- • Consumer anti-phishing without enterprise simulation and training focus
Interface
Authentication
Cofense uses OAuth 2.0 and API key for platform access. Client credentials for Triage and Intelligence APIs. Developer documentation at developer.cofense.com. Webhooks for triage events and simulation completions. Integrations with Splunk, Palo Alto XSOAR, IBM QRadar. Cofense Intelligence STIX/TAXII feed available.
Pricing
Leesburg, Virginia. Founded 2008 (as PhishMe). Private (Veritas Capital). Phishing defense platform pioneer. Cofense Network is crowd-sourced phishing indicator database. PDC (Phishing Defense Center) managed service available. Strong integration with SOAR platforms. Competes with KnowBe4 and Proofpoint SAT for phishing simulation.
Agent Metadata
Known Gotchas
- ⚠ LEGAL RISK: Phishing simulation scheduling in EU may require works council approval — verify employee consent requirements
- ⚠ Cofense Triage auto-remediation — validate false positive rate before enabling automated email quarantine
- ⚠ Multiple products — PhishMe (simulation), Triage (analysis), Intelligence (threat feed) have separate APIs; verify which modules are licensed
- ⚠ STIX/TAXII for intelligence — phishing intelligence available via both REST API and STIX/TAXII feed; use feed for bulk threat ingestion
- ⚠ No public MCP server — OAuth2 REST API requiring enterprise account
- ⚠ PDC managed service vs self-service — some customers use Cofense PDC for managed triage; API behavior differs
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for Cofense Phishing Defense Platform API.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-07.