(This poster features CIBR Lab's use of the Bayesian Phishing Estimator Tool)

Bayesian Phishing Estimator Tool

The Bayesian Phishing Estimation Tool (hosted on GitHub) helps users estimate the risk that people will click on suspicious links by combining prior expectations with observed results from phishing campaigns. 

Before a test, the user enters an expected click rate based on experience or expertise, along with a prior sample size, which tells the model how much weight to give that starting belief. The tool represents this expectation as a Beta probability distribution. After the campaign, the user enters the observed clicks and non-clicks, and the tool updates the prior into a posterior curve (also a Beta distribution). The result is not just a single click rate, but a range of plausible click rates that reflects both prior judgment and new evidence. 

This makes the tool useful for phishing analysts, trainers, and researchers who want to move beyond reporting raw click rates and produce clearer, more stable estimates of organizational risk. The accompanying kit document explains the tool's logic in greater detail.