An authentication system uses machine learning models to quantify a degree of risk that a given request to authenticate as a particular user of an organization is not in fact originating from that user, but rather from a malicious actor attempting to gain access to the user's account. More particularly, the authentication system employs both a user model that quantifies a degree of deviation from a user context in which a particular user typically requests authentication, and an organization model that quantifies a degree of deviation of a current context of the organization from a “normal” context for that organization. The user model and the organization can be employed individually, such as the organization model providing organization administrators with insights into the current security status of the organization, or together, such as using the risk scores of both models when assessing how to respond to a particular authentication request.