Cimento is headed to Black Hat USA — catch us in Vegas, Aug 1–6

Black Hat USA 2026 · Aug 1–6

Book a Meeting →

Book a Meeting →

Home / Topics / AI Phishing Simulation

Channel Brief

AI phishing simulation.

Your employees were trained to spot typos and weird grammar. AI-written phishing has neither. The tells they memorized are gone.

Your employees were trained to spot typos and weird grammar. AI-written phishing has neither. The tells they memorized are gone.

Your employees were trained to spot typos and weird grammar. AI-written phishing has neither. The tells they memorized are gone.

Generative AI removed the quality ceiling and the cost floor on phishing: perfectly written, individually researched, contextually timed lures — at unlimited scale. Testing readiness against 2015-era templates measures readiness for 2015.

The Problem

What AI changed about phishing.

01

Perfect execution

Grammar, tone, and formatting indistinguishable from a real colleague. The classic “spot the typo” heuristic now filters out only the laziest attackers.

02

Cheap research

LinkedIn, press releases, and GitHub activity are automatically synthesized into pretexts that reference real projects, real coworkers, and real deadlines.

03

Personalization at scale

Spear-phishing quality at spam volume. Every employee can now receive an email that was, functionally, written just for them.

Why Legacy Training Struggles

Template libraries can’t keep up by definition.

A template library is a museum of past attacks. When the adversary generates a unique, researched lure per target, training people on a shared catalog teaches them the catalog. Resistance to the technique — verifying requests for money, credentials, and access — has to be trained under realistic pressure, and that means simulations generated the way attacks now are.

What Modern Looks Like

Fight generation with generation.

Generated lures

Every simulation written fresh — role-aware, context-aware, timed to real business rhythms like quarter close and vendor cycles. Scoped by policy you approve.

Technique-based coaching

Training shifts from “spot the tell” to “verify the request”: out-of-band confirmation for money, credentials, and access — habits that work when the lure is flawless.

Multi-turn realism

Real AI-enabled attacks converse: a plausible reply builds trust before the ask. Simulations that stop at one message miss the pattern that actually works.

Cimento's Approach

AI-native, on both sides.

Cimento generates the same class of lure attackers do — researched, personalized, multi-turn — inside your approved scope, then coaches verification habits at the moment of failure. Results feed the same role-based risk index as SMS and voice.

Generated fresh per recipient — no catalog to memorize

Multi-turn conversations that build trust before the ask

Policy-scoped realism — you approve what’s fair game

Verification-habit coaching that survives perfect lures

FAQ

Is it safe to use AI-generated lures on our own employees?

If AI phishing is flawless, can training even help?

How is this different from our vendor's “AI-powered” templates?

Test against the attack that’s actually coming.

The 14-day Human Risk Baseline includes AI-generated, role-adapted lures — and shows how your org performs when the typos are gone.

Get Started

See It Live

Explore how modern phishing simulations and real-time human risk insights can strengthen your security posture. Let’s talk.

Get Started

See It Live

Explore how modern phishing simulations and real-time human risk insights can strengthen your security posture. Let’s talk.

Get Started

See It Live

Explore how modern phishing simulations and real-time human risk insights can strengthen your security posture. Let’s talk.

Get Started

See It Live

Explore how modern phishing simulations and real-time human risk insights can strengthen your security posture. Let’s talk.