Security Awareness Training
Phishing simulations, micro-trainings, risk scoring by employee
View the interactive project page →
Security Awareness Training
Part of the worlds-biggest-software-project initiative.
An AI-native, open-source security awareness platform that replaces static phishing template libraries with continuously generated, multimodal simulations and per-employee behavioural risk scoring.
Security Awareness Training is a candidate project for an open-source human risk management platform. It targets IT security managers, CISOs, and HR/L&D teams who need to run phishing simulations, deliver compliance-grade micro-trainings, and report measurable risk reduction across their workforce. The core problem it solves: incumbent platforms rely on static template libraries that employees quickly learn to recognise, and most cannot simulate the AI-generated, multi-channel attacks that now dominate the threat landscape.
Why Security Awareness Training?
- Tier-1 vendors (KnowBe4, Proofpoint) charge USD 24–60 per user per year under multi-year enterprise commitments, pricing many SMEs and mid-market organisations out of mature programmes.
- KnowBe4's 2024 Vista Equity take-private and subsequent Egress acquisition introduced integration complexity, while Proofpoint's standalone awareness product is "less compelling" outside its email-security bundle.
- Most platforms remain email-centric; only Adaptive Security explicitly targets AI-generated phishing, deepfakes, voice, and video impersonation, and it is early-stage with limited reference customers.
- Industry research (2025 data cited by Adaptive Security) reports 82.6% of phishing emails are now AI-generated, and Hoxhunt observed a 14x end-of-year surge in AI-generated phishing in 2026 — a threat profile static template libraries cannot match.
- The category is shifting from completion-rate metrics to Behavioural Risk Scores and threat-reporting rates (industry benchmark: >20% reporting rate for a mature culture), but no incumbent yet quantifies organisational security culture maturity as a composite metric.
Key Features
Phishing Simulation and Multimodal Attack Coverage
- Email phishing simulation with customisable templates, landing pages, and per-template failure benchmarking
- SMS phishing (SMiShing) simulations for multi-channel awareness
- Voice phishing (vishing) and video deepfake simulations for impersonation scenarios
- QR code phishing and other emerging attack vectors
- AI-generated phishing templates producing unlimited novel content per campaign instead of a fixed library
Risk Scoring and Behavioural Analytics
- Per-user risk scoring incorporating simulation performance, training completion, and behavioural signals
- Continuous risk scoring rather than point-in-time campaign snapshots
- Peer, departmental, and industry benchmarking for individual risk scores
- Behavior change metrics including real threat reporting rate, not just click rate
- Predictive risk scoring that forecasts which employees are most likely to fall for future attacks
Training Content and Remediation
- Training content library covering NIST SP 800-50, CIS Control 14, and NIST/CIS/ISO 27001/HIPAA/GDPR compliance frameworks
- Automated remedial training assignment that auto-enrols users who fail simulations
- Behavioural nudges that trigger training on risky actions such as link clicks or credential entries
- In-the-moment LLM-generated micro-training delivered at the point of click or near-miss
- Multi-language support targeting at least 10 languages
Compliance and Governance
- Compliance reporting for SOC 2, HIPAA, PCI-DSS, GDPR, and ISO 27001
- Role-based access control for admin, manager, analyst, and user personas
- Audit logging of all simulations, training events, and risk score changes
- LDAP / Active Directory integration for user management
- Dashboard showing programme performance, individual risk trends, and compliance progress
Engagement and Reporting
- Real threat reporting button integration for Outlook and Gmail
- Gamification elements such as points, badges, and leaderboards
- Real threat intelligence integration so simulations reflect campaigns the organisation or industry actually faces
- Cross-platform campaign orchestration across email, Slack, Teams, and Google Chat (backlog)
- Organisational security culture maturity score as a composite KPI (backlog)
AI-Native Advantage
Generative AI produces unlimited novel, hyper-realistic phishing simulations personalised to each employee's role, recent communications, and public profile, eliminating the template fatigue that dogs static libraries. LLMs deliver contextual micro-training in the moment of a click or near-miss, and AI risk models combine click rates, report rates, training patterns, and email habits into a dynamic individual risk score that drives adaptive simulation difficulty. Multimodal AI extends coverage to vishing, smishing, QR code, and deepfake video attacks within a single platform, and AI agents can automate the full campaign lifecycle — segmentation, scheduling, results analysis, and executive reporting — reducing programme management overhead from days to minutes.
Tech Stack & Deployment
The project is in the specification phase; concrete deployment modes are still to be defined. Expected directions, drawn from the incumbent landscape, include directory integration via LDAP / Active Directory, email reporting button integrations for Outlook and Gmail, threat intelligence feed ingestion, and compliance framework mappings to NIST CSF 2.0, NIST SP 800-50, NIST SP 800-53 (AT-1 through AT-4), ISO/IEC 27001:2022, CIS Controls v8 Control 14, CMMC Level 2, and HIPAA Security Rule § 164.308(a)(5).
Market Context
The global security awareness training market is estimated at USD 6.74 billion in 2026 and is forecast to reach USD 14.66 billion by 2031 at a 16.82% CAGR. Tier-1 incumbents (KnowBe4, Proofpoint) charge USD 24–60 per user per year, with Proofpoint dropping to USD 6–12 when bundled with email security; SME platforms such as PhishingBox start near USD 150 per month. Primary buyers are IT security managers seeking compliance evidence (HIPAA, PCI DSS, CMMC), CISOs targeting measurable phishing-click reduction, HR and L&D teams co-sponsoring mandatory training, and MSPs reselling awareness training inside managed security bundles.
Project Status
This project is in the research and specification phase.
Contributions, feedback, and domain expertise are welcome.
Contributing
We welcome contributions from developers, domain experts, and potential users. See CONTRIBUTING.md for guidelines.
Important: All contributions must be your own original work or clearly attributed open-source material with a compatible licence. Copyright infringement and licence violations will not be tolerated and will result in immediate removal of the offending contribution. If you are unsure whether a piece of code, text, or other material is safe to contribute, open an issue and ask before submitting.
Licence
Licence to be determined. See discussion for context.