Hyper-personalised phishing training: what IAM teams should notice

TL;DR: Abnormal says its AI Phishing Coach uses real org-specific threats, user context, and human review to generate personalized phishing simulations and training videos, while also using AI development tools to ship the MVP in weeks. The deeper lesson is that awareness programmes now need stronger identity context, tighter governance, and better oversight to avoid becoming another automated channel for risk.

NHIMG editorial — based on content published by Abnormal AI: Key Insights on AI Phishing Coach and rapid GenAI development

By the numbers:

• When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases.
• 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate.

Questions worth separating out

Q: How should teams run personalized phishing training without overexposing employee data?

A: Teams should use only the minimum identity and behavioural context needed to make simulations relevant, then restrict who can enrich, view, and export that data.

Q: When does AI-generated awareness content become a governance risk?

A: It becomes a governance risk when models can draft, target, or schedule training without a named reviewer validating the scenario before launch.

Q: What should security teams control in AI-powered phishing simulations?

A: Security teams should control the source of threat intelligence, the identity attributes used for targeting, the template approval step, and the delivery mechanism.

Practitioner guidance

• Map training content to identity context sources Inventory which systems contribute role, manager, location, threat-history, and tenant data to simulation generation.
• Keep AI-generated simulations behind approval gates Require a human reviewer to validate each new template class, spoofed sender pattern, and escalation path before launch.
• Treat training delivery as protected content Use private storage, short-lived signed URLs, and playback restrictions for awareness assets, then monitor for forwarding, reuse, or unauthorized access.

What's in the full article

Abnormal AI’s full post covers the operational detail this post intentionally leaves for the source:

• How the simulation engine turns threat intelligence into user-specific phishing scenarios while stripping PII.
• How the training workflow uses signed delivery links, storage controls, and playback restrictions to limit leakage.
• How the engineering team used AI tooling to generate boilerplate, mockups, and internal project scaffolding quickly.
• How the human review panel validates simulation templates before campaigns are launched.

👉 Read Abnormal AI’s analysis of AI Phishing Coach and hyper-personalized training →

Hyper-personalised phishing training: what IAM teams should notice?

Explore further

View Full Forum →  |  NHI Foundation Course →