Abnormal AI Innovation: Engineering Personalized Security Training at GenAI Speed

The cybersecurity landscape is a battleground of shifting threat dynamics, with attackers increasingly using AI to craft convincing phishing campaigns. Traditional, generic Security Awareness Training (SAT) is struggling to keep pace, often leaving employees desensitized and organizations vulnerable. Recognizing this, Abnormal developed the AI Phishing Coach (AIPC), a product designed to proactively instill lasting behavioral change by simulating hyper-personalized cyberattacks and providing immediate, just-in-time coaching.

This post explores two facets of AI-driven innovation: how AIPC leverages Generative AI (GenAI) for its hyper-personalized training, and how advanced GenAI development tools enabled its remarkably rapid creation.

AIPC's mission is to cultivate genuine behavioral modifications by making security training relevant and timely. This is powered by a sophisticated GenAI application across its simulation and video training modules.

Simulation Service: The Engine of AI-Generated Hyper-Personalized Simulations

AIPC's effectiveness stems from its AI-driven ability to create and deploy deeply personalized phishing simulations.

• From Real Threats to Realistic, Safe Templates: The process begins by analyzing actual threats relevant to a user's organization. GenAI then transforms these into simulation templates, crucially removing any Personally Identifiable Information (PII) to ensure safety. This ability to base simulations on current, organization-specific threat intelligence is a significant leap from a traditional one-size-fits-all approach where generic non-personalized templates were reused.
  
  

• Precision Targeting: AI selects the most appropriate simulation for each user by considering their role, manager, location, company details, historical susceptibility, and recent threats they've faced. The system queries a knowledge engine platform (KEP) for user and tenant configurations to inform this AI-driven content generation, using only the most advanced GenAI models available in the market.
  
  

• Dynamic Realism: GenAI further enhances realism by dynamically generating spoofed sender names, company details, and other content elements like datetime and location tailored to the user and template.
  
  

• Intelligent Scheduling and Delivery: Simulations are scheduled based on customer-defined frequency and aim for delivery when a user is potentially most susceptible. Scheduled workflows manage these campaigns.
  
  

• Instant Coaching (Just-In-Time Training): AIPC monitors user interactions, providing immediate JITT whether they pass or fail a simulation. An engagement service tracks interactions to trigger the correct coaching response.

To illustrate this hyper-personalization in action, below is an example of a real simulation generated by the AI Phishing Coach.

Notice that the simulation is not a generic "Your password has expired" alert. Instead, it's a highly contextual business request designed to target a specific user persona—in this case, someone likely involved in security or vendor management. It creates a sense of business urgency ("to avoid delays in processing") and leverages legitimate third-party brand names like BMO and OneSpan to build a strong layer of authenticity. The inclusion of a specific sender name further personalizes the request, making it appear as a routine and trustworthy internal task.

This multi-layered personalization is precisely what makes these simulations a more effective training tool than traditional, generic templates.

SAT Academy: GenAI Reimagines Security Awareness Video Training

Complementing the phishing simulations, AIPC’s video training module, SAT Academy, completely redefines security awareness videos by moving away from generic, off-the-shelf content to a deeply integrated, AI-powered educational experience.

• LLM-Powered Scriptwriting: Instead of using generic material, the system leverages Large Language Models (LLMs) to generate the training script. This script is tailored to be relevant at the account or tenant level, forming the foundation of the personalized video.
  
  

• AI Video Generation with Synthesia: The true magic happens when this script is brought to life. SAT Academy integrates with third-party AI video generation services like Synthesia to create the final broadcast-quality training videos featuring an AI avatar, personalized to the company’s domain. The completed video is then downloaded and securely stored in a private Amazon S3 bucket, ready for delivery. The system also supports standard videos and interactive SCORM packages.
  
  

• Engaging and Controlled Playback: The frontend video player is designed to ensure accountability. It intentionally disables playback speed controls and prevents users from skipping forward.
  
  

• Secure, Time-Limited Delivery: All video assets are stored in a private Amazon S3 bucket. When a user requests a video, the backend generates a signed CloudFront URL with a short, 30-minute validity to prevent unauthorized access and sharing.
  
  

• Automated Reminders & Escalation: A robust, automated reminder sequence engages employees who have not completed their training. Emails are sent at two, four, and six-week intervals, with a final escalation for administrative follow-up after eight weeks for any remaining non-compliant users.
  
  

• Robust, Asynchronous Reporting: Administrators can access detailed analytics, including completion status, user progress, and video engagement metrics. The reporting architecture is asynchronous, using background workers to generate reports from large datasets without impacting portal performance.

The rapid development of AIPC showcases Abnormal’s agile approach and effective use of GenAI tooling.

A Non-Conventional Blueprint for Rapid Innovation

• The "Mini-Hackathon" Cadence: A small, focused team met weekly for intensive "mini-hackathons." These sessions involved brainstorming, identifying market gaps, and strategizing GenAI's role in modernizing SAT. This fostered rapid iteration and sustained momentum.

Development Supercharged: A Suite of GenAI Tools

• From Idea to Interactive Mockup with Vercel v0: Before a single line of backend code was written, the team used Vercel v0 to create mocks and working UI prototypes. By describing the desired UI in natural language, the team could instantly generate interactive components and layouts. This rapid prototyping capability allowed the team to visualize and agree upon the user experience early on, significantly reducing back-and-forth on requirements and accelerating the design-to-code workflow.
  
  

• Cursor as a Force Multiplier: The team relied on Cursor, an AI coding assistant. Cursor generated entire service boilerplate code, reducing setup time for a microservice to within a day. Abnormal enhances Cursor's effectiveness by using LLMs to generate project rules from existing documentation and code, teaching Cursor about internal APIs and standards and having an AI-friendly codebase where it's easy for LLMs to get context and accurately suggest completions.
  
  

• Abnormal's Internal AI Suite: To maximize development velocity, we leveraged a suite of bespoke internal AI tools. Custom chatbots, provided with deep context on the AI Phishing Coach product, delivered instant answers directly in Slack, while other AI tooling helped engineers switch environments with a single command, draft meaningful pull request descriptions, and assist with debugging. However, we recognized that unlocking the full potential of these AI assistants required our code to be a better collaborator. Therefore, we made a deliberate investment in making our codebase “AI-friendly,” strategically structuring it to be more modular, consistently typed, and thoroughly documented. This foundation created a more effective and frictionless partnership between our developers and their AI tools.

Velocity with Vigilance: A Framework of Consistency, Feedback, and Passion

Our development process was built on a foundation of consistent weekly progress and regular demos—some with early customers—to ensure development stayed tightly aligned with user needs. This rapid iteration was made possible not just by passion and agility, but by a robust framework of human-centric guardrails that ensured quality and security were built-in from the start. The result: an MVP of AIPC was operational within a matter of weeks.

Here’s how we balanced speed with vigilance:

• Human-in-the-Loop by Design: We built an internal management application that serves as a central control panel for our engineering team. Through this interface, admins can create and edit simulation templates, preview test emails, and visualize the AI’s strategy before any campaign is initiated. This ensures an expert validates all materials, maintaining a critical human checkpoint in the automated workflow.
  
  

• Secure by Default: The platform was architected with multiple, non-negotiable layers of security:

  • Content Security: We enforce template immutability and content sanitization to maintain control over the training materials.

  • Domain Management: The system uses dedicated phishing domains that are subject to reputation monitoring and a planned rotation strategy.

  • Data Protection: All data is protected through strict S3 bucket policies and encryption at rest for both the PostgreSQL database and Redis cache.

  • Access Control: The system enforces role-based access control and detailed audit logging to ensure only authorized personnel can manage campaigns and view data.
    

• Continuous Oversight Through Analytics: A core guardrail is providing admins with constant visibility. The platform makes available detailed reports on training completion, user activity, and video engagement. These analytics allow admins to continuously monitor the effectiveness of campaigns and user progress, creating a powerful feedback loop for human oversight.

AI Phishing Coach demonstrates a dual AI revolution: transforming security training through hyper-personalization and accelerating product creation with GenAI development tools. This aligns with Abnormal's mission to use beneficial AI against malicious AI, reflecting a deep "AI-first engineering culture". AIPC is a testament to this commitment, empowering users and strengthening organizational defenses in an evolving threat landscape.

To see Abnormal’s AI-native approach in action, request a demo today.