Skill Guide

Phishing and social engineering simulation design incorporating AI-generated content

The design and execution of controlled, simulated cyberattack scenarios that use AI to generate realistic phishing emails, voice clones, deepfake videos, or pretexting dialogues to test and train an organization's human security layer.

This skill directly addresses the most exploited attack vector-human error-by proactively identifying behavioral vulnerabilities before attackers do. It transforms security awareness from a compliance checkbox into a measurable, risk-reducing operational function, directly protecting revenue and reputation.

1 Careers

1 Categories

9.0 Avg Demand

15% Avg AI Risk

How to Learn Phishing and social engineering simulation design incorporating AI-generated content

1. Master the kill chain of classic social engineering (phishing, vishing, smishing, pretexting). 2. Understand core psychological principles (urgency, authority, scarcity) and how they manifest in attacks. 3. Learn the basics of prompt engineering for generating varied, believable content using LLMs.

1. Design end-to-end simulation campaigns that incorporate multi-channel attacks (e.g., a phishing email leading to a vishing call). 2. Move beyond simple email templates to generating AI-powered pretexting scripts and believable voice clones using APIs. 3. Develop and apply a risk-based targeting matrix, focusing simulations on high-risk departments and roles to avoid 'phishing fatigue'.

1. Architect a continuous simulation program integrated with the organization's threat intelligence and incident response playbooks. 2. Develop custom AI models fine-tuned on internal company communications to create hyper-realistic, context-aware attacks. 3. Build a metrics-driven security culture by linking simulation results to business risk KPIs and presenting actionable intelligence to the C-suite.

Practice Projects

Beginner

Project

Basic AI-Generated Spear-Phishing Campaign

Scenario

Your task is to simulate a credential harvesting attack targeting the finance department, impersonating a vendor they frequently use.

How to Execute

1. Use a commercial phishing platform (e.g., KnowBe4, Cofense) or open-source tool (Gophish). 2. Craft a prompt for an LLM to generate 3 variations of a convincing email, incorporating urgency (e.g., 'overdue invoice'). 3. Deploy the campaign to a controlled segment, track clicks/submissions, and generate a basic report.

Intermediate

Case Study/Exercise

Multi-Stage CEO Fraud Simulation with AI Voice

Scenario

Simulate a Business Email Compromise (BEC) attack where an AI-generated voice clone of the CEO calls a senior manager to authorize an urgent wire transfer, following a spoofed email request.

How to Execute

1. Use a voice synthesis API (e.g., ElevenLabs, Resemble AI) to create a short, convincing voice clone from public earnings call recordings. 2. Design the attack flow: initial phishing email with a time-sensitive 'project' -> follow-up 'vishing' call from the 'CEO'. 3. Script the vishing call to handle common objections. 4. Execute, measure compliance, and debrief with the target on the specific red flags they missed.

Advanced

Project

Build a Closed-Loop AI Simulation & Training System

Scenario

Develop an internal system where an AI generates targeted phishing simulations based on the latest internal threat reports, and users who fail automatically receive personalized, AI-generated training modules explaining the specific attack they fell for.

How to Execute

1. Integrate a threat intel feed and internal ticketing system data to define simulation topics. 2. Use a fine-tuned LLM to generate emails that mimic internal communication styles and jargon. 3. For users who click, auto-generate a short training video or interactive module using AI avatars and voiceover, explaining the specific malicious indicators present in the simulation they failed. 4. Measure the reduction in repeat failure rates over time as a key KPI.

Tools & Frameworks

Simulation & Phishing Platforms

KnowBe4Cofense PhishMeGoPhishKing Phisher

Core platforms for campaign orchestration, tracking (open/click/submit rates), and reporting. Essential for operational execution and compliance documentation.

AI Content Generation & Manipulation

OpenAI API / LLM APIsElevenLabs / Resemble AI (Voice)D-ID / Synthesia (Video)Custom Fine-tuned Models (e.g., using LoRA)

Used to create high-fidelity, varied attack content. LLMs for text, voice APIs for vishing, video APIs for deepfake pretexts. Fine-tuning allows for organization-specific realism.

Mental Models & Methodologies

MITRE ATT&CK Framework (Phishing & Social Engineering tactics)The Kill Chain / Cyber Kill ChainHuman Attack Surface Management

Provides strategic structure. Map your simulations to ATT&CK for adversary emulation. Use the Kill Chain to design multi-stage attacks. Use HASM principles to identify high-value targets and attack paths.

Interview Questions

Answer Strategy

Focus on risk-based targeting and sophistication. Answer: 'Executives are high-value targets facing BEC and whaling attacks. I'd use AI to clone communication styles from their public posts and craft highly contextual pretexts around M&A or board communications. Success metrics would focus on credential compromise and direct financial loss indicators, not just click rates. The goal is measuring resilience to targeted, high-stakes scenarios, not broad awareness.'

Answer Strategy

Test analytical and communication skills. Answer: 'After a campaign showed the engineering team had a 40% click rate on technical document lures, I analyzed the failure patterns. I didn't just report the number; I presented the engineering leadership with a breakdown showing most failures occurred on Monday mornings. We co-designed a targeted, 5-minute training module on technical phishing, delivered Monday mornings via our platform. Repeat failure rates dropped to 15% in the next quarter, which I reported as a direct reduction in credential theft risk for our code repositories.'