SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Frame launches AI campaign against social engineering

Frame launches AI campaign against social engineering

Thu, 9th Jul 2026
Sean Mitchell
SEAN MITCHELL Publisher

Frame Security has launched KnowBetter, a campaign urging organisations to replace traditional security awareness training with continuous, AI-driven simulations of social engineering attacks.

The company argues that many businesses still rely on training built around older phishing tactics, even as attackers use generative AI to create more convincing scams. Cloned voices, deepfake videos, text messages and tailored emails are now common elements of social engineering attempts against employees, it says.

KnowBetter is designed to push security teams away from annual or semi-annual awareness programmes and generic training templates. Frame says its approach uses simulations based on an organisation's own environment and adapts difficulty for each employee according to risk.

The campaign comes as companies face broader pressure to show they can measure and reduce human risk, rather than simply confirm that staff have completed mandatory courses. Cyber insurers, regulators and procurement teams are paying closer attention to how organisations assess employee exposure to fraud and impersonation attacks.

Security awareness training has long focused on familiar warning signs such as suspicious links, misspelt domains and urgent payment requests. Frame contends that those signals are less reliable when attackers can generate realistic audio, video and written impersonations using widely available AI tools.

Tal Shlomo, co-founder and Chief Executive Officer of Frame Security, said many organisations are not preparing staff for the threats they now face across multiple communication channels.

"Most organizations are still training people to recognize threats from five years ago," Shlomo said.

He added that static training material does not reflect the realism of newer attacks that can imitate senior executives.

"The phishing template hasn't changed, but the attacker has. A single click of AI-generated audio can now sound exactly like a CFO asking for a wire transfer, and no amount of static training slides prepares someone for that," Shlomo said.

Changing expectations

Frame's message reflects a wider shift in the market for corporate cyber training and risk management. Boards and Chief Information Security Officers are placing greater emphasis on whether organisations can track human risk over time and across multiple attack methods, rather than simply reporting how many employees clicked on a test email.

Frame says its platform measures employees through phishing, vishing and deepfake simulations, then links the results to what it calls a Human Risk Score. The company presents this as an alternative to programmes that depend heavily on click-through rates from standard phishing exercises.

The shift is also affecting commercial relationships. Businesses increasingly face questions from customers and partners about internal security controls during procurement reviews, while insurers are examining how firms manage the risk of staff being manipulated by social engineering.

Shlomo said those conversations have moved beyond basic compliance.

"Boards and CISOs are asking a different question now," he said.

"It's no longer just how many people clicked a fake email. It's whether the organization actually understands where its human risk sits today, across every channel attackers are using, and whether that risk is going down over time," Shlomo said.

Broader pressure

Frame was founded by Shlomo, one of Wiz's earliest employees, and Sharon Shmueli, former Chief Technology Officer of Team8's venture creation platform. The company operates in the human risk management segment, where vendors are trying to bring security training closer to real-world attack conditions.

Its campaign also links staff awareness to business performance. As more companies use AI in customer support, sales and internal operations, they are under pressure to show that employees can recognise and respond to increasingly persuasive forms of impersonation and fraud.

That is becoming part of procurement and security due diligence, particularly in larger enterprise sales processes where buyers want evidence that suppliers can manage operational and cyber risk. Frame argues that a stronger human risk posture can help companies move more quickly through those reviews.

Shlomo said the issue has become a factor in commercial decision-making.

"When enterprise buyers evaluate a vendor now, human risk posture is part of the conversation, not an afterthought," he said.

"Companies that can show they have this under control move through procurement and security reviews faster. In the AI era, that speed is a competitive advantage, not just a compliance checkbox," Shlomo said.