Fortinet: Behavior-First Security Training Against AI-Driven Cyber Attacks
News | 14.07.2026
AI has industrialized social engineering. Traditional awareness programs no longer keep pace, and organizations need a behavior-first approach that reshapes how employees react under pressure.
Attackers are using generative AI to craft convincing phishing emails, deepfake voice calls and personalized lures at a scale never seen before. Employees who once relied on spotting typos or awkward phrasing are now confronted with flawless, context-aware messages. In this environment, knowing about threats is not enough — behavior-first security training is becoming the decisive layer between the attacker and the business.
What was announced
Fortinet published new guidance on how enterprises should evolve their security awareness programs in response to the rise of AI-enabled cyber attacks. The central argument: awareness alone does not change behavior. Organizations must move from content-based training to programs that measurably influence how employees act when facing suspicious emails, links, calls and requests.
Fortinet highlights that AI-generated phishing has dramatically reduced the traditional signals users were taught to look for — spelling errors, generic greetings, obvious impersonation. Instead, adversaries now generate emails, chat messages and voice content tuned to the recipient's role, projects and vocabulary. As a result, click-through and credential submission rates on simulated phishing rise sharply when AI is used to craft the lure.
Why this matters
For CIOs, CISOs, IT directors and procurement leaders, the shift has direct implications for risk, compliance and budget allocation. Regulatory frameworks such as NIS2, DORA and industry standards increasingly require demonstrable evidence that human risk is being reduced, not merely that annual training was completed.
A behavior-first approach reframes the human layer as a controllable risk surface. Instead of measuring completion rates of e-learning modules, security leaders should measure reporting rates of suspicious messages, time-to-report, resistance to targeted simulations and repeat-offender trends. This turns awareness into an operational metric that maps directly into SOC workflows and executive reporting.
AI has removed the visual clues employees relied on for years. The only durable defense is a workforce trained to pause, verify and report — regardless of how polished the message looks
Technical details
- Behavior-first design: training programs focus on habits like verification, reporting and escalation instead of knowledge recall.
- AI-aware phishing simulations: use of generative AI to build realistic, personalized lures reflecting current attacker tradecraft.
- Deepfake and voice scenarios: inclusion of voice cloning, video impersonation and multi-channel social engineering in exercises.
- Role-based content: tailored modules for finance, HR, IT admins and executives, aligned with the threats each role faces.
- Measurable KPIs: phishing report rate, dwell time, click rate on targeted simulations, repeat-click population.
- Integration with SOC and XDR: user-reported messages feed detection pipelines, EDR and SIEM enrichment.
- Continuous reinforcement: short, frequent nudges replace once-a-year compliance modules.
Softprom and Fortinet
Softprom is the official distributor of Fortinet. Our team helps enterprises design and operationalize behavior-first security awareness programs, integrate them with existing Fortinet Security Fabric components and align them with regulatory requirements.
Ready to reduce human risk against AI-driven attacks? Explore solutions from Fortinet with Softprom.
This content was prepared as part of the Softprom DistriFlow project — an automated system for monitoring and adapting vendor news. Original source: original article.