How to Evaluate Deepfake Phishing Simulation Platforms | 7 Questions | Breacher.ai
7 Questions to Ask Before You Buy a
Deepfake Simulation Platform
The market is full of platforms claiming deepfake simulation capability. Most cannot simulate what adversaries are actually doing. These seven questions will expose the difference between a vendor selling a feature and a vendor who has built a real adversarial simulation capability from the ground up.
Why This Guide Exists
When you search for “deepfake phishing simulation,” you will find vendors who use that phrase in their marketing. What you will not immediately find is a clear way to distinguish between a platform that bolted an AI voice feature onto an email phishing tool and one that was purpose-built to replicate the full adversarial kill chain.
That distinction matters enormously. Security teams that adopt a platform with incomplete deepfake capability run a specific kind of risk: they believe their workforce has been tested against the modern threat, when in reality they have only been tested against a narrow slice of it. That false confidence is arguably more dangerous than no testing at all.
The seven questions below are designed to surface that gap. Bring them to every vendor conversation. The answers will do the rest.
The 7 Questions
Context is what separates a generic phishing email from a convincing social engineering attack. A contextual layer means the simulation incorporates OSINT-gathered intelligence about the target: their role, their recent public activity, their relationships, their communication patterns, their organization’s current events, to construct a scenario that feels specific and credible rather than generic and suspicious.
Ask whether their platform conducts pre-engagement OSINT reconnaissance. Ask whether simulation scenarios are customized to reflect the target organization’s actual internal context, a pending merger, a recent executive departure, a known vendor relationship, or whether they pull from a generic template library. Ask whether they can demonstrate what a contextually enriched simulation looks like versus a baseline campaign.
Why it matters: The most dangerous attacks are specific, not generic. A simulation that feels generic will be spotted by experienced employees and generate overconfident awareness metrics. A simulation with a genuine contextual layer tests what actually happens when the attack is believable, because that is the scenario with real-world consequences.
- Do you conduct OSINT reconnaissance before building simulation scenarios, or do you use templated content?
- Can you incorporate our organization’s current events, executive roster, and vendor relationships into the simulation narrative?
- Can the contextual layer extend to AI voice cloning, using the target executive’s actual speech patterns derived from public recordings?
There is a meaningful difference between a pre-recorded deepfake video and a live, interactive AI Avatar that can hold a conversation, respond to questions, and adapt in real time. Adversaries like UNC1069 have used synthetic video meetings where the “executive” on screen responds dynamically to what the target says. A static deepfake clip does not replicate that scenario. A conversational AI Avatar does.
Ask whether their Avatar can conduct a two-way interaction, not just play back a video. Ask whether it can be configured with a specific executive’s communication style. Ask what happens when a target asks an unexpected question mid-call.
Why it matters: The most dangerous deepfake attack scenarios involve a target who interacts with the Avatar, not one who passively watches it. If the platform cannot handle real-time interaction, it cannot simulate the attack type most likely to succeed against your executives.
“We generate realistic deepfake video clips you can send as attachments or links.” This is a recording, not an Avatar. The threat it simulates is real but incomplete.
This question sounds soft. It is not. There is a fundamental difference between a platform built by a product team that read threat intelligence reports and a platform built by operators who have actually run adversarial social engineering engagements against real organizations with real stakes.
Platforms built by product managers optimize for user experience, dashboard metrics, and SaaS scalability. Platforms built by practitioners optimize for adversarial fidelity: the degree to which the simulation reflects what a real threat actor would actually do. Ask who designed the methodology. Ask for their red team credentials. Ask which real-world attack campaigns informed the platform’s design decisions.
Why it matters: Adversarial simulation is not a software problem. It is a craft problem. Vendors without practitioners on the design team produce simulations that look like attacks but do not behave like them, and experienced targets see through them immediately.
- Who specifically designed your simulation methodology, and what is their red team background?
- Can you share documented engagement results from real production deployments?
- Have your practitioners published threat research or spoken at security conferences?
A vendor that only simulates published, attributed attack campaigns is always one step behind the threat. By the time a campaign like Black Basta’s Teams-based social engineering chain was written up by CISA, threat actors had already evolved it. Vendors who conduct their own threat research understand where the attack surface is moving before the public advisory drops.
Ask whether they have a threat research function. Ask whether they have mapped AI-enabled social engineering TTPs that have not yet appeared in published threat intelligence. Ask whether their simulation scenarios are informed by their own engagement data, not just vendor blog posts and public advisories.
Why it matters: If your simulation vendor’s scenarios are built entirely from public threat intelligence, your simulations are already 6 to 12 months behind the actual threat landscape. Original research is how a vendor stays ahead of the adversary, and how you do too.
“We update our template library quarterly based on the latest threat reports.” This describes a content licensing operation, not a threat research capability.
This is the most technically significant question on this list, and most buyers do not know to ask it. Multi-channel means the platform can send attacks across email, SMS, and voice. Orchestrated means the attacks are sequenced, conditional, and adaptive. Each step is triggered by the target’s behavior in the previous step, exactly as a real adversary would operate.
In a multi-channel campaign, all vectors fire simultaneously or on a fixed schedule. In an Orchestrated Phishing Simulation, the platform escalates intelligently: if the target opens the email, the vishing call triggers. If they engage on Teams, the deepfake meeting link follows. If they click, the campaign adapts the next stage accordingly. These are fundamentally different threat models.
Why it matters: Real adversaries do not fire all vectors at once and wait. They condition targets step by step. A multi-channel platform without orchestration logic simulates noise, not an adversary. OSES™ (Orchestrated Social Engineering Simulations™) is the only trademarked methodology purpose-built around this distinction.
- Does the next attack step trigger based on the target’s actual behavior, or does it fire on a fixed schedule regardless of engagement?
- Can a campaign escalate from email to voice to a deepfake meeting link as a connected sequence?
- Can campaigns be paused or modified mid-engagement based on real-time target behavior?
Most simulation platforms are designed to measure awareness at population scale: send a thousand phishing emails, measure who clicks, generate a dashboard. That is a fundamentally different capability from a red team engagement targeting specific individuals with OSINT-informed, bespoke social engineering attacks.
Ask whether their platform can be configured for named-target operations with individualized reconnaissance. Ask whether they can execute a full red team engagement, not just run a simulation template, against specific executives or high-value targets. Ask whether their practitioners can sit across from your red team and coordinate a joint human-technical operation.
Why it matters: Security programs with mature technical red team capabilities need a human-layer counterpart that operates with the same rigor and specificity. A simulation platform that can only run mass campaigns cannot serve that function. A dual-purpose platform can, and it transforms the economics of your security testing program.
“We support custom target lists and personalized phishing templates.” Personalized templates are not red team operations. Push further.
Microsoft Teams is no longer a secondary communication channel. It is the primary collaboration infrastructure for most enterprise organizations, and it has become one of the most actively exploited social engineering vectors in documented threat campaigns. Black Basta affiliates used external tenant impersonation on Teams to deploy ransomware across hundreds of organizations. The vector is real, it is active, and most simulation platforms cannot test it at all.
Ask specifically whether they can simulate an inbound Teams message from an attacker-controlled external tenant impersonating your IT help desk. Ask whether they can generate deepfake video meeting links delivered inside Teams. Ask whether Teams simulation is a production capability or a roadmap item.
Why it matters: Your employees have been trained to be skeptical of email. They have not been trained to be skeptical of a calm, professional message from “IT Help Desk” arriving through the same channel their manager just used to send them a meeting invite. The surface is trusted. The threat is real. The simulation capability is rare.
“We support Teams integration for campaign delivery notifications.” Notification delivery is not Teams phishing simulation. Push for specificity on external tenant impersonation and deepfake meeting link capability.
How to Score the Answers
Use this as your evaluation scorecard after each vendor conversation. A vendor that cannot answer “yes” to the majority of these questions is not a deepfake simulation vendor. They are a phishing simulation vendor with some AI features bolted on. That distinction matters for how you set expectations, budget, and program outcomes.
A vendor that scores 4 out of 7 can simulate half the threat. The half they cannot simulate is the half most likely to cause a breach.
If you want to see what all seven capabilities look like in a single, coordinated engagement, Breacher.ai’s OSES™ methodology was built to answer yes to every question on this list. Not as a feature checklist, as a doctrine that has been tested against real enterprise targets across financial services, energy, legal, government, and technology sectors.
See All 7 Capabilities Live
Book a 30-minute live demo. We will walk through an OSES™ simulation from OSINT reconnaissance through interactive Avatar deepfake delivery, using your own organization as the scenario.
Latest Posts
Table Of Contents
About the Author: Jason Thatcher
support@breacher.ai
