Test the Process, Not the User: Deepfake-Era Awareness Training | Breacher.ai
Test the Process.
Don't Trick the User.
Awareness training built on "spot the fake" was already brittle. Deepfakes broke it. Why simulations have to measure whether your process held — not whether your users clicked.
The Detection Model Is Broken
For two decades, security awareness has been built on a single skill: detection. Train users to spot the artifacts of a fake — the typo, the weird URL, the off-tone voicemail — and measure success by whether they clicked. It worked when attackers had to be sloppy.
Deepfakes erase the sloppiness. The CFO's voice sounds like the CFO. The Zoom face moves like the face. There are no typos, no malformed URLs, no broken cadence. The surface signals users were trained to detect have been engineered away.
Asking accounts payable to function as a forensic media analyst — under time pressure, on a Tuesday afternoon, with a voice that sounds exactly like their boss — is a losing bet. The data confirms it. Detection is no longer a control. It is a coin flip.
Why Process Beats Perception
The collapse of the perception layer is why policy, procedure, and process matter more, not less, in the deepfake era.
Process is deterministic where perception is unreliable. A callback to a known number does not care whether the inbound voice was cloned.
A callback to a verified number does not care whether the inbound voice was cloned. A two-party authorization on a wire does not care whether the requester looks like the CFO on video. Codewords, escalation paths, and "no high-value action on a single channel" rules give the user something to do other than judge authenticity. They give the user a script.
Critically, process removes the user's judgment as the single point of failure. That is the architectural shift. The defender does not need to win the detection game — they need to make sure the detection game is not the game being played.
Three Ways Awareness Training Has to Evolve
Existing awareness content is not worthless. It is incomplete. Here are the three shifts that close the gap deepfakes opened.
Stop Teaching "Spot the Fake"
Teach "follow the process even when the request feels legitimate." The hard problem is not recognizing manipulation — it is having the social courage to say "let me call you back" to someone who appears to be your CEO. Detection is a perception skill. Procedure adherence is a behavior skill. The latter is what survives a convincing deepfake.
- Train procedure adherence over detection
- Drill social-courage scripts
- Remove "trust your gut" from policy
- Make "let me call you back" reflex
- Decouple authority from authenticity
- Treat hesitation as a control, not friction
Rehearse the Policy, Don't Just Write It
Most organizations have wire-approval policies on paper that nobody can recite under pressure. Training should drill the procedure, not the threat. Muscle memory beats vigilance every time. The wire policy that is rehearsed monthly outperforms the wire policy that is documented annually, regardless of how comprehensive the documentation is.
- Rehearse procedures, not slides
- Monthly drill cadence on high-risk flows
- Recall checks for documented controls
- Tabletop the dual-approval workflow
- Practice escalation under time pressure
- Measure recitation, not completion
Train the Psychological Levers, Not the Artifacts
Urgency. Authority. Secrecy. When the surface signals are clean — no typos, no weird URLs, no off-tone voicemails — the manipulation pattern itself becomes the tell. A request that demands silence and speed is the signal, regardless of who appears to be making it. Train employees to read the request structure, not the request medium.
- Urgency as a tell, not a trigger
- Authority bypasses as suspicious by default
- Secrecy clauses as immediate escalation
- "Don't tell anyone" = automatic callback
- Pattern recognition on attacker scripts
- Channel-switching detection
Tricking the User vs. Testing the Process
If detection is the wrong skill, then "did the user click?" is the wrong metric. Measuring click rate measures detection — and detection has been engineered away. The right variable is whether the process held. Did the user pause? Did they invoke the callback? Did they escalate? Did they follow the documented procedure?
This reframes what "passing" and "failing" mean in a simulation. It also reframes what the simulation itself is for.
Tricking the User
Measures whether the user spotted the fake. Frames failure as individual user error. Treats the click as the outcome. Produces shame, not behavior change. Cannot test process or technology. Becomes useless when surface signals are clean.
The metric is detection. Detection has been removed from the attacker's surface. The metric no longer correlates with the outcome the organization cares about.
The unit of analysis is the individual user. Wins and losses are attributed to people, not to system gaps. The findings produce a list of users to retrain, not a list of controls to repair.
Testing the Process
Measures whether the procedure was invoked. Frames failure as a system gap, not a person gap. Treats the callback or escalation as the outcome. Produces rehearsal and reflex. Tests people, process, and technology together. Stays valid when the deepfake is indistinguishable.
The metric is procedure adherence. Procedure adherence remains under defender control regardless of how convincing the synthetic becomes.
The unit of analysis is the organization. Wins and losses are attributed to controls that held or did not. The findings produce a list of process gaps to close, not a list of users to retrain.
What "Did the Process Hold?" Actually Looks Like
Process-aligned scoring measures behavior at the organizational layer, not vigilance at the individual layer. A user who initially believed the deepfake and then invoked the callback is a win — because that is exactly what the process is designed to do. A user who detected the fake but did not escalate is a partial loss, because the colleague they brief next time will face the same lift with none of the system response.
This scoring tells a CISO something a click rate cannot: whether the organization, as a system, can be compromised. That is the question that matters. It is the only question that survives the deepfake era.
Two Views · The Board and the Operator
The case for moving from detection to process reads two different ways inside enterprise security organizations. Both readings are correct. Both lead to action, but the actions are different.
Click Rate Is Not Defensibility
A board report showing a 2% phishing click rate communicates control. That communication is false if the attack vector has shifted to channels phishing simulation does not test. The fiduciary question is not whether the awareness program runs. It is whether the metric the program reports actually maps to the threat model the organization faces.
- Click rate metrics misrepresent defensibility when attackers operate outside email
- Cyber insurance underwriters increasingly ask about multi-channel readiness
- Board fiduciary duty to address known, named, and active threat categories
- Emerging AI governance frameworks treat deepfake readiness as a distinct control
- Public communications risk if a deepfake-enabled incident occurs without testing in evidence
- Audit committee expectations are shifting toward outcome metrics, not activity metrics
The Untested Procedure Is the Real Gap
Operators already know the wire policy. They wrote it. The unsettled question is whether the wire policy actually activates when an attacker who sounds exactly like the CFO calls accounts payable on a Tuesday afternoon. That question is answerable only by running the test. The operator's job is to find the gap before the attacker does.
- Voice-only verification flows mapped and treated as control gaps
- Helpdesk testing against AI voice agents on inbound and callback paths
- Executive impersonation scenarios across Teams, Meet, and Zoom
- Dual approval enforcement tested under time pressure
- Out-of-band verification mandates for financial and access actions
- Realistic multi-channel simulation prior to relying on awareness training
The board needs evidence the threat is being addressed. The operator needs to know which controls actually work. Process-aligned testing answers both with the same engagement.
The Longer Arc
Traditional awareness training answers "did the user learn what we told them?" It is a knowledge assessment dressed up as a security control. Process-aligned simulation answers a different question entirely: "If a credible attacker shows up tomorrow, does our system response activate?"
One is a quiz. The other is a fire drill. In 2026, with synthetic media as cheap, fast, and convincing as it now is, the difference between the two is the difference between a compliance checkbox and an actual control.
The deepfakes are only going to get better. The processes that defeat them have been the same since before any of this technology existed.
Train to the process. Test the process. Score the process. The users will be fine — because you have stopped asking them to be the control.
Frequently Asked Questions
Direct answers to the questions security leaders, CISOs, and risk owners ask most often about moving from detection-based awareness training to process-aligned simulation.
Traditional phishing simulation measures whether a user spotted artifacts — the typo, the weird URL, the off-tone voicemail — and reports click rate as the outcome. Deepfakes engineer those artifacts away. The CFO's voice sounds like the CFO. The Zoom face moves like the face. There are no typos, no malformed URLs, no broken cadence. Asking accounts payable to function as a forensic media analyst under time pressure is a losing bet. 63% of users cannot distinguish synthetic media from real even when warned to try. Detection has collapsed as a control, which means click rate has collapsed as a meaningful metric.
Process is deterministic where perception is unreliable. A callback to a known number does not care whether the inbound voice was cloned. A two-party authorization on a wire does not care whether the requester looks like the CFO on video. Codewords, escalation paths, and "no high-value action on a single channel" rules give the user something to do other than judge authenticity. They give the user a script. Critically, process removes the user's judgment as the single point of failure. That is the architectural shift. The defender does not need to win the detection game — they need to make sure the detection game is not the game being played.
Process-aligned simulation measures whether documented procedures activated under realistic attack conditions. The questions are: did the user pause? Did they invoke the callback? Did they escalate to the documented path? Did the system response engage? A user who initially believed the deepfake and then invoked the callback is a win, because that is exactly what the process is designed to do. A user who detected the fake but did not escalate is a partial loss, because the colleague they brief next time will face the same lift with none of the system response. The metric is organizational behavior, not individual vigilance.
Traditional platforms are built on a knowledge-assessment model. They train users to recognize phishing patterns and measure click rate on simulated emails. OSES™ (Orchestrated Social Engineering Simulations™) is a process-test model. It runs realistic multi-channel attack scenarios — voice cloning, deepfake video, coordinated email-to-phone-to-Teams kill chains — and measures whether the organization's documented controls held. The outcome is not a knowledge score for the user. It is an organizational vulnerability score across people, process, and technology layers tested together.
No. Phishing simulation remains a useful baseline control for the email channel and for compliance requirements. The argument is not that phishing simulation is worthless. The argument is that phishing simulation alone is insufficient when attackers operate across voice, video, and calendar channels using synthetic media. Organizations that have run extensive phishing awareness programs typically still fail at high rates in coordinated deepfake scenarios because the training does not transfer across modalities. Phishing simulation should remain in place and be supplemented with realistic multi-channel testing that exercises the process controls the deepfake threat model actually attacks.
A win is procedure invocation, not detection. If a user receives a convincing voice-cloned request from someone who appears to be the CFO and then executes the documented callback to the CFO's known number, that is a win — even if the user initially believed the request was real. The deepfake was contained by process, which is exactly what the process is designed to do. A win can also be escalation: the user flagged the request to the documented escalation path and the system response activated, ensuring the next attempt against a colleague will be caught by the same mechanism. The metric is whether the organization, as a system, can be compromised — not whether any individual user spotted the synthetic.
Click rate measures detection. Detection has been engineered out of the attack surface by synthetic media. Measuring a variable that no longer correlates with the outcome you care about is worse than measuring nothing — it produces false confidence. An organization with a 2% phishing click rate can still be fully compromised by a voice-cloned wire fraud request because that attack does not require anyone to click on anything. The right variable is whether the process held: was the callback invoked, was dual approval triggered, did the escalation path activate. Those variables describe the actual defensive state of the organization. Click rate does not.
Existing awareness programs handle the knowledge layer — what an attack looks like, what employees should do conceptually, what the policy says. Process-aligned testing handles the behavior layer — whether documented procedures actually activate under realistic pressure. The two are complementary, not competing. Awareness builds the foundation. Process testing validates that the foundation holds. The integration looks like: continue running existing awareness content for compliance and baseline knowledge, and add periodic multi-channel deepfake simulations that score procedure adherence and surface gaps in the documented controls. Most organizations discover at least one voice-only or video-only authorization path they did not know existed.
Engagement data is drawn from Breacher.ai client testing across 15 enterprise simulations covering 1,057 total targets, with measured 14.6% average primary susceptibility and 13.5% secondary susceptibility. Findings include 92% of organizations vulnerable to at least one deepfake social engineering vector, 78% highly vulnerable across multiple departments, 63% of users unable to distinguish synthetic from real, and 8% showing no susceptibility in well-crafted multi-channel tests. OSES™ (Orchestrated Social Engineering Simulations™) and DEEPFAKE RED TEAM™ are registered trademarks of Breacher.ai, Inc.
Test What Actually Holds Under Pressure
Book a 30-minute scoping call. We will walk through your verification flows, identify the highest-risk voice-triggered paths, and design a realistic multi-channel deepfake simulation calibrated to your organization.
Latest Posts
Table Of Contents
About the Author: Jason Thatcher
support@breacher.ai
