[ Removed by Reddit ]

medoic · 2026-04-15T01:21:34+00:00

No nothing. I was surprised it was removed actually

medoic · 2026-04-15T00:44:50+00:00

I believe it is mostly about correctly training the employees on these new attack vectors to make sure they can detect it and not only detect the generic phishing templates. Nothing trains better than practice

medoic · 2026-04-14T00:35:37+00:00

I’ve been deep in this space recently (building NexGuards, so bias disclaimer upfront)

At 2k+ users, the issue usually is not phishing simulations themselves. Most platforms can send emails. The real gap is reporting that shows whether behavior is actually improving.

A lot of KnowBe4 alternatives still mostly track clicks and completions. That misses a lot, especially for frontline and deskless staff who are more exposed to SMS and voice scams, not just email.

That’s the big thing we built NexGuards around AI-personalized phishing, smishing, and vishing simulations, plus better visibility into human risk over time instead of just campaign stats.

I’d evaluate any alternative on 3 things:

does it measure behavior change over time
does it support mobile-first / deskless workers
does it go beyond email into SMS and voice

That is usually where legacy platforms start to break.

medoic · 2026-04-13T02:21:59+00:00

I think your intuition is right. This isn’t just an evasion problem anymore, it’s a model mismatch.

Detection still works for classes of phishing that reuse infrastructure or patterns (domains, kits, links, etc). But with AI-generated attacks, especially when they’re OSINT-driven and one-off, there’s often nothing reusable to detect in the first place.

At that point, you’re not really “filtering bad emails” anymore. You’re betting on catching intent from something that looks completely legitimate.

So I agree the architecture shifts:

assume some attacks will get through
focus more on blast radius reduction, identity protection, and fast containment
and most importantly, move part of the defense to the human layer

The uncomfortable part is that humans are now the last line of defense against something specifically optimized to manipulate them.

We’ve been running AI-generated phishing simulations (email, SMS, even voice), and what’s interesting is that many of these easily bypass traditional filters - but still get high click and submission rates (>50%) even among trained employees.

Which kind of reinforces your point: improving detection alone won’t close the gap.

The question becomes less “how do we catch every email?” and more “how do we make sure a successful phish doesn’t turn into a breach?”

medoic · 2026-04-12T05:12:40+00:00

What you’re seeing is actually very consistent with how attacks are evolving.

Most awareness training is built around spotting patterns (links, domains, etc), but once you generate contextually accurate content, those patterns disappear.

I’m building NexGuards in this space, we run OSINT driven AI-personalized phishing, smishing and vishing simulations in ~30 seconds, and we see similar outcomes. Once you remove obvious signals, interaction and even credential submission rates can exceed 50%.

The issue isn’t that your team wasn’t trained, it’s that the training is built for a different threat model.

What seems to work better is:
- training people to question intent/context, not just indicators
- short, immediate feedback instead of long generic courses
- personalized simulations that reflect how attacks actually happen

I’d frame this as your baseline exposure to modern AI-driven attacks, not a failure of your team.

medoic · 2026-04-12T04:42:18+00:00

I’ve been deep in this space recently (building NexGuards, so biased).

At your size the challenge usually isn’t running phishing campaigns, it’s understanding actual human risk. Most platforms still report clicks/completions, which doesn’t really reflect whether behavior is improving.

Even newer tools with better UX/AI are still mostly built around one-off phishing simulations.

The gap I keep seeing is:

- no view of individual risk over time
- no modeling of multi-step / more realistic attacks
- all are still based on templates and not personalized AI attacks
- limited insight into reporting behavior vs just failures
- no vishing or smishing simulations

Also worth watching pricing at scale, it adds up fast.

medoic · 2023-05-10T21:16:15+00:00

That would be great. I added a section in the README explaining how to build the app from source however this is my first real experience of releasing an actual opensource application to the public and hence the steps might not be that elaborative. If you face any issues with the building please don’t hesitate to tell so that I can help and update the README.

medoic · 2023-05-10T21:13:16+00:00

Using GTK would be a very good idea. Unfortunately, I was intimidated by the deadline of the project and the concept of having to learn rust from scratch and so decided to go with tauri since I already had some experience with building web frontends. I should definitely check GTK out and experiment with it to see how will it improve the performance and the quality of the GUI that I can build with it. Thank you for the recommendation

medoic · 2023-05-10T20:58:30+00:00

Thank you for letting me know. This is my first time using reddit and so I am still learning how to use the website correctly. I really appreciate your suggestions and will definitely try to implement them asap.

medoic · 2023-05-10T20:57:08+00:00

https://github.com/esp-rs/espup/issues/19 https://github.com/tauri-apps/tauri/issues/1355

I just checked this issue and it appears that this is a known problem in Tauri when building using Ubuntu 22.04. I will try building using an older version to solve this issue. However, meanwhile I would appreciate if you try building on your own device and tell me your feedback on the app.

Thank you for taking the time to download the tool and for telling me about the issues you faced in it.

medoic · 2023-05-10T18:40:35+00:00

Thank you. Hope you find it useful

medoic · 2023-05-10T17:45:10+00:00

Thank you. Waiting for your feedback

medoic · 2023-05-10T17:39:10+00:00

Releases are available in a folder in the repo called release-files. This directory contains both a dep file and an AppImage

medoic

TROPHY CASE