AI-Powered Simulations

Your CEO Called. It Wasn't Your CEO.

Email filters can't stop a deepfake of your CFO walking into a Teams meeting — with their exact face and voice — demanding an urgent payment. Train your team before the real attackers exploit this.

See Pricing

Email Phishing Is Old News. Deepfake Executives Are Here.

Legacy phishing platforms only test email. But attackers have moved on — they're cloning voices from 3 seconds of audio and faces from a single LinkedIn photo. Your team will face this. Train them now.

3,000%
increase in deepfake fraud attempts since 2023
£20M
lost to a single deepfake CEO scam at a UK energy firm
3 sec
of audio needed to clone a convincing voiceprint
76%
of UK businesses have zero deepfake response training

Two Simulation Models — Pick What Fits

We offer both asynchronous campaigns (scalable, lower cost) and live red-team exercises (high-impact, targeted).

Asynchronous: Phishing-to-Fake-Meeting

Your team receives a simulated Teams/Zoom invite from "the CEO" via email or chat. Clicking it lands on a realistic meeting page where a pre-recorded deepfake avatar delivers urgent instructions — asking them to approve a payment or share data. Those who comply receive instant micro-training. Scalable across hundreds of users. Best for broad awareness campaigns.

Synchronous: Live-Join Video Call

A premium, high-stakes simulation aimed at finance teams, EAs, and executives. Using real-time face-swap and voice-cloning AI, a deepfake "executive" joins a live Teams or Zoom call and issues urgent instructions under pressure. Tests whether your team follows protocol or folds under social engineering. Best for testing your verification framework against the most dangerous attack vector.

Deepfake Training Packages

From one-off executive simulations to ongoing monthly awareness programmes.

AI-Era Awareness Add-On
£4.50–£8
Per user/month · Ongoing programme
  • White-labeled training portal access
  • Pre-built generic deepfake templates
  • Monthly micro-simulations (async)
  • Automated remediation training
  • Quarterly "live-join" spot checks
  • Reporting dashboard for management
  • Bundled with standard MSP services
  • Custom executive deepfake
Learn More

All campaigns require written executive consent before biometric assets are created. See Legal & Compliance below.

You Can't Spot Deepfakes. You Need a Verification Protocol.

AI video glitches — lip-sync lag, freezing, skin artefacts — are being patched out in weeks, not years. Counting on employees to "spot the fake" visually is already obsolete. What actually works: a hard-coded, out-of-band verification rule that no amount of AI realism can bypass.

Secondary Channel Verification

Whenever an executive makes an unexpected, urgent financial request — on any medium (call, video, email, chat) — the employee must verify through a pre-agreed secondary channel. Call a known mobile number. Send a separate Slack DM. Use a codeword. Never verify through the same channel the request arrived on.

Your "Fake Framework" — Built & Tested

We don't just run the simulation and hand you a report. We deliver a written verification protocol tailored to your company's communication stack. Then we test it — live — against a deepfake. If your team follows the protocol, they pass. If they don't, we know exactly where the gap is.

Behavioural Change, Not Awareness Training

PowerPoint slides create awareness. Live simulations create behaviour. When an employee has actually been on a call with a deepfake of their boss — and learned to reach for their phone to verify — that lesson sticks permanently. This is muscle memory, not a compliance checkbox.

FAQ

What clients ask before running their first deepfake simulation.

Is this legal in the UK?

Yes — with the correct safeguards. We operate under explicit consent (Article 9(2)(a) UK GDPR), a mandatory DPIA, a strict DPA with our platform vendors, and full biometric asset destruction post-campaign. The key requirement is that the executive whose likeness is cloned must give informed, written consent — we handle this as part of onboarding.

What happens if the executive withdraws consent mid-campaign?

The campaign stops immediately. All biometric assets — raw samples, cloned models, rendered video — are destroyed within 48 hours. We provide a deletion certificate. No questions asked, no delay. This right is absolute and contractually guaranteed.

Does the AI model train on our executive's data?

Never. Our DPA with platform vendors explicitly prohibits using client biometric data for model training, dataset building, or any purpose beyond the specific simulation campaign. The data is processed in an isolated environment and destroyed afterwards.

Which platform vendors do you use?

We partner with platforms including Hoxhunt, Gordon Phishing (async link-based simulations), and Breacher.ai / Callstrikes (live-join red team exercises). All vendors are vetted for UK GDPR compliance and provide the required DPA before onboarding. We select the best platform for your specific simulation objectives.

What's the difference between this and standard phishing testing?

Standard phishing tests email — links, attachments, credential harvesting. Deepfake simulation tests behaviour under social pressure from a known authority figure. It's the difference between testing whether someone clicks a link and testing whether they transfer £50,000 because their "boss" asked them to on a video call. Different threat model, different psychology, different defence.

What do employees actually learn from this?

They learn a single, hard-coded behaviour: verify unexpected urgent financial requests through a secondary channel, always, no exceptions. Not "look for glitches" — that approach is already obsolete. Our training builds an automatic verification reflex that works regardless of how realistic AI becomes in the future.

Do I need to register with the ICO for this?

If you're processing biometric data (even via a third party), you almost certainly need to register with the ICO and list biometric data processing in your data protection fee registration. We recommend checking your current registration covers Special Category Data. If it doesn't, we can guide you through updating it — it's a quick process.

Think Your Team Would Spot a Deepfake CEO?

Most executives are confident their team wouldn't fall for it. Most are wrong. Book a confidential discovery call — we'll walk you through exactly how a deepfake simulation works, what it reveals, and how to build a verification protocol that actually protects your business. No obligation.

Book a Discovery Call