Skip to main content

Auto-Phish & Auto-Train - Introduction

Sebastian Salla
Updated

AI-powered selection of phishing emails and training modules, tailored to your organization and to each individual employee.

What are Auto-Phish and Auto-Train?

Auto-Phish and Auto-Train are AI-powered features that remove the manual work of choosing which phishing emails or training modules to send in a campaign. When enabled, CanIPhish automatically selects the most appropriate phishing email or training module for each individual employee at the moment of delivery.

Auto-Phish is available on phishing-only and combined phish-and-train campaigns that use email as the delivery channel. Auto-Train is available on training-only and combined phish-and-train campaigns. Both can be enabled together within the same campaign.

Note: Auto-Phish and Auto-Train are Enterprise subscription features. If your tenant is not on an Enterprise plan, the toggles will appear locked in the campaign wizard.

How Auto-Phish and Auto-Train make decisions

Both features draw on the same three AI inputs. Together, these inputs let CanIPhish move beyond random selection and choose content that matches your campaign objective, your organization, and the specific employee receiving it.

1. The campaign-level prompt

When you enable Auto-Phish or Auto-Train, CanIPhish opens a prompt window where you describe the objective of the campaign. This is your direct guidance to the AI about what kind of phishing or training the campaign should produce.

You can enter free-form text up to 500 characters, or pick one of the built-in example prompts as a starting point. Built-in prompts cover common scenarios such as the most contextually appropriate phish, the most difficult phish, credential harvesting, attachment-based phishing, business email compromise, conversational phishing, new-starter onboarding, password and credential hygiene, data protection, social engineering, and remote work security.

The prompt is stored against the campaign and re-used on every campaign occurrence, so recurring campaigns continue to honor the original intent.

2. The AI Knowledge Source

The AI Knowledge Source is a tenant-level profile of your organization. It captures the context the AI needs to make realistic, organization-specific selections, including:

  • A summary of the organization, what it does, and where it operates.
  • The collaboration and productivity systems your employees use day-to-day.
  • The HR and payroll systems that authentic-looking phishing scenarios should mimic.
  • Compliance and regulatory context that may shape suitable training topics.

Because this information is shared across all Auto-Phish and Auto-Train campaigns, you only set it up once and every future campaign benefits from it.

3. The AI Employee Profile

Every employee in your directory has an AI-generated profile that captures the signals relevant to selecting suitable phishing and training, including:

  • Their role, business impact, country, and language.
  • Their human risk score, dark web exposure, and overall risk posture.
  • Their phishing history - which templates they have already received, whether they clicked, were compromised, replied, or reported.
  • Their training history - which modules they have completed, their pass status, best score, and number of attempts.
  • A list of recommended phishing templates and training modules tailored to that individual.

This is what allows the same campaign to deliver different content to different employees, ensuring that high-risk staff receive harder phishing attempts, that new starters get foundational training, and that no one is sent the same phishing email or training module they completed last week.

Note: If the AI Employee Profile or the AI Knowledge Source has not been set up when you enable Auto-Phish or Auto-Train, CanIPhish will automatically configure both as part of campaign creation.

How email and module selection works

Auto-Phish and Auto-Train use a two-stage architecture that balances quality, predictability, and runtime efficiency.

Stage 1 - Campaign-level scoping

When the campaign is saved, an AI scoping job runs once. It combines the campaign-level prompt, the AI Knowledge Source, and a compact catalog of available phishing templates or training modules. The AI then produces a scoped selection policy for the campaign, which includes any payload restrictions implied by the prompt (for example, attachments only or website-based phishing only), the campaign theme, and the list of templates or modules eligible for use during delivery.

The scoped policy is validated and persisted against the campaign so it can be re-used for every recipient and every campaign occurrence without further AI calls.

Stage 2 - Per-employee selection at delivery

At the moment each employee is due to receive their phishing email or training module, CanIPhish performs a deterministic selection using the persisted campaign scope and the recipient's AI Employee Profile. Hard eligibility filters are applied first - payload type, language, subscription entitlement, template availability, and recent delivery history - and the remaining eligible items are scored. The top-ranked items are then randomized to keep selection believable across recurring campaigns.

This approach gives you a single, auditable AI decision per campaign, while still personalizing the final selection for each employee.

Enabling Auto-Phish or Auto-Train

  1. Open the campaign wizard and create a new campaign as you normally would.
  2. On the Phishing Emails step, toggle Auto-Phish on. The campaign-level prompt window will appear.
  3. Either type a free-form prompt or select one of the example prompts, then click Activate Auto-Phish.
  4. On the Training Modules step, toggle Auto-Train on, choose or write a prompt, and click Activate Auto-Train.
  5. Continue through the wizard. The Review step will display your active prompts so you can confirm them before launching the campaign.

You can revisit the prompt at any time before launching by clicking the edit prompt link on the Auto-Phish or Auto-Train overlay, or deactivate either feature to return to manual template selection.

When to use Auto-Phish and Auto-Train

Auto-Phish and Auto-Train are best suited to organizations that want to:

  • Run continuous, recurring phishing or training programs without curating templates each cycle.
  • Personalize content by employee role, risk level, and history rather than sending the same material to everyone.
  • Steer a campaign toward a specific objective - for example, business email compromise, credential harvesting, or compliance-focused training - without manually filtering the catalog.
  • Onboard new employees with foundational phishing and training, while challenging seasoned employees with harder, more contextual material.

If you instead need precise control over the exact templates that will be sent - for example, when reproducing a specific scenario for an audit - leave Auto-Phish and Auto-Train off and select templates manually.

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk