CanIPhish AI features are designed to reduce manual effort, but the quality of the result still depends on the guidance you provide.

Use clear instructions, relevant context, and a defined objective to help the AI understand what you want to create, test, or teach.

1. AI Email Generator
2. AI Website Generator
3. Auto-Phish
4. Auto-Training

AI Email Generator

The AI Email Generator helps you quickly create simulated phishing emails from a written prompt. 

Even a basic prompt can produce a high-quality email. However, the more direction you provide, the more control you have over how the email looks, feels, and reads. If you do not specify the tone, layout, colors, or styling, the AI will make those choices for you. You can always fine-tune the result in the editor.

Using images and logos

You can use visual inputs to guide the generated email.

Reference Image

Upload a reference image when you want the email to follow a particular layout, structure, or visual style. This is useful when you have a screenshot or snippet of an email that shows the kind of formatting you want.

For example, you might upload a screenshot of a Microsoft 365 notification, HR announcement, payroll reminder, SharePoint document notification, vendor invoice, benefits enrollment email, DocuSign request, or internal IT alert.

Use your prompt to explain how the reference image should be used. For example:

Use the uploaded reference image for layout inspiration. Keep the same general structure, spacing, and notification style, but generate new wording for a password reset scenario.

Company Logo

Upload a company logo when you want the email to feel internally branded. This works well for scenarios that appear to come from HR, IT, finance, payroll, benefits, compliance, operations, or facilities.

If you want the logo used in a specific way, say so. For example, ask for the logo to appear in the header, above the main message, or inside a branded banner.

Styling and layout guidance

The AI will make styling choices unless you give it direction. Use the prompt to control the look and feel of the email.

You can specify:

• Layout, such as plain-text, notification-style, card-based, or internal bulletin
• Logo placement, such as header, banner, or footer
• Colors, such as a navy header, light gray content box, or blue call-to-action button
• Tone, such as routine, professional, subtle, urgent, formal, or friendly
• Visual style, such as modern SaaS, corporate HR, executive assistant, or Microsoft 365-style notification
• Structure, such as a short intro, information box, action button, and footer

This is useful when you need speed, but still want the result to feel bespoke. Instead of manually designing each email, you can describe the style you want and let AI create a tailored version.

Prompting tips

Prompt for the outcome

Instead of:

Create an HR phishing email.

Write:

Create an internal HR email asking employees to review the updated open enrollment guide before the end of the week. Use a professional tone, include the company logo in the header, and add one button to open the benefits document.

Use styling to create variety

If your users have seen similar templates before, change the presentation style.

For example:

Use a simple internal bulletin style with a branded header, short body copy, and a highlighted action box.

or:

Use a plain-text executive assistant style with no images, no button, and a short request that feels like a normal business email.

Be specific when you care about the design

If color, spacing, layout, or logo placement matters, include it in the prompt.

For example:

Use a white background, a navy header, a light gray content box, and a blue call-to-action button.

If you do not include this level of direction, the AI will still generate an email, but it will decide the visual style itself.

AI Website Generator

The AI Website Generator helps customers create simulated phishing websites from written instructions. Instead of manually writing HTML, you describe the website you want and CanIPhish generates the page for you.

Even a basic prompt can produce a complete, high-quality landing page. However, the more direction you provide, the more control you have over the page structure, branding, wording and layout. If you do not specify these details, the AI will make those choices for you. You can review and adjust the generated website before saving it as a phishing website template.

Generated websites automatically include the required sign-in tracking logic, and the AI will take liberties with injecting variables to add realism where it sees fit.

Using Clone URL, images, and logos

You can use supporting inputs to guide the generated website. This is the fastest way to bring your ideas to life.

Clone URL

Use Clone URL when you want the generated website to follow the general style, structure, or content of an existing webpage. This is useful when you want the page to feel familiar to users, such as a sign-in page, file sharing page, account alert, or document review portal.

Use your prompt to explain what the AI should take from the URL. For example:

Use the Clone URL for layout and styling inspiration, but generate a new simulated document access page that asks the user to sign in before viewing the file.

Reference Image

Upload a reference image when you want the website to follow a particular layout, screen design, or visual style. This is useful if you have a screenshot of a login page, portal, notification screen, or branded landing page.

Use your prompt to explain how the reference image should be used. For example:

Use the uploaded reference image for visual guidance. Keep the same general layout, spacing, and form placement, but create new wording for a payroll document review page.

Company Logo

Upload a company logo when you want the page to feel internally branded. This works well for websites that appear to be HR portals, payroll pages, IT support pages, benefits portals, compliance forms, vendors, or internal document access pages.

If you want the logo used in a specific way, say so. For example, ask for the logo to appear in the header, above the sign-in form, or inside a branded portal card.

Styling and layout guidance

The AI will make styling and layout choices unless you give it direction. 

You can specify:

• Page type, such as login page, document access page, password reset page, form page, or secure portal
• Layout, such as centered sign-in card, split-screen design, full-page portal, or notification-style page
• Logo placement, such as header, sign-in card, top-left corner, or footer
• Colors, such as a navy header, white background, light gray form card, or blue action button
• Tone, such as routine, professional, urgent, friendly, formal, or security-focused
• Visual style, such as Microsoft 365-style, HR portal, payroll portal, SaaS login, or internal helpdesk page
• User journey, such as reviewing a notice, opening a file, resetting a password, or signing in to continue

This is useful when you need speed, but still want the page to feel realistic and bespoke. Instead of manually designing a website, you can describe the experience you want the user to see. You can easily adjust the content in the editor.

Prompting tips

Prompt for the user journey

Instead of:

Create a fake login page.

Write:

Create a secure document access page that tells employees they must sign in to view an updated benefits document. Use a clean HR portal style, include the company logo above the sign-in form, and add a short explanation above the button.

Use structure to create realism

A realistic phishing website is not just a form. Add context around the action so the page feels believable.

For example:

Include a short page heading, a brief explanation of why the document is protected, a centered sign-in card, and a footer with standard support links.

or:

Use a split-screen layout with a branded message on the left and a sign-in form on the right.

Be specific when you care about the design

If colors, spacing, form placement, logo placement, or page layout matters, include it in the prompt.

For example:

Use a white background, a navy header, a centered light gray sign-in card, and a blue continue button.

If you do not include this level of direction, the AI will still generate a website, but it will decide the visual style itself.

Use Clone URL for style, not just topic

When using Clone URL, explain what you want copied and what should change.

For example:

Use the Clone URL for general layout, spacing, and visual style. Do not copy the exact wording. Create new content for a simulated account re-authentication scenario.

Use branding

If the page is meant to look internal, or mimic a brand say how the logo and branding should be used.

For example:

Create an internal payroll portal page with the company logo in the header, a short payroll notice, use a deep orange theme, and a sign-in form inside a branded card.

Auto-Phish

Auto-Phish uses AI to automatically select phishing email templates for campaign recipients. Instead of manually choosing every phishing email, you describe the campaign objective, and CanIPhish selects suitable templates based on the campaign prompt, your organization profile, and each employee’s profile.

What to include in your prompt

Your Auto-Phish prompt can be up to 500 characters. It should describe the campaign objective, not a single exact email.

A strong prompt should include:

• The phishing theme or technique you want to test
• The difficulty level
• The audience or employee group
• Broadly, the type of content you want included or excluded

Example prompts and why they work

Contextually relevant phishing

Do not restrict the payload type or style of phishing email. Select whichever phishing email is most contextually appropriate for each individual employee based on their profile, role, and organizational context.

Higher difficulty campaign

Send the most difficult and contextually appropriate phishing email to each individual employee. Prioritize emails with the highest difficulty rating that remain believable based on the employee's profile, role, and organizational context.

These prompts work because they guide the AI at the campaign level without over-restricting the final selection.

For Auto-Phish, you are not asking the AI to write one specific email. You are asking it to choose the most appropriate email for each employee. A strong prompt should explain the campaign goal, the level of difficulty, and any selection rules the AI should follow.

The first prompt gives the AI freedom to choose the best available phishing email for each employee. This is useful when personalization matters more than controlling the exact payload type.

The second prompt adds a clear difficulty requirement while still keeping the selection context-aware. It tells the AI to prioritize harder emails, but only when they remain believable for the employee receiving them.

Auto-Train

Auto-Train uses AI to automatically select training modules for campaign recipients. Instead of manually choosing modules, you describe the training objective, and CanIPhish selects suitable modules based on the campaign prompt, your organization profile, and each employee’s profile.

What to include in your prompt

Your Auto-Train prompt should describe the learning objective.

A strong prompt could include:

• The overarching topics you want employees trained on
• The audience or risk group
• The level of difficulty
• Any business or compliance context
• Whether the content should be foundational, role-specific, or remedial

Example prompts and why they work

Most contextually appropriate

Select whichever training modules are most contextually appropriate for each individual employee based on their role, prior training history, demonstrated skill level, and any recent phishing interactions.

Social engineering focus

Focus this campaign on social engineering and impersonation. Select training modules covering pretexting, business email compromise, vendor impersonation, and voice/SMS phishing tactics.

These prompts work because they describe the training objective without forcing every employee into the same learning path.

The first prompt is broad enough to support personalization. It tells the AI to consider each employee’s role, prior training history, demonstrated skill level, and recent phishing interactions. This is useful when you want Auto-Train to choose the most relevant module for each person rather than assigning the same module across the entire campaign.

The second prompt is more targeted. It gives the campaign a clear theme, social engineering and impersonation, then lists the specific topics that should be covered. This helps the AI narrow the selection while still allowing it to choose the best module for each employee.

Prompting tips

Prompt for the learning outcome

Do not just name a topic. Explain what you want employees to learn or improve.

Instead of:

Select phishing training.

Write:

Select training that helps employees identify and report social engineering attempts, including impersonation, suspicious requests, and unusual communication patterns.

Include employee context when personalization matters

If you want Auto-Train to personalize the selection, mention the factors it should consider.

For example:

Select training based on each employee’s role, prior training history, demonstrated skill level, and recent phishing interactions.

Narrow the topic when needed

If the campaign should focus on a particular theme, state that clearly.

For example:

Focus this campaign on password security and account protection. Select modules covering password hygiene, MFA, credential theft, and secure account recovery.

Use recent behavior to guide remedial training

If the campaign is responding to recent phishing results, include the behavior you want the training to address.

For example:

Select training for employees who recently clicked a phishing link or submitted credentials. Focus on recognizing suspicious login pages and reporting suspicious emails.

Keep prompts broad enough for module selection

Auto-Train works best when you describe the objective and let the AI select the most suitable module. If your prompt is too narrow, there may be fewer suitable modules available for each employee.

Include or exclude specific content when needed

If the campaign should include or avoid certain topics, regions, formats, or compliance themes, say so directly.

For example:

Select training focused on privacy and data protection, but exclude any modules that are not geographically relevant to U.S. employees.

or:

Select training on social engineering, but exclude modules focused on physical security or remote work.