The Silent Threat: Reimagining User Security in the Age of AI
Cybersecurity professionals have long battled an invisible enemy: human vulnerability. Traditional security awareness training has become a predictable dance of mandatory clicks, passive learning, and minimal retention. But what if there was a revolutionary approach that could transform how organizations protect their most unpredictable asset – their people?
Enter Dune Security, a startup challenging the fundamental paradigms of cybersecurity training.
David de la Pell, co-founder and CEO of Dune Security, understands the core problem intimately. “90% of breaches are still originating with some sort of user behavior, insider threat, social engineering, business email compromise,” he explains. This stark statistic isn’t just a number – it’s a clarion call for a radically different approach.
The Changing Threat Landscape
Generative AI has dramatically accelerated the sophistication of cyber attacks. Threat actors can now create hyper-realistic deep fakes, generate convincing phishing emails, and launch multi-channel attacks with unprecedented precision.
De la Pell highlights the emerging risks: “We’re seeing a three times higher success rate for AI-generated spear phishing and multi-channel attacks across email, text message, and even encrypted channels like Signal and Telegram.”
Traditional Security Training: A Broken Model
Most organizations rely on standardized, one-size-fits-all security awareness programs. Employees grudgingly click through generic modules, often at double-speed, retaining little meaningful information.
“Legacy security awareness training is dead,” de la Pell asserts. The current model creates an adversarial relationship between security teams and employees, wasting time for low-risk staff while failing to adequately protect high-risk personnel.
A Personalized Risk Approach
Dune Security’s innovative platform functions like a “credit score for user risk” – dynamically assessing each employee’s potential vulnerability based on their role, access levels, and behavioral patterns.
The platform’s key innovation is user-adaptive testing and training. High-risk employees receive targeted, role-specific simulations, while low-risk employees experience minimal friction. The goal isn’t just awareness – it’s organic risk reduction.
Real-World Simulation: Beyond Traditional Boundaries
The company’s red teaming solution now extends to encrypted channels like Telegram and WhatsApp, recognizing that modern attackers constantly seek new infiltration methods.
“Sometimes it doesn’t matter how tall the castle walls are when attackers are constantly finding new ways around,” de la Pell explains. This philosophy drives Dune’s continuous threat modeling.
Technological Innovation Meets Human Behavior
By leveraging advanced AI models, Dune can create hyper-realistic deep fakes of executives, simulate sophisticated phishing attempts, and provide nuanced, personalized training experiences.
Their platform integrates data from multiple sources – EDR systems, identity platforms, email logs, and HR databases – to create a comprehensive risk profile for each user.
The Future of Cybersecurity Training
For CISOs drowning in compliance requirements and struggling with engagement, Dune offers a compelling alternative. The platform promises to:
- Reduce overall training time
- Focus resources on high-risk users
- Improve employee perception of security teams
- Provide granular, actionable risk insights
A Call to Action for Security Leaders
If you’re ready to move beyond checkbox compliance and create a genuinely adaptive security culture, it’s time to rethink user risk management.
Dune Security invites forward-thinking CISOs to explore a new paradigm – where security training becomes a dynamic, personalized experience that genuinely protects your organization.
Learn more at https://www.dune.security/
Author’s Note: This exclusive interview was conducted live at the 2025 Black Hat Conference in Las Vegas, offering an unprecedented look into the future of cybersecurity user training.
About the Author
Pete Green is the CISO / CTO of Anvil Works, a ProCloud SaaS company. With over 25 years of experience in information technology and cybersecurity, Pete is a seasoned and accomplished security practitioner.
Throughout his career, he has held a wide range of technical and leadership roles, including LAN/WLAN Engineer, Threat Analyst, Security Project Manager, Security Architect, Cloud Security Architect, Principal Security Consultant, Director of IT, CTO, CEO, Virtual CISO, and CISO.
Pete has supported clients across numerous industries, including federal, state, and local government, as well as financial services, healthcare, food services, manufacturing, technology, transportation, and hospitality.
He holds a Master of Computer Information Systems in Information Security from Boston University, which is recognized as a National Center of Academic Excellence in Information Assurance / Cyber Defense (CAE IA/CD) by the NSA and DHS. He also holds a Master of Business Administration in Informatics.
Source link
