AI-powered program to train employees : against social engineering attacks

Abstract

This work introduces a locally hosted AI-powered simulator that uses interactive, adaptive training to improve social engineering awareness. The system generates a range of phishing scenarios that mimic real-world red flags and urgency cues by utilizing Hugging Face's distilgpt2 model. Students interact via a PyQt5 interface and select from reaction options, including calling IT and clicking a link or reporting the message again. After that, they get prompt, situation-specific feedback. A CEFR-based classifier (hafidev/bert-base-uncased-cefr-text-classification-beta-v1), which enables dynamic adaptation to various skill levels, assesses the linguistic difficulty of each scenario. All interactions, including scenarios, responses, remarks, ratings, and CEFR labels, are documented in a local JSON file to preserve privacy. By combining performance data into bar and pie charts, Matplotlib visualizations highlight patterns in language difficulty and accuracy. 20 participants in a pilot study showed a 40% increase in accurate answers over sessions and excellent user satisfaction with the feedback and realism of the system. These results highlight how the simulator can strengthen defenses against new, AI-powered social engineering attacks