Train the workday decisions attackers exploit.

Work through a live-looking inbox, inspect a suspicious vendor message, and make the safest next move before money or credentials are lost.

Build safer password habits, spot MFA fatigue, and decide how to recover when a login pattern looks wrong.

Decide what belongs in an AI prompt, what must stay out, and how to use AI without leaking sensitive business context.

Practice resisting urgent requests that sound real, look real, and still need independent verification.

Practice safer decisions around text-message lures, QR codes, and work performed from cafés, airports, and event spaces.

Understand why browser plug-ins, AI assistants, and unsanctioned SaaS tools can quietly gain access to more company data than expected.

Practice spotting internal-style message fraud, fake help requests, and the “quick favour” tone that thrives in chat tools.

Know what to report, what evidence helps, and how to respond without making the situation worse.

Practice resisting fake meeting invites that weaponize calendar trust, browser logins, and executive timing pressure.

Spot malicious shared-document flows, fake file portals, and connected-app consent traps before access tokens are handed away.

Practice handling over-helpful AI assistants, broad data-access requests, and collaboration shortcuts that can expose more than employees realize.

Control agentic AI workflows before an assistant sends email, changes records, or takes action with the wrong context.

Catch unsupported AI claims, fabricated citations, and overconfident summaries before they influence real decisions.

Evaluate browser extensions before they read every page, capture tokens, or quietly exfiltrate sensitive work data.

Practice the first hour of a ransomware suspicion: isolate, preserve evidence, report fast, and avoid making recovery harder.

Use AI to turn CVE, KEV, IOC, vendor, ATT&CK, and report feeds into ranked, decision-ready security intelligence.

Design cyber defence agents with scoped authority, guardrails, auditability, approvals, and rollback for production SOC use.

Test AI-enabled security systems for prompt injection, poisoning, evasion, extraction, unsafe tool use, and output manipulation.

Connect LLMs into SOAR workflows for enrichment, classification, recommendations, approvals, and reversible response actions.

Build AI cyber governance with risk registers, system inventories, accountability matrices, review boards, and approval workflows.

Use AI to support incident triage, clustering, timeline reconstruction, evidence review, response rationale, and reporting.

Preserve model, prompt, tool-call, decision, signer, timestamp, retention, and residency artefacts for forensic reconstruction.