Security awareness training is one of the most universally deployed and least trusted programs in enterprise security. 96% of organizations run some version of it. 90% of breaches still involve the human element. That gap has persisted for over a decade, and the industry has largely made peace with it.
The conventional explanation is that people are unpredictable. You can build the best technology stack in the world, and one employee clicking the wrong link undoes it. The human variable is the one you cannot control.
That explanation is comfortable. It is also wrong.
The real problem is not that employees are inherently unpredictable. It is that we have spent twenty years trying to make them less risky rather than genuinely preparing them. Quarterly phishing simulations they see coming. Generic training modules delivered after incidents, not before them. One-size-fits-all content that bears no resemblance to how any individual employee works or how attackers actually target their role.
Frame Security is building something different. A new category called Human Risk Security, built on the conviction that employees can be the strongest layer of defense in any organization -- if you actually give them the right preparation at the right time.
The Training Model Is Broken
The numbers tell a clear story. The security awareness market is on track to reach $13 billion by 2027. Adoption is nearly universal. And yet the human element remains a factor in roughly 90% of breaches.
The problem is not effort or investment. The problem is the model.
Traditional security awareness was designed for a threat environment that no longer exists. It assumes attacks are discrete and recognizable events. It trains employees on categories. It delivers that training on a fixed schedule, in a format that bears little resemblance to how employees are actually targeted today.
Generative AI has made social engineering dramatically more convincing and dramatically easier to scale. According to Gartner, 43% of cybersecurity leaders reported a deepfake audio call incident in 2025. 37% encountered a deepfake video. These are not edge cases. They are part of the standard attack surface. Meanwhile, employees make hundreds of security-relevant decisions every day, and most of the training they receive was designed to help them recognize threats that were already obvious.
The threat has evolved. The training has not.
From Awareness to Readiness
The shift Frame is driving is a reframe of what the goal actually is.
Security awareness means knowing that something is dangerous. That is a low bar, and the industry has spent twenty years trying to clear it.
Security readiness means being prepared to respond correctly when an attack lands -- in real time, in your workflow, in the specific context of your role and your organization. That is a meaningfully higher standard, and it is what Frame is built to deliver.
The distinction matters because awareness and readiness require different things. Awareness training can be generic. Readiness training cannot. Awareness can be delivered on a schedule. Readiness requires continuous reinforcement that reflects the actual threat landscape as it evolves.
Frame builds readiness.
Frame's approach: building organizational readiness at scale
Frame embeds into how organizations operate rather than sitting alongside them. The platform continuously analyzes employee behavior and organizational patterns to build a picture of each person's actual risk profile: what decisions they make regularly, which attack types are most relevant to their function, where the gaps are between current behavior and what good looks like.
From that analysis, Frame generates:
- Realistic attack simulations tailored to the role and threat environment of each employee
- Hyper-personalized training content that reflects what that person actually needs to learn
- Real-time guidance and feedback delivered at the moment it is most relevant
When new attack types emerge, security teams can design and deploy relevant training in minutes. The system does not reset every quarter. It evolves as the organization evolves and as individual employees develop -- compounding its value over time.
The result is a security program that actually reflects the threat environment employees face today. Frame is already deployed across tens of enterprise organizations, including Louis Dreyfus Company, AlphaSense, and Rockefeller Capital Management.
Why now: AI has changed the attack surface permanently
For years, the argument for better security awareness training was intuitive but not urgent. Attacks were sophisticated, but most employees could still recognize them with reasonable preparation. The gap between awareness and readiness was costly but manageable.
Generative AI has closed that gap on the attacker side. Social engineering attacks are now personalized, contextually aware, and deployable at scale. A deepfake video of a colleague asking for credentials is not something most employees have been prepared for. An AI-generated voicemail from someone who sounds exactly like the CFO is a different class of threat than a phishing email with a misspelled domain.
The defense has to match. And the defense at the human layer requires exactly what Frame is building: a system that generates realistic simulations of the actual threats employees face, updates as those threats evolve, and builds the kind of readiness that holds under pressure.
The Team
Frame was built by Tal Shlomo and Sharon Shmueli, both alumni of Unit 8200, and two people who have seen this problem from angles most teams have not.
Tal was one of Wiz's first employees, at the company during its early growth phase before it became the most successful cybersecurity startup in history and was acquired by Google for $32 billion. Wiz built some of the most sophisticated cloud security infrastructure in existence -- and in that environment, Tal saw directly what even the best technology could not prevent: attacks that succeeded through people.
Sharon served as our CTO at Team8, sitting at the center of how we built, evaluated, and scaled hundreds of security companies. Watching him navigate more security categories being defined and contested than most practitioners see in an entire career is exactly why we had such strong conviction to back him when he set out to build Frame.
What we saw in Tal and Sharon is a team that has lived this problem from both ends: inside the company that built the best available defenses, and inside the firm that spends its time asking what those defenses still cannot do. That combination is rare, and it shows in how clearly they understand where the market has been going wrong and what a genuinely better answer requires.
Looking ahead
With $50 million in funding led by Index Ventures, Team8, and Picture Capital, and additional backing from Assaf Rappaport and Elad Gil, Frame is well positioned to define what Human Risk Security looks like in practice.
The funding will be used to expand Frame's engineering, AI research, and go-to-market teams, and to accelerate deployment across enterprises in the United States and globally.
The security industry has spent the last decade building better tools for every layer of the stack: network, endpoint, cloud, identity. The human layer has largely been left with programs designed for a different era. Frame is changing that.
Organizations that solve the human layer problem will not just reduce breach risk. They will build something harder to replicate than any technology stack: a workforce that is genuinely prepared for the threats it actually faces.
We are proud to back Tal and Sharon as they build it.
Co-Founder & Managing Partner
Liran Grinberg is the Co-founder and Managing Partner of Team8, where he invests in Cyber and Software Infra companies.
