I used to think I’d never fall for a phishing scam. Now I’m not so sure.
A few weeks ago, a colleague of mine received a text from our editor, or so they thought. It turned out to be completely fake. Scams like this, apparently, are becoming the new normal.
That’s the bet behind Frame Security, a New York and Tel Aviv-based cybersecurity startup. The company launched publicly Monday with $50 million in funding, led by Index Ventures, Team8, and Picture Capital, Fortune learned exclusively. Wiz CEO Assaf Rappaport and Elad Gil also participated.
Frame is trying to make “security awareness training” sound less like a mandatory HR video, and more like a real cybersecurity category that the company calls “human risk security.” Translation: Employees are still the easiest way into a company, and AI has made tricking them cheaper, faster—and much more convincing.
“The world of poorly written phishing emails is pretty much gone,” CEO Tal Shlomo told Fortune. “Attackers and adversaries now know your company very well and in detail.”
Frame’s platform lets companies create AI-generated simulations and training based on how employees actually work. That can mean, Shlomo said, a voice-cloned call coming from the CEO, a video, or an attack mentioning open positions, or something recently event-related at the company. These simulated attacks are meant to be equally as convincing as the real ones.
Shlomo and his cofounder and CTO, Sharon Shmueli, have a familiar Israeli cyber pedigree (they served together in the Israeli intelligence collection unit, Unit 8200, in the IDF), but with particularly good timing. Shlomo was one of Wiz’s earliest employees, joining at 21. Shmueli—previously CTO at Team8’s venture platform at 25—was the first employee at Bionic, which CrowdStrike acquired. The two met more than a decade ago. “We think as one and operate as two,” Shlomo said.
Frame’s pitch is resonating, Shlomo says, because companies are tired of generic training. “It treats every company as every other company, where in reality, they’re vastly different,” he told Fortune.
While nearly 96% of organizations provide some form of security awareness training, around 90% of data breaches still involve the human element. The growing risk is contributing to Frame’s market—the global security awareness training market—which is projected to exceed $10 billion by 2027.
The company already has between 20 to 30 customers, mostly large U.S. enterprises, including AlphaSense and Louis Dreyfus Company. Shlomo said customers are signing three-year contracts, with deals ranging from mid-five figures to mid-six figures. He declined to disclose revenue or valuation.
Investors are betting this is more than phishing drills with an AI gloss. “Fifty million in anyone’s world is a gigantic sum of capital,” Shardul Shah, partner at Index Ventures, told Fortune. But, he said, “when you’re going after something big, you want to raise a big amount of money.”
Shah is also clear about the risk: “If the only budget and solution we provide is in replacement of existing security awareness training, it’s more of a tool than a platform,” he said.
His bull case is that humans are not exiting the security equation anytime soon. Shah added, “I also think humans are imperfect, and we make mistakes.”
In other words: The next big cyber category may be your gullible coworker.
See you tomorrow,
Lily Mae Lazarus
X: @LilyMaeLazarus
Email: lily.lazarus@fortune.com
Submit a deal for the Term Sheet newsletter here.
Joey Abrams curated the deals section of today’s newsletter. Subscribe here.
This story was originally featured on Fortune.com