Engage - AI Phishing Template Generator

Updated

This feature is available for Engage Pro.

This article contains information on using the AI Phishing Template Generator to create, customize, and manage AI-driven phishing simulation templates with configurable filters, language support, limits, and safety controls.

Overview

The AI Phishing Template Generator in Engage lets you create realistic, customized phishing simulation emails in under 30 seconds. Instead of building templates from scratch, or relying solely on out-of-the-box options, you can generate targeted simulations tailored to your industry, language, and threat landscape using AI. This eliminates manual template creation, and enables high-variety, role-relevant simulations at scale, keeping your training program fresh and your employees prepared for the threats they are most likely to encounter.
This feature includes:

  • Mandatory filters (attack vector, difficulty, sending email) and optional filters (scenario, industry), with content filtering guardrails to ensure workplace-appropriate output. 
  • Templates that generate with a split preview, that are fully customizable within the template editor, and can be saved to My Templates for immediate campaign use. This allows you to quickly generate phishing templates that are relevant to your environment, allowing a greater variety of templates for use than those that are available "out of the box".
  • The ability to create AI-generated phishing campaign emails in seconds, without the need to create manual templates.
  • Support for 26 languages and 12+ industries for highly targeted simulations. This Includes feedback, and default Landing Pages enabling you to launch realistic, relevant phishing campaigns at scale directly from the template view.

Considerations

  • There is a limit of 20 AI-driven custom phishing simulation templates that can be created per month, per customer Account.
  • The AI Phishing Template Generator only generates templates leveraging click-to-fail phishing and QR codes. You can edit templates to include attachments or credential capture Landing Pages after generation.
  • This feature is not available for Engage Core, or Mimecast Awareness Training customers.

Prerequisites

  • You are an existing or Net New Engage Pro customer.

Creating an AI Phishing Template

You can create a new AI Phishing Template by using the following steps:

  1. Log in to Engage.

  2. Navigate to Phishing Training | Template Library.

    Engage Phishing Training
  3. Click on Generate New Template.

  4. In the AI Phishing Template Generator screen, configure the template:

    • Describe your simulation scenario (optional): Add a description of your simulation scenario. This field will not accept prohibited terms, or sensitive topics.
    • Target: Select the difficulty level (Low / Medium / High).
    • Attack Strategy: Select the Attack Vector (Malicious Link or QR Code).
    • Sender Identity: Enter the From Email.
    • Optional Fields
      • Scenario.
      • Language (26 supported).
      • Industry (12+ options).
    • Click on Generate to generate the template. A side-by-side split preview of the email template is displayed upon generation so you can review the output before Saving. To improve the template, you can:
      • Amend the automatically-generated Title. This must be unique and must not be blank.
      • Click on Generate to regenerate it using the same prompt and filter selections.
      • Provide feedback by clicking on thumbs up / thumbs down.
    • Underneath Generate is a counter so that you can see how many AI Generated Templates you have created out of the allowed total.
    • Click on Customize in Editor to amend the template. In the Engage template editor, make your required changes and click on Save.
    Engage AI Phishing Template Generator
  5. Click on Save.
  6. You will be returned to the Template Library screen, which will display the newly created template under My Templates.

Customizing an AI Phishing Template

You can customize an AI Phishing Template by using the following steps:

  1. Log in to Engage.
  2. Navigate to Phishing Training | Template Library | My Templates.
  3. Click on Edit next to the template to amend it in the Engage template editor, make changes, and click on Save.

Copying an AI Phishing Template

You can copy an AI Phishing Template by using the following steps:

  1. Log in to Engage.
  2. Navigate to Phishing Training | Template Library | My Templates.
  3. Click on Copy next to the template, amend it in the Engage template editor, make changes, and click on Save.

Deleting an AI Phishing Template

You can delete an AI Phishing Template by using the following steps:

  1. Log in to Engage.
  2. Navigate to Phishing Training | Template Library | My Templates.
  3. Click on Delete next to the template then on click on Sure? to complete the action.

Recommendations When Using AI Phishing Templates

Start with Medium Difficulty, Then Progress

Difficulty level controls how many recognizable red flags appear in the generated email. Low difficulty templates include obvious indicators such as misspellings and suspicious sender names. High difficulty templates closely mimic legitimate communications with minimal visible cues.

  • New programs: Start with Medium difficulty to establish a baseline click rate without discouraging employees.
  • Established programs: Progress to High difficulty as detection rates improve. Typical click rates range from roughly 7% on Low to 15% on High.
  • Mixed approach: Run a blend of difficulty levels across campaigns to simulate the real threat landscape.

Target by Department and Industry

Role-relevant simulations generate measurably higher engagement than generic templates. Use the Industry and Scenario filters to match templates to the audiences being tested:

  • Finance/Accounting: Invoice fraud, wire transfer requests, payment confirmation lures.
  • HR: Benefits enrollment, resume submissions, policy update notifications.
  • IT / Engineering: Admin credential resets, system update alerts, MFA verification prompts.
  • Executive / Leadership: Board meeting invitations, confidential document sharing, legal notices.

Include organization-specific details such as internal tool names, project names, or vendor names in your prompt, for added realism.

Use Multi-Language Templates Effectively

  • Ensure post-click Landing Pages and training content match the template language.
  • Have a native speaker review AI-generated templates in non-English languages. Difficulty calibration can shift when red flags are lost in translation.
  • Consider regional communication norms and locally relevant brands when selecting scenarios.

Rotate Templates Frequently

Never send the same template repeatedly. Employees recognize patterns, which produces false confidence in click-rate metrics.

  • Vary across scenario types (invoices, HR updates, IT alerts, delivery notifications) within each campaign cycle.
  • Stagger delivery times across Groups to prevent employees from warning each other.
  • Generate fresh templates at least monthly to avoid repetition.

Review Before Deploying

  • Use the split-view preview panel to check formatting, branding, and content accuracy.
  • Verify that phishing indicators match the selected difficulty level.
  • Confirm the content is appropriate for your organizational culture.
  • Use the thumbs up / thumbs down feedback to improve future generation quality.

Frequently Asked Questions

General

Q: What is the AI Phishing Template Generator?
A: A feature in Engage Pro that lets you use AI to create custom, realistic phishing simulation email templates on demand in under 30 seconds.
Q: Where do AI-generated templates appear once created?
A: In the Phishing Template Library under My Templates, alongside all other customized and saved templates.
Q: Is there a generation limit?
A: Yes. Each customer Account can generate up to 20 AI-driven templates per month. A counter is displayed below the Generate button, so that you can track usage.

Using the AI Phishing Template Generator

Q: What parameters can I configure?
A: Mandatory: Attack Vector (Malicious Link or QR Code), Difficulty Level (Low/Medium/High), and Sending Email.
Optional: Scenario, Language (26 supported), Industry (12+ options). See Configuration Reference for the full list of options.
Q: Can I edit templates after generation?
A: Yes. AI-generated templates are fully editable in the Engage template editor, just like any other template. You can add attachments, credential capture Landing Pages, or modify any content.
Q: What if I don't like the result?
A: Click Generate to regenerate using the same parameters. You can also provide feedback using the thumbs up / thumbs down buttons, to help improve future results.
Q: Can I create attachment-based simulations?
A: The AI Phishing Template Generator produces click-to-fail and QR code templates only. To include attachments, or credential capture Landing Pages, edit the template in the Engage template editor after generation.
Q: Can I use my own sending domains or custom sender email addresses when generating templates?
A: AI-generated templates must use a sending email from the predefined drop-down. However, you can save the generated template to My Templates and then use it in a campaign configured with Direct Message Injection (DMI). DMI campaigns allow you to specify custom sender domains and email addresses, giving you full control over the sender identity at the campaign level.

Data Privacy

Q: Is my organization's data used to train the AI model?
A: No. Customer data, template content, and prompt inputs are not used to train or fine-tune the underlying AI model. Generation inputs are processed in real-time, and are not retained for model training purposes.
Q: How does Mimecast ensure generated content is appropriate?
A: A two-layer safety system is in place. Input validation blocks policy-violating content before it reaches the AI. Output filtering catches inappropriate content after generation. No inappropriate content is ever shown to users.
Q: Will the AI generate content that mimics real phishing attacks?
A: Yes. The model is designed to produce emails that closely resemble actual phishing attacks. This is intentional, because training against realistic threats is more effective than training against obviously fake emails.

Troubleshooting

Q: Template generation is taking longer than expected or failing. What should I do?
A: Generation typically completes in under 30 seconds. If it takes longer or fails, refresh the page and try again. If the issue persists, check your network connection. If the issue continues, contact Mimecast Support.
Q: I've reached the monthly limit. Can I get more templates?
A: The 20 template monthly limit resets at the start of each calendar month. Contact your Customer Support Manager (CSM) to discuss options if you need additional capacity. In the meantime, you can copy and modify existing AI-generated templates without consuming your limit.
Q: My template title shows an error when saving.
A: Template titles must be unique across your Template Library, and cannot be blank. Edit the auto-generated title to something unique, then save again.
Q: The generated template does not match my selected language or industry.
A: Try regenerating with the same parameters. If the mismatch persists, ensure you have selected the correct options from the drop-down menus. Use the Additional Context field to provide more specific guidance. If the issue continues, provide thumbs-down feedback and contact Mimecast Support.

Configuration Reference

Parameter Description
Attack Vector (Mandatory) Select Malicious Link or QR Code. Determines the type of phishing lure embedded in the template.
Difficulty Level (Mandatory) Controls the number of visible red flags in the generated email.
Options: Low, Medium, High.
Low includes obvious indicators such as misspellings and suspicious sender names.
High closely mimics legitimate communications with minimal visible cues.
Sending Email (Mandatory) Select from the predefined drop-down of sending domains. If you use the template in a campaign with Direct Message Injection, you can change the sending email to any custom email / domain you prefer.
Scenario (Optional) Select a predefined scenario category to guide the template theme (e.g., invoice fraud, IT alert, HR update).
Language (Optional) Select the language for the generated template. If not specified, this defaults to English.
26 languages are supported: Arabic, Chinese, Czech, Danish, Dutch, English, Finnish, French, German, Hebrew, Hindi, Indonesian, Italian, Japanese, Korean, Norwegian, Polish, Portuguese, Russian, Spanish, Swedish, Thai, Turkish, Vietnamese, Xhosa, Zulu.
Industry (Optional) Select an industry to generate templates with sector-relevant context and terminology. 12+ industry options available in the drop-down.

See Also...

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.