Hackers Have Stopped Targeting Systems – They Target People

01 /The Concept

Adaptive only launched its platform in January of this year – yet it has already closed a $43 million first round led by OpenAI and a16z.

That kind of investor attention doesn't happen by accident. Within a few months of launch, the platform had signed up more than 100 enterprise clients, including well-known names like First State Bank, Podium, The Dallas Mavericks, and BMC.

Adaptive has built a platform that helps companies defend against breaches and data leaks – specifically the kind caused by employees themselves, who are manipulated by AI-generated attacks: convincing fake emails, text and voice messages, and even video calls from bots impersonating people the employee knows.

The scale of this threat has grown dramatically. In 2024, the number of attacks involving synthetic personas increased 17x year over year. AI has made social engineering faster, cheaper, and far more convincing.

The platform works on two levels. First, it trains employees through courses explaining how modern attackers operate and how to distinguish fake messages and calls from real ones. The training content updates continuously as the platform detects new attack patterns.

But training alone isn't enough – theoretical knowledge needs to become reflexive behavior. So the second function is regular simulated cyberattacks on selected employee groups, for instance those who recently completed training. The platform ships with ready-made templates that can be customized for a given company's context. With a single click, it can send fake phishing emails, spoofed messages, or impersonation calls to any selected set of employees – all via integrations with standard enterprise systems.

An important additional feature: the platform can tailor attack types to specific employee roles, pulling that categorization automatically from connected HR systems.

In blunt terms, Adaptive has built an AI specifically trained to deceive employees – and it keeps getting better at it, constantly learning which tactics actually work. The goal, of course, is the opposite: the more the platform successfully tricks employees during training, the less likely real attackers are to succeed. Adaptive tracks progress through regular management dashboards showing the declining percentage of employees who fall for simulated attacks.

The underlying logic is simple and it works: keep exposing people to the tricks, then reveal how the tricks work – and over time they stop falling for them.

02 /Why It Matters

Adaptive isn't unique. Intentionally. It was worth covering precisely because the market it operates in is already proven – and big enough that multiple well-funded players can coexist.

Riot ([related review](/review/novaja-fishka-dlja-obrazovatelnyh-platform)) raised $71.8 million for a nearly identical platform, including $30 million this past February.

CultureAI ([covered here](/review/vot-istochnik-90-problem)) raised $23.5 million for the same category, $10 million of which came last summer.

Conceptually, all three platforms are similar. What makes Adaptive stand out – at least visually – is currency. Its homepage leads with AI deepfake avatars and synthetic voice attacks, the newest vectors. Competitors' sites still focus primarily on email phishing, which was the main threat a few years ago.

The same dynamic plays out at the foundational AI model level. OpenAI, Anthropic, Perplexity, DeepSeek, and the rest race to ship new capabilities as fast as possible. But every new capability is also a new attack surface – a new tool for bad actors. That means platforms protecting against social engineering attacks have no choice but to match that pace, shipping defenses against new attack types as fast as the attack types emerge. Adaptive gets this, and is showing it.

As always, the real competitive advantage isn't a unique feature set – it's speed. Or more precisely: the ability to do what everyone else can do, but faster.

03 /Opportunities

ChatGPT's launch dramatically expanded the market for human-layer cybersecurity. Since that launch, phishing attacks have grown by 4,151% – a 41x increase. The reason: generating convincing, highly personalized fake messages became trivially easy.

Against that backdrop, Forrester estimated that in 2024, 90% of all data breaches involved a human element. Modern hackers don't break into systems – they break into people. And AI has become their most powerful tool for doing it.

The cybersecurity market stood at $268 billion in 2024 and is projected to reach $878 billion by 2034. Historically, most of that spending went to technical system defenses. Now companies need to add a second layer: platforms that defend the human element – on top of, not instead of, traditional security tools. That effectively expands the total addressable market substantially.

In a market this size, especially in the newer category of human-layer security, there are almost certainly several future billion-dollar companies waiting to emerge – simply because the market is enormous and the change is critical.

The question isn't whether a billion-dollar startup can be built here. It's whether you're the one who builds it. If you've been looking for a direction to move in, this is one worth moving toward right now.