Nearly 96% of organizations now require security awareness training. Yet roughly 90% of data breaches still involve the human element. That paradox is not a sign that training works, it is a sign that the training itself has become decorative. Frame Security, which launched publicly today with $50 million in funding, exists because legacy platforms like KnowBe4 and Proofpoint were designed for a world where social engineering was effortful and rare, not scalable and AI-driven.

The company was founded by Tal Shlomo and Sharon Shmueli, both alumni of Israel's Unit 8200 signals intelligence unit. Shlomo was one of Wiz's first employees and watched it grow to a $32 billion Google acquisition. Shmueli was the first employee at Bionic, which CrowdStrike acquired. The funding round was led by Index Ventures, Team8, and Picture Capital, with participation from Wiz CEO Assaf Rappaport, Elad Gil (who initially joined as an angel and has since increased his stake through Gil Capital), plus Cerca Partners and Tesonet. The Wiz network effect is worth noticing: Shlomo is a Wiz alum, Rappaport is a co-investor, and Shmueli's former employer Team8 is a lead backer. This is the Israeli cybersecurity mafia starting to show up in the next generation of startups.

Frame's pitch is straightforward and sharp: instead of periodic, generic training that treats every company as interchangeable, use AI to generate hyper-personalized attack simulations that match each organization's actual threat profile and update in real time as new attack methods emerge. The platform continuously analyzes employee behavior and organizational patterns to deliver relevant guidance and simulations on demand. When a new type of attack emerges, security teams can create and deploy relevant training within minutes rather than waiting for the platform vendor to ship an update. Early customers already include Louis Dreyfus Company, AlphaSense, and Rockefeller Capital Management, a mix that spans commodities, fintech, and wealth management, suggesting the pitch translates across sectors.

The timing is not accidental. Generative AI has made social engineering dramatically easier to scale and harder to detect. According to Gartner, 43% of cybersecurity leaders reported experiencing at least one deepfake audio call incident in 2025, while 37% encountered deepfake video calls. KnowBe4, which has been the dominant platform in this category for over a decade, launched its first deepfake training module only in December 2025, and it was educational-only, not simulation-based. Template-based vishing simulations (like KnowBe4's scripted outbound calls) do not respond adaptively to what an employee actually says; they play back a predetermined path. For organizations whose threat model includes sophisticated social engineering, that gap is material. Frame's founders worked inside the actual security operations of companies like Wiz and saw firsthand how limited the existing tools were. The global security awareness training market is projected to reach $13 billion by 2027, yet the tools that power it were architected for a different threat landscape.

Here is what Frame's launch actually says: the category is ripe for disruption, and the disruption will come from companies that treat human risk as a behavioral, continuously-learning problem rather than a compliance checkbox. KnowBe4 remains entrenched through sheer scale and customer lock-in, moving away from an established platform is operationally painful. But incumbency is not the same as defensibility when the threat model has fundamentally changed. Shlomo's line from the announcement is direct: 'In my experience working with leading security teams in Fortune 500 organizations at Wiz, even the most advanced cybersecurity systems couldn't eliminate the risk introduced by human behavior.' That is the insight that Frame was built to address. The category's size and the fact that legacy players have not solved the actual problem means there is room for a well-capitalized, technically credible competitor to capture meaningful share.

Watch three things: whether Frame can retain and expand its current customer base (Louis Dreyfus, AlphaSense, Rockefeller are named, but are there others? The brief says 'dozens', the next disclosure should be more precise). Whether KnowBe4 responds to the deepfake gap more aggressively than it did in December 2025, or whether it doubles down on its incumbent moat. And whether the security awareness training category sees consolidation, if a larger cybersecurity platform acquires Frame within two years, it signals that the category's winners will be those with distribution into existing security stacks, not pure-play specialists. The $13 billion market projection and the 96%/90% paradox suggest there is room for both outcomes.