Although companies mandate their employees to undergo annual cybersecurity training, human error still leads to security breaches. The situation may worsen with the rise of generative AI, which can launch more personalized and sophisticated social engineering attacks.

Anagram, previously known as Cipher, has introduced a novel approach to employee cybersecurity training, aiming to stay ahead of the evolving threat landscape.

This New York-based company has developed a platform offering hands-on security training for enterprises, featuring bite-sized videos and interactive puzzles tailored to teach employees how to identify suspicious emails and communications. These training sessions are designed to be more frequent and engaging than the traditional annual training model.

Harley Sugarman, Anagram’s co-founder and CEO, explained to TechCrunch that the training activities include tasks such as creating personalized phishing emails to educate employees on recognizing complex attacks.

“We drew little inspiration from existing cybersecurity training methods,” Sugarman said. “Instead, we took cues from TikTok, Duolingo, and Khan Academy, which have successfully engaged users and changed behaviors outside the security domain. We applied these lessons to create a more effective security training approach.”

Initially, Sugarman, a former VC at Bloomberg Beta, did not set out to create gamified cybersecurity training. His first idea was to develop a platform to upskill enterprise cybersecurity employees using the “capture the flag” training method.

The company, initially launched as Cipher in 2022, gained traction but soon discovered that chief information security officers (CISOs) were more concerned about the security vulnerabilities posed by non-security employees. CISOs regarded their employees as the weakest link in their cybersecurity chain.

Sugarman recalled the sense of hopelessness in the CISOs’ voices, which surprised him. This prompted Cipher to pivot in January 2024 and focus on addressing this specific issue. The company is now rebranding as Anagram and phasing out its original product.

Since the pivot, Anagram has experienced significant growth, securing clients such as Thomson Reuters, MassMutual, and Disney. The startup recently raised $10 million in a Series A round led by Madrona, with participation from General Catalyst, Bloomberg Beta, and Operator Partners, among others.

The funds will be used to expand the sales team and enhance the product. Sugarman reported that Anagram has reduced company phishing failure rates from 20% to 6% and aims to further minimize this rate.

Sugarman believes Anagram’s launch coincides with a critical juncture in the cybersecurity industry, as generative AI enables more personalized social engineering campaigns, making it increasingly challenging for individuals to distinguish between genuine and malicious communications.

“Traditional email security platforms will struggle to detect AI-generated phishing attacks due to their ability to generate and randomize content,” Sugarman said. “This makes it difficult to defend against such threats from an engineering perspective.”

Anagram is developing an AI agent that will integrate with enterprise email systems to flag potential cybersecurity slip-ups before they occur. The agent will prompt users to confirm actions, such as sending sensitive information over email.

In the meantime, Anagram’s interactive training videos and puzzles aim to make a positive impact on employee cybersecurity awareness.

“Humans are capable of great achievements, such as building skyscrapers and space travel,” Sugarman said. “With the right training, we can learn to avoid clicking on suspicious links in emails and improve our cybersecurity posture.”