Founder’s Note: Why We Built Doppel Simulation

Kevin and I started Doppel in early 2022 with a simple question: When AI can imitate anyone, who do you trust? With ChatGPT’s release, persuasion became cheap, fast, and scalable. We quickly built conviction that AI-driven social engineering would become one of the internet’s greatest threats and set out to build the social engineering defense platform.

Yesterday, we launched Doppel Simulation, a multi-channel simulation product informed by real-world threats and utilizing autonomous AI phishing agents. Why social engineering simulation, and why now?

We kept hearing the same thing from customers. They had phishing tests that satisfied a compliance checkbox, but failed to truly battle-test human workflows. Legacy tools were email-only with static templates, so they failed to exercise vendor-change callbacks, helpdesk handoffs, or MFA resets. They also weren’t measuring impact, focusing on click rates instead of policy validation and potential losses. Effectively, the gap between the reality of the attacks our customers see every day and their security awareness training was growing, and quickly.

To solve this, we built a simulation product that feels real, informed by current attacker behavior. Our first product line, Brand & Executive Protection, removes impersonation (deepfakes, cloned sites, and helpdesk scams) and gives us a clear view of how modern lures work in practice. We maintain a living Threat Graph, a map of active domains, phone numbers, and social media accounts used to deliver attacks. For Simulation, we flipped the model: instead of using AI to detect impersonation, we use it to generate high-fidelity, safe campaigns. The goal is to help customers expose and promptly remediate risks.

These simulations are multi-channel (email, SMS, voice, WhatsApp), persona-targeted, and modeled on actual attacks. We present users with auto-generated scenarios designed to expose vulnerability to money movement, identity resets, helpdesk handoffs, and more. But we also allow them to describe their own scenarios in natural language, using AI agents to spin up campaigns in real-time – an experience we like to call “Cursor for Phishing Simulation”.

The Doppel team is extremely grateful to our customers for helping shape this product and bringing it to life. When it comes to social engineering defense, Doppel isn’t just part of your blue team, it’s now part of your red team too. From removing live impersonations to staging safe, realistic simulations, the result is stronger controls and faster responses when it counts. That’s how we move from awareness to readiness. I look forward to hearing what you think!

‍