Overview
Permiso, a leader in identity security, partnered with Doppel to modernize their human risk program, expanding beyond email-based simulations to include multi-channel attacks. With Doppel’s Human Risk Management (HRM) solution, Permiso became the first organization in the industry to run a phishing simulation campaign through a Microsoft Teams Meeting, setting a new bar for how security teams measure and reduce human risk across every channel.
“Doppel fundamentally changed how we think about human risk. It’s not just about running better simulations, it’s about testing how attacks actually happen across channels. The Microsoft Teams simulation campaign showed us where our real exposure was, and gave us a way to measure and improve it. That’s the difference between a program that looks good on paper and one that actually reduces risk.” – Jason Martin, Co-CEO & Co-Founder, Permiso
Email-only simulations no longer reflect reality
Social engineering has outgrown the inbox.
Attackers now operate across channels, moving fluidly between email, SMS, voice, and collaboration platforms like Microsoft Teams. In many cases, the initial lure is just the entry point. The real manipulation happens through follow-up messages, real-time conversations, and trust built over multiple touchpoints. More than 40% of attacks now span multiple channels. Traditional security programs that stick to just one channel are missing huge gaps (1).
Despite this shift, most organizations still rely on simulations that test only email. For Permiso, they had strong visibility into how employees responded to phishing emails but a limited understanding of how those same employees would behave in collaboration tools—where communication is faster, more informal, and often implicitly trusted.
“Attackers don’t think in channels. They think in outcomes. If your simulations only cover email, you’re only testing a fraction of your real attack surface,” said Jason Martin, Co-CEO & Co-founder, Permiso. “Collaboration platforms are where work actually happens. That’s exactly why attackers are moving there, and why we need our security team to test there.”
The Permiso team has seen this shift firsthand. After observing nearly 100 real-world phishing attacks targeting their customers via Microsoft Teams meetings in recent months, Martin recognized the need to test their own team’s susceptibility to this rapidly growing attack vector.
Bringing real-world attack scenarios into Microsoft Teams
To close this gap, Permiso partnered with Doppel to design and launch the first-ever simulation campaign conducted within Microsoft Teams meeting. The goal was not to replicate phishing in a new interface, but to recreate the dynamics of a modern attack.
Using the Doppel Simulation platform, the campaign introduced realistic, conversational scenarios that mirrored how attackers actually engage employees. Calendar invites were sent directly in Outlook, inviting users to a Teams Meeting. Then, an AI agent would join the live meeting natively in the Microsoft Teams app (or browser experience), where users are less conditioned to expect threats. From there, employees got to experience dynamic, interactive exchanges rather than one-off prompts. This approach allowed Permiso to test behavior in context: how employees interpret intent, respond under pressure, and navigate ambiguous situations.
Permiso even conducted campaigns in which the AI agent joining a Teams Meeting was adopting the persona and voice clone of Jason Martin himself, the company’s Co-Founder & Co-CEO, to see how employees responded to executive pressure or familiar personas.
“The difference wasn’t just the channel; it was the realism. What Doppel enabled felt like a real conversation, not a test,” Martin said. “In traditional simulations, employees are looking for clues that something is fake. In this case, they were responding the way they would in their day-to-day work. That’s where you start to see how people actually behave, and where the real risk shows up.”
Doppel’s ability to simulate attacks across email, voice, and collaboration tools and chain those interactions together was critical to making the campaign feel authentic. Instead of testing isolated moments, Permiso was able to evaluate how employees respond across the full arc of an attack.
Risk isn’t uniform. It changes with the channel
The Teams Meeting simulation surfaced a key insight: Employee behavior shifts significantly depending on where the interaction takes place.
In collaboration platforms, communication happens fast, and there’s an implicit level of trust that creates a different risk profile. Employees are more likely to engage quickly, ask fewer verification questions, and continue conversations that would raise suspicion in email. Without testing these environments, organizations miss a meaningful portion of their exposure.
This reinforces a broader shift in Human Risk Management. Measuring resilience is no longer about whether someone clicks a link. It’s about how employees interpret and respond to realistic, multi-step interactions across channels. Doppel’s approach reflects this shift by tracking behavior across every interaction and translating it into a clear understanding of where risk actually exists.
From partial visibility to full attack surface coverage
By expanding their program beyond email, Permiso gained a more complete and accurate view of human risk. The Teams Meeting simulation revealed behavioral patterns that would not have surfaced in traditional campaigns and provided real insight into how employees respond in high-trust environments.
The result for Permiso was a program that better aligns with how attacks actually happen: multi-channel, conversational, and dynamic. Instead of optimizing for click rates in a single channel, Permiso can now evaluate and improve resilience across the environments attackers actively exploit.
You can’t defend what you don’t simulate
The modern attack surface is defined by behavior across channels. Attackers already understand this, chaining together email, messaging, and voice to achieve their goals. Organizations that continue to test only one channel are, by definition, under-testing their risk.
“If you’re only simulating one channel, you’re optimizing for the wrong problem,” advises Martin. “Attackers don’t operate in silos; they move across email, messaging, voice, and whatever else gets them to an outcome. What Doppel makes possible is testing that full attack surface in a way that actually reflects how those attacks happen. That’s where real resilience comes from, and that’s the gap most programs still have.”
Permiso’s work with Doppel demonstrates what a modern approach looks like: simulate attacks where they happen, measure how people actually respond, and use those insights to drive meaningful risk reduction. It’s a shift from theoretical preparedness to measurable resilience—and increasingly, it’s the standard security teams will be held to.
About Permiso
Permiso is a leader in identity security, helping organizations detect and respond to threats targeting identities, access, and privileges across cloud environments.