Phishing simulation + AI email detection.
Built for Italian enterprise security teams.

// Simulation Engine Specs
campaign_types: ["email", "sms", "landing_page"]
template_library: 200+ industry-specific templates
personalization: dynamic per-user (name, role, department)
tracking: ["open", "click", "credential_submit", "report"]
scheduling: cron-based with randomized delivery windows
difficulty_levels: 5 (auto-adjusting per user history)
landing_pages: pixel-perfect clones with credential capture
training_trigger: instant on-click, contextual micro-learning

// AI Scanner Performance
avg_latency: <800ms per email
false_positive_rate: <0.3%
detection_rate: 99.2% (phishing), 97.8% (BEC)
analysis_layers: [
  "header_analysis",    // SPF, DKIM, DMARC validation
  "url_inspection",    // real-time URL detonation
  "content_nlp",      // urgency/social engineering detection
  "sender_reputation", // domain age, history, lookalike check
  "attachment_sandbox",// static + dynamic analysis
  "visual_similarity", // brand impersonation via CV
]
model: fine-tuned transformer, retrained weekly
data_residency: EU-only (Frankfurt, DE)

// Feedback Loop Flow

1. DETECT → Scanner blocks real phishing email
2. ANALYZE → Extract attack patterns (techniques, lures, timing)
3. GENERATE → Auto-create simulation template from real attack
4. SIMULATE → Deploy to users who match target profile
5. TRAIN → Deliver contextual training on click
6. MEASURE → Track improvement, update user risk score
7. REFINE → User report data improves detection model

// Result: avg. click rate drops from 32% to 4.7% in 6 months

backend: Python 3.12 / FastAPI
ml_pipeline: PyTorch, Hugging Face Transformers
queue: Redis + Celery (async email processing)
database: PostgreSQL 16 + TimescaleDB
search: Elasticsearch (threat intel indexing)
infrastructure: Kubernetes on Hetzner Cloud (EU)
monitoring: Prometheus + Grafana
ci_cd: GitHub Actions, ArgoCD
encryption: AES-256 at rest, TLS 1.3 in transit