Security Awareness Training is Broken

Expose, Score, & Reduce User Risk

Dune Security continuously scores user risk using business impact, agentic attack simulations, training activity, and integrated risk signals, then automatically reduces that risk through microtraining, dynamic controls and targeted intervention.

Book a Demo

Risk Score

Risk Score Factors

Trusted by Fortune 1,000 Companies

Risk Inputs

Expose User Risk
Using Real-World Signals

Correlates business impact, multi-channel social engineering behavior, integrated security signals, and training activity to surface the users who pose the greatest risk.

Business Impact

Evaluates each user’s role, seniority, and function to calculate potential breach impact. The business impact score ensures remediation is prioritized based on the relative risk each user poses to the organization.

Business Impact

Agentic Attack Simulations

Simulates real-world social engineering across spear phishing, SMS smishing, voice vishing, and encrypted channels. Includes point-in-time attacks that test link clicks and credential entry, as well as conversational red teaming that measures susceptibility to pressure, incentives, and channel switching.

Training Activity

Captures user engagement, sentiment, and outcomes across just-in-time, compliance, functional, and organization-specific training. Tracks comprehension and retention trends over time to measure training effectiveness.

External Security Integrations

Incorporates historical testing and training data from prior SAT and user risk platforms to establish a meaningful baseline. Instead of losing progress from past programs, this data becomes a foundation for tracking improvement within Dune Security.

Historical and Custom Data

Ingests unlimited signals from your security stack, including IAM, SEG, EDR, DLP, HRIS, and more, to create a continuously updated view of each user’s real-world exposure. These signals directly inform risk scoring and help prioritize remediation for the highest-risk users.

Risk Quantification

Identify High Risk Users

Converts raw inputs into executive-ready insight that highlights where risk is concentrated and where remediation will have the greatest impact.

Risk Remediation

Automatically
Remediate User Risk

Delivers targeted training, enforcement, and controls that adapt to user behavior and reduce risk without slowing the business.

Business Email Compromise

Explore how business email compromise exploits trusted workflows and executive impersonation across email, messaging, and voice channels to trigger fraudulent paymentsor sensitive data changes.

Man-in-the-Middle Attacks

Discover how man-in-the-middle attacks intercept trusted connections to steal or alter sensitive information like passwords, financial data, and company credentials.

Push Notifications

Uncover how attackers exploit push notifications and MFA fatigue to trigger reflexive approvals that lead to account compromise, credential theft, or malware infection.

Passwords

Learn how weak or reused passwords are exploited at scale to breach accounts, and how stronger passphrases and simple protections reduce the risk of compromise.

User Adaptive Training

Delivers just-in-time microtraining tailored to each user’s behavior, risk profile, and role, with customization for your branding, policies, and real-world threats.

Access Restrictions

Automatically triggers access restrictions when risk thresholds are exceeded, integrating with ticketing and communication tools to streamline enforcement.

Dynamic Enforcement

Surfaces risk-based enforcement recommendations and routes them to the right control systems, supporting custom workflows aligned with your security practices.

Performance Management

Gives leadership real-time visibility into the highest-risk users, with prioritized data and actionable context to drive informed security decisions.

Get Started with Dune Today

Schedule a demo with one of our implementation experts to see how Dune aligns with your security organization's goals.

Book a demo

Agentic Attack Simulations

Models real-world social engineering and insider threat tactics across channels and conversations to reveal how users behave under realistic attack conditions.

GenAI Attacks

Targeted, point-in-time simulations powered by GenAI. Focus on specific decision points, such as clicking a link, entering credentials, or responding to a trusted request.

Email phishing simulations

AI-driven spearphishing

Smishing simulations

Deepfake video attacks

MFA entry simulations

Conversational Red Teaming

Live social engineering simulations that unfold through ongoing conversations and adapt based on how users respond to escalated pressure, impersonated trusted identities, and shifted channels.

Text-based

SMS

Signal

Viber

Voice-based

Live phone calls (vishing)

WhatsApp voice message

Explore Agentic Attack Simulations

Book a session to learn more about red teaming simulations, including deepfake videos, vishing calls, and encrypted channel messaging.

Book a demo

Dune Studio

Training That Looks, Sounds,
& Feels Like Your Organization

Dune Studio is a fully managed, AI-powered cinematic training experience. It turns real-world risk into personalized learning tailored to your people and environment. The result is higher engagement, stronger retention, and measurable reductions in user risk.

Fully Customized Training

Training designed around your people, brand, and environment. Security awareness, functional, and compliance content is tailored to your policies, tone, and real-world threats so risk feels familiar and relevant.

Managed Content Production

End-to-end creation handled by Dune. We manage research, scripting, production, and delivery using real attack patterns and OSINT, ensuring training is accurate, on-brand, and impactful.

Cinematic Microtraining

Short, high-impact learning built for retention. One to three minute videos show risky behavior and the correct response in real context, increasing engagement without training fatigue.

Real-World Context

Training grounded in how attacks actually unfold. Deepfakes, generative AI, and OSINT are used to create realistic training scenarios that mirror your real workflows, tools, and environments.

Meet the Dune Studio Team

Discuss what a customized, cinematic-quality, fully-managed training catalog can look like for your organization.

Book a demo

Risk Signal Integrations

Ingest unlimited signals from your security stack to build a single, continuously updated view of each user’s real-world exposure.

Entra ID

Connects via Microsoft SSO to ingest identity and authentication events, including sign ins, MFA activity, and user and device context, to inform real-time user risk scoring.

Entra ID

IAM

All Integrations

HRIS

All Integrations

Okta

Collects authentication and access activity from Okta APIs and System Logs, including logins, MFA events, and application access, to enrich identity risk context.

Okta

IAM

All Integrations

HRIS

All Integrations

Google

Collects Workspace security events via Google Admin SDK and Audit Logs, including login activity, OAuth grants, and Drive sharing, to surface risk across Google identities & data.

Google

IAM

All Integrations

HRIS

All Integrations

Microsoft Outlook

Monitors email and mailbox security signals via Microsoft Graph, including message metadata, forwarding rules, suspicious patterns, and mailbox changes, to detect email based exposure.

Microsoft Outlook

SEG

All Integrations

Gmail

Ingests email metadata and audit signals including forwarding rules, access anomalies, and suspicious activity to identify risky email behavior.

Gmail

SEG

All Integrations

Proofpoint

Ingests email threat detections such as phishing, malware, URL clicks, and quarantines and correlates them with identity and device context to prioritize exposure.

Proofpoint

SEG

All Integrations

CrowdStrike

Pulls endpoint detections and device posture signals including malware, suspicious execution, and lateral movement to map device risk back to users and access.

CrowdStrike

EDR

All Integrations

MSFT Defender

Centralizes security alerts across endpoint, identity, email, and cloud apps and enriches them with context for investigation and risk scoring.

MSFT Defender

EDR

All Integrations

Microsoft Purview

Ingests data security and governance signals including DLP alerts, sensitivity labels, and risky sharing or exports to tie incidents to users and assets.

Microsoft Purview

DLP

All Integrations

Workday

Ingests workforce and organizational data including departments, roles, groups, and new hires to provide business and identity context for user risk scoring.

Workday

HRIS

All Integrations

Custom Risk Score Weighting

Dune gives security teams direct control over how user risk is calculated. Tailor how each risk factor contributes to a user’s overall score so prioritization aligns with your real threat landscape, not a generic model. Adjust scoring for specific user groups where risk profiles differ.

Business Impact Influence

Controls how much additional risk from training, attacks, and signals is amplified - based on the user's Business Impact category. Higher influence = greater variation in risk scores across impact categories.

Minimum

Median

Maximum

Risk Score Factors Impact

Total weight across the factors must equal 100%. These weights control how much each factor contributes to the overall risk score.

Simulated Attack Activity

Consists of simulated attack failures and successful reporting

50% Weight

100

Training Activity

Consists of ontime training completion

39% Weight

100

Risk Signals

Consists of simulated attack failures and successful reporting

11% Weight

100

Simulated Attack Activity 50%

Training Activity 39%

Risk Signals 11%

How it works

User risk scores are calculated using multiple inputs, including simulated attack behavior, training activity, and real risk signals.
Each factor is assigned a percentage weight that determines its influence on the final score. All weights total 100 percent, making scoring transparent and predictable.

Business impact is applied automatically based on role and access, ensuring users with higher potential breach impact are appropriately prioritized through built-in risk floors.