The Use of Generative Artificial Intelligence in Cybersecurity Awareness Training, Part 1
Copyright (c) 2026 Szabó Gergő
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Abstract
This study examines how generative artificial intelligence (GenAI) can be applied in cybersecurity awareness training, with particular emphasis on personalization, effectiveness, and user acceptance. The theoretical section follows the ADDIE instructional design model and explores the role of GenAI in educational planning, highlighting its potential in content development, adaptive learning, and feedback mechanisms. Special attention is given to Retrieval-Augmented Generation (RAG) technologies, focusing on content accuracy and data protection considerations.
The empirical part of the research is based on a questionnaire survey conducted with 109 participants and designed according to the Technology Acceptance Model (TAM). The questionnaire included phishing simulations, an AI-generated cybersecurity scenario, and attitude-based questions. The aim of the study is to assess how non-expert users perceive and evaluate cybersecurity training materials generated by artificial intelligence, and to identify key factors influencing their acceptance and perceived usefulness.
Keywords:
How to Cite
References
AI-Generated Phishing Simulations Are a Game Changer for MSPs. ConnectWise Marketplace, 2023. július 11. Online: https://marketplace.connectwise.com/blogs/ai-generated-phishing-simulations-are-a-game-changer-for-msps/
Breacher.ai (2025): Deepfake Archives. Online: https://breacher.ai/solutions/deepfake-simulation/
BRITO, Fernando et al. (2025): Enhancing Cybersecurity Education With Artificial Intelligence Content. In Proceedings of the 56th ACM Technical Symposium on Computer Science Education 1. New York: Association for Computing Machinery, 158–164. Online: https://doi.org/10.1145/3641554.3701958
CVE [é. n.]: Frequently Asked Questions (FAQs). Online: https://www.cve.org/ResourcesSupport/FAQs
EU Artificial Intelligence Act. Online: https://artificialintelligenceact.eu/ai-act-explorer/
European Union Agency for Cybersecurity (2024): ENISA Threat Landscape 2024: July 2023 to June 2024. Online: https://data.europa.eu/doi/10.2824/0710888
JAKKAL, Vasu (2023): Introducing Microsoft Security Copilot: Empowering Defenders at the Speed of AI. Official Microsoft Blog, 2023. március 28. Online: https://blogs.microsoft.com/blog/2023/03/28/introducing-microsoft-security-copilot-empowering-defenders-at-the-speed-of-ai/
MERRITT, Marian et al. (2024): Building a Cybersecurity and Privacy Learning Program. NIST SP 800-50r1. Gaithersburg: National Institute of Standards and Technology. Online: https://doi.org/10.6028/NIST.SP.800-50r1
MOUTON, Francios et al. (2014): Social Engineering Attack Framework. In 2014 Information Security for South Africa. 1–9. Online: https://doi.org/10.1109/ISSA.2014.6950510
NELSON, Connor – DOUPÉ, Adam – SHOSHITAISHVILI, Yan (2025). SENSAI: Large Language Models as Applied Cybersecurity Tutors. In Proceedings of the 56th ACM Technical Symposium on Computer Science Education 1. New York: Association for Computing Machinery, 833–839. Online: https://doi.org/10.1145/3641554.3701801
New Jersey Cybersecurity & Communications Integration Cell [é. n.]: ChatGPT and Its Impact on Cybersecurity. Online: https://www.cyber.nj.gov/guidance-and-best-practices/artificial-intelligence/chatgpt-and-its-impact-on-cybersecurity
Introducing ChatGPT Enterprise. OpenAI, 2023. augusztus 28. Online: https://openai.com/index/introducing-chatgpt-enterprise/
PETKAUSKAS, Vilius (2023): Lessons Learned From ChatGPT’s Samsung Leak. Cybernews, 2023. május 8. Online: https://cybernews.com/security/chatgpt-samsung-leak-explained-lessons/
Proofpoint (2023): 2023 Security Awareness Study. How Effective Are Your Awareness Programs – and Do Your Employees Agree? Information Security Media Group. Online: https://www.proofpoint.com/us/resources/analyst-reports/ismg-security-awareness-training-perception-study
SHAW, R. S. et al. (2009): The Impact of Information Richness on Information Security Awareness Training Effectiveness. Computers & Education, 52(1), 92–100. Online: https://doi.org/10.1016/j.compedu.2008.06.011
SlashNext (2023): State of Phishing. Online: https://www.prnewswire.com/news-releases/slashnexts-2023-state-of-phishing-report-reveals-a-1-265-increase-in-phishing-emails-since-the-launch-of-chatgpt-in-november-2022--signaling-a-new-era-of-cybercrime-fueled-by-generative-ai-301971557.html
Solving the Security Challenges of Retrieval-Augmented Generation (RAG). Polymer, 2025. január 31. Online: https://www.polymerhq.io/blog/ai/solving-the-security-challenges-of-retrieval-augmented-generation-rag/
Verizon (2024): 2023 Data Breach Investigations Report: Frequency and Cost of Social Engineering Attacks Skyrocket. Online: https://www.verizon.com/business/resources/reports/2023-data-breach-investigations-report-dbir.pdf
YOGARAJAH, Jesudhas – HOSSAIN, Gahangir (2025). The Concept of Cognitive CyTutor Utilizing Federated Learning for Cybersecurity Education. In 2025 IEEE 15th Annual Computing and Communication Workshop and Conference (CCWC). 681–690. Online: https://doi.org/10.1109/CCWC62904.2025.10903809