Contextualized Cybersecurity Awareness through AI and Gamified Learning

Cybersecurity threats increasingly exploit human factors rather than focusing on technical vulnerabilities, making human error the primary cause of data breaches. Traditional solutions like antivirus and firewalls are not effective against social engineering attacks such as phishing, where the real weakness lies in users' behavior and lack of awareness. Conventional training programs try to address this issue but often fail to create long-term behavioral change, as they are mostly theoretical and lack a connection to practical, real-world situations. This thesis, in collaboration with Ermes Browser Security, introduces a browser extension that provides contextual cybersecurity training triggered by risk events. When a threat is detected, the system not only blocks it but also uses AI to generate immediate educational content, based on the information from the detected event. The extension combines phishing detection with data loss prevention and adapts its educational content to the user’s skill level through a simple profiling system. To assess the system’s effectiveness, user experience, and training impact, the testing phase was divided into three groups: Ermes Product team first, researchers and professors from Politecnico di Torino then, and finally extended to whole Ermes personnel, including Sales, Customer Success and Administration teams. Participants highly appreciated the innovative approach, which is the core of this thesis. These findings suggest that real-time, contextualized training has the potential to foster safer behaviors and enhance risk awareness, transforming users from vulnerabilities into assets.