Innopolis Unveils InnoFish Platform to Protect Organizations from Phishing
Innopolis University has developed InnoFish, a platform designed to help organizations defend against phishing attacks through realistic simulations and hands-on employee training.The platform enables organizations to run lifelike phishing campaigns, identify their most vulnerable employees, and train them using real-world scenarios.
Developers say the system can help triple employee awareness of cyber fraud, with social engineering incidents dropping by 80% in the first month of use.
This goes beyond a niche training tool. The platform sits at the intersection of cybersecurity and corporate learning, with broader implications for risk management. Phishing remains one of the most common and accessible attack vectors, which is why tools that reduce employee vulnerability are in demand across both business and government. According to BI.ZONE, phishing emails tripled in 2025, while attacks overall rose by 38%.
Wider adoption of the platform could translate into safer digital services for citizens and a lower risk of data breaches caused by human error in sectors such as banking and e-commerce. For government agencies, it offers a new approach to cyber hygiene training. It also helps reduce reliance on foreign platforms. In a global context, the launch reflects a growing shift toward employee training and human factor management in cybersecurity. Microsoft has explicitly recommended investing “in people, not just in tools.”
Shift Toward Human Risk Management
The solution is well positioned for the domestic market, given the prevalence of phishing and the broader shift toward local cybersecurity products after 2022. In practice, it could see uptake across banking, industry, telecom, education, and critical infrastructure – sectors where employee mistakes can have the highest impact. The model – combining simulation, training, and analytics – aligns with current market practice and has already been adopted by major players, including BI.ZONE and Microsoft.
At the same time, the platform’s global expansion prospects are more limited. The segment is already dominated by large international vendors. More realistic opportunities lie in deployments and partnerships in friendly markets, where demand is higher for cost-effective, localized solutions. A key growth direction is the shift toward AI-driven human risk management models. This aligns with global trends and could help position the platform as a fully-fledged commercial cybersecurity product.
A Standard for Enterprise Environments
In 2022, BI.ZONE updated its Security Fitness platform and identified a growing trend toward outsourced employee cybersecurity training. That marked the emergence of a dedicated segment in Russia focused on solutions that address both infrastructure and human behavior. In 2024, a joint case by BI.ZONE and Unirest demonstrated the practical impact of this approach: the number of vulnerable employees dropped by half within a year, while click-through rates on phishing links fell by 78%. Against the backdrop of continued phishing growth in 2025–2026, and BI.ZONE’s assessment that phishing has become a primary threat to corporate email, the launch of InnoFish appears to respond to a sustained market demand.
In 2023, Proofpoint enhanced its Security Awareness module with a stronger focus on automation and targeted training. This signaled a shift from annual compliance courses to micro-scenarios tailored to current threats. In 2024, the company added QR phishing simulations, showing how quickly the anti-phishing training segment adapts to changing user behavior. By 2025, Microsoft had formalized a model combining risk assessment, attack simulation, and follow-up training through its Attack Simulation Training framework, effectively setting a standard for large enterprise environments. Meanwhile, KnowBe4 and other global players have been advancing AI-driven human risk management approaches between 2025 and 2026.
A Marker of Market Maturity
The launch of InnoFish highlights the growth of Russia’s domestic cybersecurity software market, the rising importance of cyber literacy, and the gradual alignment of local practices with global standards. It signals the development of full-scale cybersecurity solutions that account for employee behavior rather than relying solely on email filtering and technical defenses. Phishing is no longer just a problem for antivirus tools or secure email gateways – it is becoming part of a broader organizational resilience strategy.
Over the next three years, solutions like this are expected to evolve toward deeper integration with corporate email and messaging platforms, greater personalization based on employee roles and industries, and the addition of AI capabilities for realistic simulations and behavioral risk assessment. This mirrors the global trend toward AI-driven human risk management.
