Human-Layer Security

Intelligence at the
Moment of Risk

The "Silent Defender" for the AI-phishing era. We close the cognitive gap between technical filters and human action with real-time, context-specific explanations.

Built for CISOs and security leaders who know the human layer is where the battle is fought and too often lost.

The Reality

Your technical stack was not built for this threat

AI-generated attacks do not follow patterns. They follow people.

5x
Growth in AI-generated spear phishing in 2025
Attackers now generate personalised, context-aware lures at machine scale — adapting tone, language, and timing to the individual target. Volume and sophistication are rising together.
arXiv:2411.13874v1 — LLM-Powered Phishing Study
$40B
Projected AI-enabled fraud losses by 2027
BEC losses already stand at $12.3B annually. GenAI allows attackers to craft convincing lures at scale with near-zero effort — accelerating the curve faster than defences can adapt.
Deloitte Center for Financial Services, 2024
$4.4M
Average cost of a data breach
Most breaches begin with a single human decision made in a moment of uncertainty. That moment is where the war is actually fought -- and currently lost.
IBM Cost of Data Breach Report, 2025

No stack is perfect. What matters is what happens when the imperfect stack lets something through -- and your employee is the last line of defence.

Our Approach

The Third Layer of Defence

Most organisations have two layers. The third is where the gap lives.

1

Technology -- Gateways and Filters

Signature-based systems that block known threats, flag known bad domains, and filter patterns they have seen before. Essential, but blind to what they have never encountered.

2

Training -- Awareness and Simulation

Annual modules, phishing simulations, and general security culture. Builds knowledge over time -- but cannot be recalled in the milliseconds before a click happens.

3

Mungo Labs Real-Time Explanation

The intelligence layer that activates at the exact moment a threat is in front of your employee. Not a generic warning -- a specific, plain-language explanation of what is wrong, why it is dangerous, and what to do next. Inside the tools they already use.

💬

Specific, Not Generic

Names the spoofed domain, the urgency tactic, and the malicious destination. "This is dangerous because..." is what changes a decision.

📊

Proficiency-Adaptive

Warning depth calibrates automatically — detailed explanations for those who need context, concise alerts for those who already recognise the pattern.

🧠

Behavioural Immunity

Each contextual explanation builds lasting pattern recognition. Employees become harder to deceive over time — even without further training.

🧩

Zero-Friction Deployment

Lives inside the tools people already use. No new interface, no workflow change, no employee training required.

🔒

Privacy by Design

Analysis runs on-device without transmitting personal content. Structurally compliant with GDPR, HIPAA, and data residency requirements — by architecture, not policy.

🔄

Stack-Agnostic

Augments your existing security stack — Proofpoint, Defender, or any gateway — without replacing any of it. The third layer sits on top of the first two.

Product Surfaces

Where the Defence Lives

Embedded inside your existing tools. No rerouting, no appliances, no friction.

https://login-m1crosoftonline.net/signin
Microsoft
Sign in to your account
M
Mungo Labs — High Risk
Safety Score 12 / 100

This page mimics login.microsoftonline.com but was registered 2 days ago. SSL certificate does not match Microsoft.

Report this page
Tell me more →

Protection at the point of click

The warning appears exactly where users look — near the browser extension icon — at the moment they land on a suspicious page, before credentials are entered.

  • Works with all major browsers — Chrome, Edge, and Firefox
  • Deploys as a lightweight extension — no infrastructure changes, no IT rerouting
  • Analyses page signals locally — no browsing content transmitted externally
  • Warning activates only when a threat is detected — zero noise on safe pages

MVP covers all major browsers. Outlook support in early access. Gmail support planned.

Inside your inbox, not beside it

Warnings appear inline, within the reading pane, at the moment the email is opened -- before the user acts on what they have read.

  • Works with Microsoft 365
  • Deploys as a lightweight add-in -- no email rerouting, no MX record changes
  • Analyses metadata and content patterns, not personal data
  • Real-time -- warning appears before the user can act on the threat

MVP covers Outlook. Gmail support planned for a future release.

The Bigger Picture

The human layer touches everything

Attackers do not target systems. They target people -- wherever those people work, communicate, and make decisions.

📧

Where it starts today

The two surfaces where the majority of human-layer attacks begin: email and the browser. These are where employees are most exposed, most distracted, and most often left without support when a filter fails.

💬

Where risk lives beyond

Social engineering does not stop at the inbox. It moves into collaboration, messaging, document sharing, and every digital surface where people communicate and act. Each is a moment of risk waiting for a defender.

🌏

The vision

A world where every moment a person faces a digital decision, they have access to the same intelligence a security expert would bring -- instantly, contextually, and without interrupting how they work.

The roadmap grows with our design partners. What we build next is shaped by what you face now.

Real-World Scenarios

See it in your world

Real threats. Real moments. Real-time defence.

Email

Financial Services -- The Moment That Counts

A branch manager and a senior finance officer each receive separate, personalised emails appearing to be from the group CFO, requesting urgent authorisation of a large cross-border transfer. The emails pass all gateway checks -- the attacker used a compromised vendor domain.
Mungo Labs This sender has never previously initiated transfer authorisation requests. The domain was registered 6 days ago and differs from the CFO's known corporate address by one character. The urgency framing and secrecy instruction match known Business Email Compromise patterns. Verify via a known direct line before proceeding.
Browser

Healthcare -- Credential Harvesting via EHR Lure

A hospital administrator follows a link in what appears to be a critical system update notice from their EHR vendor. The link opens a visually convincing login page requesting credentials before "downloading the patch."
Mungo Labs This page was registered 3 days ago and visually mimics a known EHR vendor login. The SSL certificate is issued by a free certificate authority, inconsistent with enterprise vendor infrastructure. Do not enter credentials.
Email

Government -- Targeted Spear Phishing

A government analyst receives an email referencing a real internal project by name, seemingly from a known contractor. The email includes a link described as "updated project files." The contractor's domain was compromised three weeks prior.
Mungo Labs While the sender domain appears legitimate, this email was routed through an unfamiliar relay inconsistent with previous correspondence from this contact. The embedded link redirects through three intermediate domains before reaching an external destination. Treat with caution and verify directly with the sender.
Email

Finance / Accounts Payable -- Invoice Fraud

A PDF invoice arrives from a known supplier with modified bank details. The sender address looks correct. The email was forwarded internally, which is standard process -- so it bypasses most suspicion.
Mungo Labs The bank account in this invoice differs from the last 12 invoices received from this supplier. The PDF metadata shows it was last modified by an unknown author 2 hours ago. Do not process payment without direct verbal confirmation from the supplier.
Email

Executive / C-Suite -- Whaling

A whaling email impersonates a board member requesting that confidential M&A documents be shared urgently to a personal address. The display name matches exactly. The request is framed as bypassing IT to maintain discretion.
Mungo Labs The sender's display name matches a board member, but this email originates from a personal address, not their corporate domain. Requests for confidential documents routed via personal email are atypical. Verify this request through a known, direct channel before responding.
Browser

IT / Engineering -- Fake Dependency Advisory

A developer receives what appears to be a platform notification about a critical vulnerability in a widely used dependency. The link leads to a convincing advisory page recommending an immediate package update -- which contains obfuscated malicious code.
Mungo Labs This advisory page was registered yesterday and is not hosted on any verified platform domain. The recommended package has not been published by the original library maintainer. Do not install. Verify through the official project repository.
North America

Tax Season Phishing Surge

IRS impersonation campaigns spike January through April every year. AI now generates highly personalised variants at scale, targeting HR, payroll teams, and individual employees with convincing W-2 and refund-related lures.
Mungo Labs This message matches known IRS impersonation patterns. The IRS does not initiate contact via email for sensitive tax matters. The sender domain was registered last week. Do not click or provide any information.
Europe

GDPR Compliance Lures

Attackers exploit GDPR awareness to craft urgent "data processing agreement" lures targeting DPOs, legal teams, and compliance officers -- framed as regulatory obligations requiring immediate sign-off via an external link.
Mungo Labs This link leads to a domain registered 4 days ago with no affiliation to the claimed regulatory body. Legitimate data processing agreements are exchanged through verified business channels, not cold email links. Do not proceed without verification.
Asia-Pacific

Multilingual Spear Phishing

AI now generates fluent, culturally-calibrated phishing in Mandarin, Japanese, and Hindi -- adapting to local business norms, formal communication styles, and regional authority structures to make attacks significantly harder to recognise.
Mungo Labs Despite the local-language framing, the sender domain is newly registered and does not match the claimed organisation. The link structure and redirect chain are consistent with known credential harvesting infrastructure. Do not proceed.
The Evidence

Not just a warning. A behavioural intervention.

The design of Mungo Labs is grounded in peer-reviewed research on security decision-making.

75%+
of users follow specific, contextual warnings. Design — not awareness — is the deciding factor. Better design can close the remaining 25% gap too.
Google Security Research — "Alice in Warningland"
40%+
improvement in correct threat identification when warnings explain specifically what is wrong -- raising accuracy to 79–91% versus 52–69% for generic alerts.
Roy, Torres & Nilizadeh — PhishXplain User Study
20%
lasting reduction in susceptibility to follow-up attacks across 11,000 employees -- even without further intervention -- after a single contextual, in-the-moment explanation.
Cambridge Behavioural Public Policy

Mungo Labs does not just protect in the moment. It teaches through the moment -- building lasting behavioural resilience across your workforce.

Design Partner Programme

Build the future of human-layer defence with us

We are in active development and working closely with a small group of security leaders who want to shape the future of the human layer of security.

What design partners receive

  • 🔑

    Early access

    Get the product as it develops across email and browser surfaces, before anyone else.

  • 🎯

    Direct influence on the roadmap

    Your threat landscape shapes what we build next. Your feedback becomes our priorities.

  • 💰

    Preferred pricing

    Partnership terms locked in well below planned market pricing. Committed early, valued always.

  • 🏆

    Founding collaborator recognition

    Optional recognition as an organisation that helped build something that matters.

Who we are looking for

  • Organisations with 50 or more employees facing real human-layer risk
  • Security leaders focused on measurable outcomes, not checkbox compliance
  • Teams open to sharing anonymised threat data to improve the intelligence
  • Any sector, any geography -- diverse perspectives make the product stronger
This is a chance to be part of building something, not just buying it. We are looking for partners who see the opportunity in shaping what comes next. If that sounds like you, we want to hear from you.
Questions

Common questions

We are designed to sit alongside what you already have, not replace it. Gateways operate on known signatures and threat intelligence. Mungo Labs operates at the human layer -- activating when a novel or context-dependent threat reaches your employee. The two layers are complementary. A stronger gateway makes our job easier. When the gateway misses, we are there.

Our core principle is zero friction. A warning that interrupts workflow is a warning that gets ignored or disabled. Mungo Labs is designed to appear only when there is something worth surfacing, in context, within the tool the person is already using. No new tabs, no separate portals, no workflow changes.

Privacy by design is a foundational principle, not an afterthought. We intend to analyse metadata, structural signals, and content patterns without storing the personal content of emails or browsing activity. Our architecture is being designed with GDPR, HIPAA, and SOC 2 compliance in mind from the ground up. As a design partner, you will have direct input into how these principles are implemented.

Our intent is a lightweight deployment model -- a browser extension and an Outlook add-in -- with no email rerouting, no MX record changes, and no network appliances. We are working with design partners to validate and refine this model in real environments. The goal is measured in hours, not weeks.

We are honest about where we are. The core intelligence and warning system is working and being tested. We are now looking to validate it in real organisational environments alongside design partners who want to shape the product as it matures. This is an early-stage engagement with meaningful influence over the outcome -- not a beta test of something already decided.

Design partner terms are structured around mutual value -- your access and influence, our ability to build with real-world input. Terms are discussed directly and are considerably below our planned market pricing. The conversation starts with a discovery call where we understand your environment and what you are trying to solve.

Yes. We walk through the product with threat scenarios matched to your industry. To schedule a session, fill in the request form and we will be in touch to arrange a time.

See the defence in action

Defend the Moment of Risk

Watch Mungo Labs surface a real threat, in a real browser, with a real explanation.

Help shape what comes next

Deploy the MVP in your organisation

Bring the browser-based protection to a select group of high-risk users. Become a Design Partner and influence what we build next.