In recent years, emails related to targeted attacks and business email compromise, commonly known as CEO fraud, have increased, and the resulting damage has expanded. In the Information-technology Promotion Agency’s “Top 10 Information Security Threats 2025 [Organizations],” targeted attacks aimed at confidential information ranked fourth, while business email compromise ranked ninth. Cyberattacks that begin with email have become a major issue for business continuity. With the spread of generative AI, emails written in unnatural Japanese are becoming less common, making it possible for anyone to create messages that look more authentic. Requests impersonating real business partners or executives, payment instructions disguised as routine business communications, and instructions to take out information are all becoming harder to detect. Many companies conduct targeted email training every year in response to this situation. However, preparation, delivery, aggregation, reporting, and other tasks place a heavy operational burden on IT departments and tend to increase costs. As a result, training itself can become the goal and lose practical effectiveness. Companies also face challenges in tracking and managing responses when employees report suspicious emails. Many companies and organizations use employee email training as a countermeasure against targeted attack emails. While effective for raising awareness and improving employees’ ability to identify suspicious emails, it creates significant cost and operational burdens for the people in charge. Pre-training preparation, post-training checks, exclusion settings based on the email environment, scenario creation for increasingly sophisticated attacks, and aggregation of delivery and click data all require substantial effort. In addition, some services do not allow flexible customization by target group or make it difficult to confirm training results. Advanced training and increased delivery volumes can also generate