Been running a small research experiment called Threat Terminal – a terminal-style phishing simulator where players review emails and make detect/ignore calls.

It’s not a survey.

You actually play through 10 emails per session and the platform logs:

∙	decision confidence

∙	time on each email

∙	whether you checked headers or URLs

∙	phishing technique and difficulty level

Early data (569 decisions, 36 participants):

∙	Overall phishing bypass rate: 16%

∙	Infosec background: 89% detection accuracy

∙	Technical background: 89%

∙	Non-technical: 85%

The gap between backgrounds is smaller than I expected. The more interesting finding is that AI-generated “fluent prose” phishing bypasses detection ~24% of the time, significantly higher than other categories. Removing grammar errors removes one of the strongest

traditional detection signals.

Live simulator: https://research.scottaltiparmak.com

Full Write Up Metholodogy, etc: https://scottaltiparmak.com/research

Takes about 10 minutes to complete a session. If you’re studying security, your decisions contribute directly to the dataset. Would genuinely love results from people actively learning this stuff.