The automation of impersonation

Security has always been a game of costs. For years, the unit economics of a phishing attack favored the defender: it took time to set up a convincing site, and once it was flagged by a browser or an email filter, the attack's effectiveness collapsed. That math is changing. The rise of automated tooling and generative AI allows attackers to deploy sophisticated, convincing impersonations at a scale and velocity that human teams cannot match. Doppel is a brand protection company built for this era, using automated intelligence to find and neutralize these threats.

Traditional brand protection often looks like a law firm with a search engine. It relies on humans to spot suspicious domains and manually file takedown requests. Doppel is part of a newer wave of security companies that treat brand protection as a data and automation problem. They focus on the technical mechanics of social engineering, as evidenced by their work identifying campaigns that use fake CAPTCHAs to trick users into running malicious PowerShell code. By sandboxing these threats and observing their behavior—such as the specific use of AutoHotkey for clipboard hijacking—Doppel identifies the intent of a site before a human ever reports it.

Technical depth in threat intelligence

What makes the company interesting is its focus on obfuscation. In recent campaigns, attackers have moved away from simple malicious downloads. Instead, they use social engineering to convince victims to perform a sequence of keyboard shortcuts—Windows + R, CTRL + V, and Enter—which executes code directly from the clipboard. This bypasses many standard endpoint protections because the victim is essentially the "installer."

Doppel’s Threat Intelligence Team analyzes these specific patterns to build defensive models. This technical focus separates them from more superficial scanners that only check for visual similarities or domain typos. By understanding the underlying scripting languages and delivery mechanisms used by adversary groups, they can provide higher-fidelity alerts to enterprises that are targets of high-value impersonation, such as those in finance, cryptocurrency, and software.

Market position and founders

Founded in 2022 and based in San Francisco, Doppel was created by Kevin Tian and Rahul Bhansali, both former engineers at Uber who experienced the challenges of maintaining trust and safety in a massive, distributed system. The company has attracted significant venture interest, including backing from Andreessen Horowitz, positioning them at the center of the debate over how AI will reshape the security stack.

They occupy a space between traditional Managed Detection and Response (MDR) and digital risk protection services. While MDR focuses on what happens inside the network, Doppel focuses on the external impersonations that lead to initial access. As attackers increasingly use autonomous agents to spin up disposable infrastructure, Doppel’s reliance on automated detection is a necessary counter-measure. The trade-off is the complexity of managing false positives in a world where "fair use" and "parody" can sometimes look like impersonation, but for large brands, the risk of inaction is far higher.