Hi Jason,
Did these false positives just start occurring, or has this been happening for a while? I ask because I have seen some other users reporting similar behavior but I'm not sure if they are working with you or are separate users.
If you have attachment scanning or Data Loss Prevention (DLP) processing, it's possible that DLP is opening the attachment on send to check it and that is getting it flagged. You could try removing the DLP compliance policy (if applicable) to see if you face the same issue. If you want to exclude certain paths from DLP monitoring, DLP alerts, and DLP policy enforcement on your devices, you can also turn off those configuration settings by setting up file path exclusions. https://learn.microsoft.com/en-us/purview/dlp-configure-endpoint-settings
If you just want to remove the training emails though, you can remove or modify the end user notifications, or you can add exclusions to the training simulations themselves.
Otherwise I would recommend creating a support ticket to look into this and query additional logs from your tenant, since it will be harder to diagnose this without testing within the tenant itself.