What does SimuPhish actually do?

SimuPhish trains the human firewall. Live-fire phishing drills built on the lures landing in inboxes this week, two-minute coaching the moment something goes wrong, real-time breach intel, and a leadership view that turns posture into action.

How is this different from old-school annual training?

Annual training builds compliance, not reflex. SimuPhish ships micro-coaching inside Slack, Teams, and email, the apps people already use. Behaviour changes in the workflow, not in a 60-minute course you click through once.

How fast can we go live?

Most teams launch their first drill the same afternoon they sign up. Full directory sync from Google, Microsoft, Slack, or Okta runs in under five minutes.

How many languages does SimuPhish support?

75+ languages out of the box, including Arabic, English, French, Spanish, German, Italian, Mandarin, Japanese, Korean, Hindi, Portuguese, Dutch, Hebrew, Turkish, and Polish. Content auto-adapts to each employee's preferred language.

Where does SimuPhish host data?

Local data residency in 170+ countries. Primary regions in AWS us-east-1 and eu-west-1, with EU-only, US-only, UAE-only, and India-only residency available on Enterprise. Customer data is encrypted at rest with KMS-managed AES-256 and in transit with TLS 1.3.

What certifications do you carry?

SOC 2 Type 2, ISO 27001, GDPR, and CCPA. Latest audit reports are available under NDA. Pen test on a 30-day notice. UAE Personal Data Protection Law compliance for our Dubai customers.

Will it work with our stack?

Native integrations with Google Workspace, Microsoft 365, Okta, Slack, Microsoft Teams, and Google Chat. SAML SSO and SCIM provisioning included on every plan.

How is pricing structured?

Custom, shaped to your team size, channel mix, and rollout pace. No per-seat list, no surprises. Two minutes to a quote, one business day to a real reply.

SimuPhish | The AI Driven Human Risk Management+ Platform

LiveWatch SimuShield work, in real time

Autonomous, multi-vector human risk campaigns across email, SMS, Microsoft Teams, Slack, and voice. Built natively for EMEA, APAC, and the Americas. Coaches every employee in the seconds after a click. The AI Driven Human Risk Management+ Platform for the way attacks land in 2026.

orBook a demo·No credit card. One business day reply.

SMS

Slack

Teams

Voice

Browser

Scroll

Try it · Camera-driven demo

Let us profile you in 3 seconds.

Allow your camera. Stay still for a moment. We’ll run the same kind of analysis your attackers run before they pick up the phone, without the breach.

478 facial landmarks tracked locally, nothing leaves your device.
Live camera when available. Demo scan mode when browsers block it.
Stop any time with the Revoke button below.

Permission required

478 landmarks · stays on your device

The identity graph

Your firewall has 6,420 holes.
Each one has a name.

We don’t score departments. We score people. SimuHDR draws an identity graph of your team, weights each node by what they can authorise, and tells you which one your attacker would call first.

Reading the briefOK · last action <24h

Worth watchingHesitation rising · cohort drift

Attention requiredCred-entry adjacency · 0-7d

SimuPhish AI platform at the centre of the employee risk network

L. Chen

Vendor ops

B. Müller

DPO · EU

S. Khan

Procurement · UAE

T. Okafor

Treasury ops

C. Romero

Exec assistant

N. Park

Internal IT

P. Eldar

Mobile ops

G. Nasser

AP · KSA

Y. Al-Qassim

Treasury · UAE

H. Walsh

Head of SecOps · UK

F. Al-Otaibi

Cyber resilience · KSA

M. Hossain

VP Finance · APAC

A. Bouchard

Group CFO · FR

R. Iyer

Director, IR · IN

What we do

Four disciplines. One closed loop.

Each card is a part of the operating loop, read, score, intervene, defend. Every signal we collect feeds the next decision.

SimuGPT · Lure draftGenerated

From: [email protected]

Banking change before EOW, quick.

Hi Yousef, quick one. Could you confirm the updated IBAN before Friday? Same supplier, just a treasury reorganisation post-merger.

+ voice fall-back · 11:14 GMT

The Engine01

SimuGPT

Adversarial language and voice models, retrained weekly on the lures attackers actually used the week before. Email · SMS · Slack · Teams · voice clone · QR · browser.

Human Risk Index+9.4 / 30d

74cohort: treasury, exec

Executive spoofing91

Vendor invoice fraud84

AI voice pressure73

The Telemetry02

SimuHDR

A behavioural data warehouse, clicks, hesitations, hover-time, report rates, credential-entry events, turned into a per-person human-risk score that explains itself.

✦

Briefing, 90 seconds

Your briefing on AI voice cloning.

A 90-second walk-through on how attackers clone your CFO’s voice, and the two-step call-back protocol that makes their work useless.

ENAR+22

The Broadcast03

SimuCast

Two-minute briefings, manager nudges, board digests. Generated and shipped in the same console where the attacks were run. Multi-language. Manager-relayed.

SimuShield · Live traceHeld

0.0s · Lure landed · CFO-spoof
0.6s · Hover detected
2.1s · Origin not on allow-list
2.4s · Page held in sandbox
3.0s · Score ↓ 0.4 · Cohort flagged
3.2s · Resolved · Briefing scheduled

The Shield04

SimuShield

Real-time response on live attacks. Holds the page in sandbox, rotates the credential, pages the SOAR, and starts the briefing, inside one minute, not six weeks.

By the NumbersFootnotes welcome

Numbers that make your board take notes.

↓

0×failure rate

Lower failure rates after one quarter on-platform.

⚡

<0.0scontainment

Median SimuShield containment of a live lure.

↑

0%report rate

Report-rate engagement, board-grade.

✓

$0.0Mintercepted

Single largest wire-fraud event we've intercepted.

Editorial note

Numbers above are 12-month medians across regulated customers in finance, telco, and government spanning EMEA, APAC, and the Americas, weighted by identity count. Full methodology shared under NDA on request.

While you read this

Real SimuShield, real time.

A live, anonymised window into the operations panel our customers see every morning. Lures held in sandbox, voice clones contained, briefings dispatched. The number underneath is the only one that matters.

Held / 24h

Regions

0.2s

Median trace

simushield/live

Connected · UK + UAE

09:42:11EMAILEMAILVendor IBAN swap · finance deptHELD
09:41:58VOICEVOICECFO voice clone · 2.1s containmentHELD
09:41:42TEAMSTEAMSManager spoof · cohort flaggedWATCH
09:41:30BROWSERBROWSERCredential entry blocked · sandboxRESOLVED
09:41:14SMSSMSTreasury OTP harvest · zero leakHELD

signal pipe · 220ms p95data redacted · SOC 2 Type 2

Frame by frame

Anatomy of a click.
3.2 seconds.

From the moment a real lure hits a real inbox to the moment SimuShield closes the window, it’s under four seconds. Most platforms don’t even know an attack happened until next week’s report.

We measure on the device, in the browser, and at the gateway, concurrently.
No agents. The signal pipe rides on top of your existing identity stack.
Scoring updates within the same second as the response.

simushield · live trace

0.0s▸ Lure lands · Inbox: 'Your payslip is not correct'

0.6s▸ Hover detected · Cursor over [Open attachment]

1.2s▸ SimuHDR, Subject's hesitation: 0.4s above baseline

1.8s▸ Click event · Browser begins navigation

2.1s▸ SimuShield intercept · Origin not on allow-list

2.4s▸ Page held in sandbox · Credentials never leave host

3.0s▸ Score updated · -0.4 risk delta · Cohort flagged

3.2s▸ Briefing scheduled · 90s nudge in 11 minutes

0.0s1.0s2.0s3.2s · resolved

Fig. 2, A real SimuShield trace, redacted for the page. Median window: 3.2 s.

Customer stories

Numbers a CFO will defend.
Stories an auditor will read.

Three case files this issue. Anonymised on request, fully verifiable on call. No cherry-picked screenshots. No anecdotes pretending to be data.

Field Report 01

Banking · UAE

How a regional bank cut executive-spoof exposure by 63% in a quarter, the Monday-morning version.

−63%

exposure on top-30 executives

Field Report 02

Insurance · UK

Five vendors swapped for one platform. Then a $4.2M wire was redirected at the last minute. We held it.

$4.2M

wire-fraud held at containment

Field Report 03

Telco · KSA

38,000 employees, two languages, nine business days. The before-and-after of a SAMA-aligned rollout.

kick-off → fully operational

Continued in Field Reports

Read all six in this issue

Special edition · Out now

The 2026 SimuPhish AI Phishing Index.

4.7 million simulated lures across 12 sectors, 31 markets and 7 channels. The largest behavioural dataset on AI-driven phishing ever published. Free to read. Free to cite.

Read the Index Explore the Learning Center

Index 2026 · Issue 04

Voice deepfakes overtook email.

The fastest-growing attack vector in MENA finance, up 418% year-on-year.

4.7M

lures simulated

sectors

markets

Five featured chapters · Free to read

New

From the people who actually use it

Three letters this issue.

Lightly edited for length

We replaced four vendors and a quarterly slide-deck ritual with one platform that produces a number my CFO will actually cite in the budget review.

The Monday morning brief is a thing of beauty. We get the score, we get the cohort, we get the recommended intervention. We act on it. By Friday, the number has moved.

Their Arabic content reads like a colleague wrote it, not a vendor. That sounds small. It isn't.

Questions, answered

The questions a buying committee actually asks.

Don’t see yours? Email [email protected]. We reply the same business day.

Ready when you are

The phishing defense your team will actually use.

Two minutes to a quote. One business day to a real reply. No drip sequences. No per-seat list.

Request a quote See pricing

SimuPhish trident — the AI Driven Human Risk Management+ Platform

There is no patchfor pressurehuman.