SimuPhish
NewThe 2026 SimuPhish AI Phishing Index is out

Phishing defense for the AI era

Make every employee impossible to phish.

SimuPhish runs autonomous, multi vector phishing campaigns across email, SMS, Microsoft Teams, Slack, and voice deepfakes. Then coaches your team in the seconds after a click. The AI Human Risk Management platform built for the way attacks land in 2026.

orBook a demoNo credit card. One business day reply.
SimuPhish
Overview
SimuGPT
SimuHDR
SimuCast
SimuShield

HDR Score

847

▲ +24 this month

Phish Defense, live

1,247 employees across 38 teams

Directory synced

Click rate

2.1%

▼ 3.4 pts

Report rate

47%

▲ 12 pts

Repeat risk

8

▼ 3 people

HDR Score by team

Finance88
Engineering76
Customer Ops64
Sales52

This week

3 drills shipped

CFO impersonation. Vendor invoice swap. IT password reset.

Next drill in 4 days →

Every channel attackers use

Multi vector by default. No bolt ons.

Your inbox is one of seven attack surfaces. SimuPhish runs realistic exercises on all of them, scored against the same HDR posture.

Email

Spear phish that reads like your real CFO.

OSINT shaped lures, internal vocabulary, vendor invoice templates that look like the real ones.

Subject: Vendor invoice change. Please update wiring details before EOW.

SMS smishing

Texts that hit during a busy hour.

DMARC clean numbers, regional phone formats, callback flows tuned to your industry.

+44 7xxx — Compliance: please verify your access by 4pm. Reply Y to confirm.

Teams and Slack

Chat lures that look native.

Spoofed bot accounts, fake recruiter pings, internal IT impersonation that lands inside the channel.

@here — Quick approval needed on this PO. Click here to confirm.

Voice and deepfake

AI cloned voices on real calls.

Voice deepfake exercises with consent, scripted by SimuGPT, fully logged and recoverable.

“Hey, this is Maya. I’m boarding. Can you wire the vendor today?”

QR and callback

QR codes and callback phish.

Posters, signage, malicious QR codes that route through SimuPhish landing pages, fully tracked.

Scan to update your parking permit. Hosted on a SimuPhish spoof domain.

The new attack surface

Old school phishing programs cannot stop AI powered attacks.

In 2023, attackers learned to write like your CFO. By 2024, they could call in their voice. Today a generative AI lure costs less than a coffee, lands in under a minute, and reads as cleanly as your real vendor invoices.

Since the launch of ChatGPT, attacks targeting employees grew 1,275%. Annual training is no match for that. Quarterly drills barely move the needle. HDR is what moves it, and HDR is built every day, in the apps your team already uses.

SimuPhish is the platform that builds it. Real drills against modern lures. Two minute coaching the moment something goes wrong. A leadership view that turns posture into action.

A new approach is long overdue.

How it works

Three steps to a live human firewall.

01 · Connect

Plug in once. Done in five minutes.

SAML SSO, SCIM, and four times a day directory sync from Google, Microsoft, Slack, and Okta. No spreadsheets, no list management.

02 · Run

SimuHDR runs the year on autopilot.

Set guardrails once. SimuHDR triggers email, SMS, Teams, Slack, and voice campaigns on a rolling schedule, paced to your team and pulled from this week’s threat feed.

03 · Coach

Two minute lessons in the moment.

When someone clicks, SimuGPT lands a coaching moment in Slack, Teams, or email before the habit hardens. No detention, no name and shame.

The platform

Four modules. One human firewall.

Each module ships standalone, but they get sharper together. One HDR Score. One directory. One report your CISO can defend at a board meeting.

By industry

Drills tuned to how your sector gets phished.

See every sector

The signal

Posture you can defend at the board.

SimuPhish turns thousands of employee signals into one clean operating story. For your team, your CISO, and your board.

Know the HDR Score.

One integrated score across every employee, team, and region. Security priorities stop being a guessing game.

HDR Score847▲ +24

Actionable defense.

See where your team is strongest and where the next coaching moment lands. No surveilling individuals.

Finance+12
Engineering+4
HDR points +20

Always in sync.

Auto syncs to Google, Microsoft, Slack, and Okta four times a day. Your directory stays up to date.

Google
Microsoft
Slack
Okta

Hablamos seguridad.

HDR training, live fire drills, and breach intelligence in 75+ languages. Local data residency in 170+ countries.

🇸🇦مرحبا
🇪🇸¡Hola!
🇩🇪Hallo!
🇮🇩Halo!
🇮🇹Ciao!
🇫🇷Salut!
🇯🇵こんにちは
🇨🇳你好
🇮🇳नमस्ते

Customer proof

Real teams. Real numbers.

Read every story
Phishing Index, 2026 edition

The state of the human firewall, in numbers.

2.1M employees. 38 countries. 75+ languages. The annual SimuPhish report on AI era phishing across industry, region, and role.

Download the reportRead the preview

1,275%

Growth in employee attacks

82s

Median time to click

47%

SimuPhish report rate

75+

Languages live

Integrations

Plays well with the stack you already run.

Native integrations across identity, chat, SIEM, and compliance. Bidirectional APIs and webhooks for everything else.

Identity and directory

  • Google Workspace
  • Microsoft 365
  • Okta
  • Microsoft Entra

Chat and email

  • Slack
  • Microsoft Teams
  • Google Chat
  • Outlook
  • Gmail

SIEM and SOAR

  • Splunk
  • Microsoft Sentinel
  • Google Chronicle
  • Sumo Logic

Compliance and trust

  • Vanta
  • Drata
  • Thoropass
  • Secureframe

FAQ

Questions, answered.

Don't see yours? Email contact@simuphish.com. We reply the same business day.

What does SimuPhish actually do?
SimuPhish trains the human firewall. Live fire phishing drills built on the lures landing in inboxes this week, two minute coaching the moment something goes wrong, real time breach intel, and a leadership view that turns posture into action.
How is this different from old school annual training?
Annual training builds compliance, not reflex. SimuPhish ships micro coaching inside Slack, Teams, and email, the apps people already use. Behavior changes in the workflow, not in a 60 minute course you click through once.
How fast can we go live?
Most teams launch their first drill the same afternoon they sign up. Full directory sync from Google, Microsoft, Slack, or Okta runs in under five minutes.
How many languages does SimuPhish support?
75+ languages out of the box, including Arabic, English, French, Spanish, German, Italian, Mandarin, Japanese, Korean, Hindi, Portuguese, Dutch, Hebrew, Turkish, Polish, and more. Content auto adapts to each employee's preferred language.
Where does SimuPhish host data?
Local data residency in 170+ countries. Primary regions in AWS us-east-1 and eu-west-1, with EU only, US only, UAE only, and India only residency available on Enterprise. Customer data is encrypted at rest with KMS managed AES-256 and in transit with TLS 1.3.
What certifications do you carry?
SOC 2 Type 2, ISO 27001, GDPR, and CCPA. Latest audit reports are available under NDA. Pen test on a 30 day notice. UAE Personal Data Protection Law compliance for our Dubai customers.
Will it work with our stack?
Native integrations with Google Workspace, Microsoft 365, Okta, Slack, Microsoft Teams, and Google Chat. SAML SSO and SCIM provisioning included on every plan.
How is pricing structured?
Custom, shaped to your team size, channel mix, and rollout pace. No per seat list, no surprises. Two minutes to a quote, one business day to a real reply.

Learning Center

Latest from the SimuPhish team.

See everything

The phishing defense your team will actually use.

Two minutes to a quote. One business day to a real reply. No drip sequences. No per seat list.

orBook a demoNo credit card. One business day reply.