RansomLeak - 3D Security Awareness Training & Phishing Simulation

RansomLeak replaces passive video training with interactive 3D simulations that run in any browser, with no installation or headset. Employees work inside a fully simulated desktop (mail client, browser, terminal, password manager, and more than twenty applications) and a simulated phone (calls, texts, authenticator), handle realistic ransomware, BEC, and social engineering attacks, and learn by doing. Each 5-to-15-minute exercise ends with a scored knowledge check.

100+ hands-on exercises across 14 courses and 4 categories: security awareness, privacy and compliance (including a 16-exercise EU AI Act course), AI/LLM security, and real-world incidents. Available in 5 languages out of the box: English, German, Dutch, Italian, and Ukrainian, with additional locales on request and monthly content updates.

Short 2-to-3-minute, authorable drills complement the 3D curriculum across six formats: email phishing, smishing, vishing, AI deepfake (voice and video), chat-based social engineering (Teams and Slack lookalikes), and MFA fatigue. Every plan includes unlimited drill authoring.

Phishing simulations: direct mailbox injection via Microsoft 365 Graph API and Google Workspace (no allowlisting fights with secure email gateways), 10 sender persona pools, difficulty levels 1 to 5, and 8-stage funnel analytics from delivery through click, credential submission, OAuth grant, BEC reply, and user report. Outlook and Gmail report buttons, repeat-offender tracking, and automatic remediation training with deadlines and grace periods.

Smishing simulations: real SMS campaigns with business-hours delivery in each recipient's timezone, per-recipient tap and report tracking, and STOP/REPORT opt-out registries.

Vishing simulations (coming soon): voice-call phishing campaigns with callback-verification training.

Every person gets an explainable 0-100 risk score built from phishing susceptibility, remediation debt, and training hygiene, with team and organization rollups. A no-code rule builder turns scores into action: auto-enroll risky users in remediation paths, deliver just-in-time training after a failed simulation, and escalate to managers. Dry-run mode, blast-radius caps, per-person cooldowns, and a full audit log keep automation safe.

Learning paths and reports mapped to 13 frameworks: SOC 2, ISO 27001, ISO 27701, NIST CSF 2.0, GDPR, EU AI Act, CCPA/CPRA, HIPAA, HITRUST CSF, NIS2, PCI DSS, DORA, and CMMC. Audit-ready PDF and CSV evidence with timestamps and control references, scheduled report delivery, and a live Vanta integration that streams training status.

• Hosted Cloud LMS, or SCORM 1.2/2004 export tested with 50+ LMS (Moodle, Cornerstone, Workday, SAP SuccessFactors, Docebo, and more)
• SSO/SAML 2.0 (Entra ID, Okta, Google Workspace), SCIM 2.0 user provisioning, MFA
• Role-based access control with custom roles, team management, and manager dashboards scoped to direct reports
• Multi-tenant isolation, white-label custom domains and branding, IP allowlisting
• REST API with scoped tokens, HMAC-signed webhooks (11 event types), Slack and Microsoft Teams notifications, SIEM data export
• Gamification (points, badges, leaderboards, streaks) and verifiable PDF certificates

Fully managed SaaS on AWS. No installation required. Free tier available for evaluation; per-seat contracts for 12, 24, or 36 months.