HailBytes SAT
Self-hosted security awareness training in your AWS/Azure
5 followers
Self-hosted security awareness training in your AWS/Azure
5 followers
Phishing simulation and security awareness training that runs entirely in your own AWS or Azure account. 45+ industry-specific templates, AI-driven campaign generation via MCP, interactive quizzes, branded PDF completion certificates, OIDC SSO, and SOC 2/ISO 27001 audit evidence. Unlimited campaigns for unlimited users on a single marketplace subscription. $0.24/vCPU/hr vs. $30K+/year per-seat licensing from KnowBe4 or Proofpoint Security Awareness.
Hi Product Hunt!
Most security awareness platforms are SaaS - your employee directory,
click data, and quiz results sit on the vendor's infrastructure, and
you pay per seat whether or not anyone clicks.
We took the open-source GoPhish engine and rebuilt it as a production
platform: 45+ industry-specific phishing templates, recurring campaigns,
interactive landing-page quizzes, auto-generated branded certificates of
completion, OIDC SSO (Entra ID, Google), TOTP MFA, IMAP reply monitoring
for user-reported phishing, CISO dashboard with repeat-clicker watchlist
and resilience scoring, and full audit-log export for SOC 2 / ISO 27001
/ PCI DSS evidence. Plus MCP integration with 14 AI tools so security
teams can generate and launch campaigns from Claude or ChatGPT.
It runs entirely inside your AWS, Azure, or Azure Government account -
employee PII never leaves your VPC. One marketplace subscription covers
unlimited campaigns and unlimited users.
$0.24/vCPU/hour through AWS or Azure Marketplace - about $4,200/year
for a 2 vCPU instance with a 30-day free trial. Compare that to KnowBe4
or Proofpoint at $25-$50/seat/year (which is $25K-$50K/year for a 1,000
person org), neither of which runs in your account.
Would love feedback from security leaders, MSSPs, and anyone who's hit
the wall on per-seat phishing-training pricing.
RiteKit Company Logo API
@david_mchale The self-hosted angle is compelling—especially for orgs that treat security data as sensitive as anything else. The per-vCPU pricing structure is clever too, since it rewards efficiency rather than penalizing headcount growth. One thing worth highlighting: how are you thinking about the discovery/awareness piece for security teams who want to identify at-risk users across their org without manually building watchlists.
@osakasaul Cheers, good morning Saul,
To cut manual work for security teams, you can connect HailBytes SAT to Azure or other identity providers and import user directories. That pulls in department and job title data automatically. Reporting dashboards then surface risk by department or role, so you can view the org through those lens without building watchlists by hand.
There's also click-tagging on phishing simulations. You can see who clicks most often, who reports most often, and who's trending high-risk historically. From there, you build recurring reports against those segments and push them via webhook, email, or SMS. For our MSSP partners, that recurring report is the deliverable.
For users who fail simulations, remedial training runs on the platform itself. It's included in the per-vCPU pricing. You can also export SCORM 1.2 packages and host the content in Moodle or your LMS of choice.