How RiskSense works, in plain English.

RiskSense is a security awareness training platform that combines AI-generated phishing simulations, localised content by market, and 1-on-1 coaching from Glitch — our AI training companion — after every click. The free tier provisions a training-only account in about 60 seconds; the paid tier adds live phishing simulations delivered through your Microsoft 365 or Google Workspace tenant.

About 60 seconds. One OAuth click connects your tenant, our AI scans the org structure and inbox patterns, and the first campaign is ready to launch. No agents to install, no DNS records to update, no PowerShell scripts, no template selection.

Yes. Sign up at app.risksense.cloud/signup with a work email and you get the free training tier — bite-size coaching, team progress, and lessons people actually finish. No credit card. The free tier is training-only: it does not send simulated phishing to staff inboxes. Upgrade to the paid tier to add live phishing simulations.

KnowBe4 is the largest SAT vendor and offers a deep template library, a compliance courseware stack, and enterprise sales support. The trade-off is heavy setup (DNS, allow-listing, template selection), a dated UI, and per-seat economics that get expensive for MSPs running many small tenants. RiskSense has no template library — every phish is AI-generated from your tenant context — so there's nothing to curate or schedule. Setup is 60 seconds. The MSP commercials are built for the kind of partner who'd rather bill it than become a security trainer themselves.

usecure offers a four-module suite (uPhish, uLearn, uBreach, uPolicy) with a modern UI aimed at MSPs and SMBs. usecure still relies on a template library that needs curation, and the post-click coaching is generic. RiskSense doesn't have a template library — every phish is AI-generated and unique — and Glitch's coaching is calibrated to the specific click. Both products serve the MSP channel; RiskSense's edge is the depth of localisation and the absence of any content work for the MSP.

Phin is a modern, MSP-focused SAT platform with clean UX and automated campaigns, primarily aimed at US-market MSPs. RiskSense was built with localisation as a first-class feature — NZ Post for NZ staff, ATO for AU, HMRC for UK, USPS for US — and generates every phishing email uniquely from each tenant's context rather than drawing from a fixed library. If your client base is US-only, both work; if you serve multiple markets or want every phish to be one-of-one, RiskSense is the better fit.

Production markets: New Zealand, Australia, United Kingdom, United States. The AI brands engine generates content using real local banks, tax offices, suppliers and tools — Westpac and IRD in NZ, NAB and ATO in AU, Barclays and HMRC in UK, Chase and IRS in US. New markets work too because the engine generates from context rather than a fixed library; we add explicit support as customers come online (Singapore, Germany, Canada and others are common).

Almost certainly yes. Since the ransomware wave of 2020–2022, most major cyber insurance insurers have made security awareness training a condition of coverage. Without a documented ongoing programme, expect a higher premium, tighter sub-limits, or in some cases an outright decline. After a breach, absence of SAT also affects whether a claim is paid. There's a full breakdown at /compliance/cyber-insurance.

RiskSense produces the evidence pattern insurers ask for: per-employee training records, ongoing simulated phishing campaigns, post-click coaching completion, and aggregate trend data over a rolling 12-month window. Reports are renewal-ready and have been used by brokers and underwriters in NZ, AU, UK and US.

When someone clicks a phishing email, they're routed to a 1-on-1 conversation with Glitch — our AI training companion. Glitch walks them through what tipped off the specific email they clicked: the typo'd domain, the urgency framing, the gift-card hook, whatever it was. Takes about two minutes, in plain English, calibrated to what they missed. Not a generic 10-minute compliance video.

Yes — MSPs are a core audience. The partner program offers wholesale per-seat pricing, free customer trials, an assisted-selling pack (pitch deck, ROI numbers, objection handling), and full white-label delivery so your customer sees your brand, not ours. The typical MSP partner sees about $1,000/month of additional recurring revenue in under 90 days without adding headcount or building content.

For live phishing: Microsoft 365 or Google Workspace, connected via OAuth. No agents, no DNS changes, no SPF/DKIM tweaks. For the free training tier: just a work email — no tenant integration required, because the free tier doesn't send phish.

No. The free tier is training-only. You and your team get access to the coaching content, lessons, and team progress dashboard, but no simulated phishing emails go to inboxes. That's a deliberate boundary: live phishing is on the paid tier and requires a properly authenticated tenant connection.

OAuth tokens are encrypted at rest. Tenants are isolated per partner, with no cross-partner data access. All customer data sits in managed cloud infrastructure under our control. End users in the training portal authenticate via magic link; partner admins via password with optional TOTP MFA. We don't sell or share customer data.

Per-seat. Free training tier is no-credit-card; live phishing tier is per-seat per month with a sensible minimum. MSPs get wholesale per-seat pricing with predictable margin. Insurance brokers and affiliate programs are coming.

Founders who ran an MSP for 20+ years. Every SAT platform they tried expected the MSP to run a content team alongside it. They're technical, not copywriters, so they built the SAT they wished existed: 60-second setup, properly localised content, and phishing that runs itself. Built in Hamilton, New Zealand.