AI Phishing Simulation is full-stack, production-ready software for running AI-driven phishing simulations and security awareness training programmes. The backend is built with Python FastAPI, the frontend with React 18 and TypeScript, and the full stack runs on PostgreSQL 16 and Redis 7 behind an Nginx reverse proxy. A complete Docker Compose configuration covers all six services and a one-command setup gets the environment running. It is designed for developers and security teams who need a working codebase for corporate phishing simulation without building the infrastructure from scratch.
The AI layer uses Claude Opus via the Anthropic API across two core modules: a phishing email generator that produces personalized, per-target emails tailored to the recipient's name, department, job title, and company, with category selection (IT helpdesk, executive impersonation, SaaS credential harvesting, and more), configurable difficulty scoring, and explicit social engineering technique labeling; and a training advisor that analyzes each target's behavioral risk profile and recommends specific training modules for auto-enrollment. A RAG pipeline using all-MiniLM-L6-v2 embeddings retrieves similar template examples to provide retrieval-augmented context for generation. Behavioral risk scoring uses a weighted multi-factor model covering click rate, submission rate, report rate, and recency decay, supplemented by an IsolationForest anomaly detector for outlier identification.
The platform covers the full simulation workflow: a campaign wizard, a built-in email template library seeded with realistic templates across multiple attack categories, a landing page builder with credential-capture simulation, and four tracking event types — email open (tracking pixel), link click, credential submission, and user-reported phishing. All events stream to the dashboard in real time over WebSocket. Targets can be imported in bulk via CSV with up to 50,000 rows per upload using upsert logic. Employees who click are automatically enrolled in targeted training modules. Campaign and executive-level PDF reports are generated on demand using ReportLab. Three RBAC roles are included: super_admin, campaign_manager, and viewer. Async email dispatch and scheduled cleanup tasks run via Celery and Celery Beat with Redis as the queue backend. An Anthropic API key and a configured SMTP server are both required for full functionality.
Seed data included with the software — email templates, training modules, landing pages, and demo organizations — is synthetically generated. Synthetic data is used deliberately to ensure no real employee or organizational information is embedded in or distributed with the codebase, while providing realistic coverage across attack categories and difficulty levels from day one.
IMPORTANT NOTE: This software has been fully developed with all features implemented. However, it has not been tested in a live production environment. Buyers should expect to perform integration testing and may encounter minor bugs that require fixing. Basic technical knowledge and development skills are required. This software is intended strictly for authorized security awareness training within organizations where the buyer has explicit permission to conduct simulated phishing exercises. Buyers are solely responsible for ensuring their use complies with all applicable laws and regulations, including computer fraud, anti-spam, and data protection legislation in their jurisdiction. Misuse for unauthorized phishing is illegal.
All sales are final. Due to the digital nature of this product, no refunds will be issued under any circumstances.
LICENSE TERMS: Seller retains full ownership and control. Purchase grants a non-exclusive, non-transferable, perpetual license—AS IS, no support/updates, no refunds, no other obligations. Buyer may build and operate a materially new, closed-source product (including SaaS/paid service) for their own business/customers. Buyer may not open-source or disclose the application, nor resell, redistribute, rebrand, sublicense, or use the application (or any derivative) to create a competing or substantially similar product. License terms may be updated or changed at any time; continued use constitutes acceptance.
