Top 25 Breach and Attack Simulation (BAS) Software SaaS Companies in May 2026

Leeds, England, United Kingdom

Boxphish is a low-touch cyber security awareness training platform that arms organisations—and their people—with the tools and knowledge needed to reduce the risk of cyber attacks. This is achieved by combining real-world phishing simulations, quality training content and actionable analytics into a single platform.

Ciudad Real, Spain

Zepo is designed to run simulated phishing attacks to test the susceptibility of your employees to cyber attacks. By providing a safe and controlled environment for employees to practice detecting and responding to phishing attempts.

Greenville, South Carolina, United States

Hook Security is a psychological and behavioral science startup designed to help companies establish policies for email and provide on-demand fake social engineering cyber attacks on employees with micro-learning and training. Despite being a young company, Hook Security comes with experience, with founder, Adam Anderson's immense background in cybersecurity and technology. Adam's 15 years of entrepreneurial startup experience and his knowledge of Enterprise Cyber Defense gives him a window into what's wrong with communication between large and small companies. Hook Security started with the goal of helping vulnerable companies from being hooked by cyber predators. Our mission is to safeguard companies from social engineering threats in order to build an active line of defense with on-demand employee awareness training. #DontGetHooked

Lexington, Kentucky, United States

Provider of a social engineering testing software for companies. The company offers a web-based system for auditors and security consultants to conduct social engineering testing via spear-phishing.

Ramat Gan, Israel

AI .Attackers - faster, smarter, self-learners, and more relentless than ever. These adversaries are leveraging AI to automate reconnaissance, craft hyper-personalized attacks, perform real tasks, and exploit digital exposures at a scale and speed that traditional defenses can't match. To combat this new wave...

Huntsville, Alabama, United States

Advanced AI-driven CyberSecurity Awareness Education, Threat Emulation, and Human Security Analytics Platform. Phish Your Users Condition Your Users Stop Malware Better Psychology = Better Results Stopping phish clicks and driving sub 1% rates, requires an acute understanding of psychology and how it affects human behavior. PhishFirewall uses the science of learning and behavioral modification to empower your workforce to be more security aware and stop clicking!

Sao Paulo, Sao Paulo, Brazil

PhishX | Cybersecurity for People PhishX is a cybersecurity platform focused on people. PhishX conducts awareness campaigns automated, continuous and effectively through phishing simulations, passing knowledge via microlearning and online monitoring of results, reducing the risk of digital fraud. phishx.io @PhishX

Perth, Western Australia, Australia

Retrospect Labs is a company that specialises in cyber security exercises, delivered through a SaaS platform.

Ghent, Flemish Region, Belgium

OutKept offers phishing prevention for organisations. We execute the highest quality phishing simulation campaigns, supported by a community of ethical phishers, to build awareness, and maintain alertness. Via our platform ethical phishers help organisations who seek to protect themselves, in a safe and confidential way. Our phishing simulations benefit organisations in 3 ways: - Increase general awareness and knowledge of phishing - Train people to have the right reflexes when encountering phishing mails - Boosting alertness to phishing attempts continuously Phishing awareness takes time to build. Therefore we offer our simulation campaigns in an as-a-service formula: Low fees per user, and regular phishing simulation mails for protection all year round. Our phishing mails are ethically sourced: We do not use a fixed set of phishing mail templates, but leverage a community of ethical phishers who are rewarded through a bounty system, to ensure we stimulate the use of the most contemporary techniques and simulate the most dangerous attacks. Our platform acts as a wall and filter between organisations and ethical social engineers: we protect data and anonimity, while allowing for the highest quality simulations. The platform allows organisations to test and improve on awareness and phishing vulnerability without the risk of suffering any actual damages.