Latka logo

Top 25 Breach and Attack Simulation (BAS) Software SaaS Companies in May 2026

As of May 2026, there are 25 SaaS companies in Breach and Attack Simulation (BAS) Software. They have combined revenues of $294M and employ 1.9K people. They have raised $458.4M and serve 12.2K customers combined.

Breach and Attack Simulation (BAS) software is a cybersecurity tool designed to proactively assess and enhance an organization's security posture by simulating real-world cyberattacks. It automates the process of testing security measures, enabling organizations to identify vulnerabilities and validate the effectiveness of their defenses. Key use cases include continuous monitoring of security readiness, validating security controls, and complementing traditional penetration testing efforts. Typically, BAS solutions provide features such as automated attack simulations, detailed reporting on vulnerabilities, and guidance on remediation strategies. They cater to a variety of organizations focusing on cybersecurity, including IT departments, security operations teams, and compliance professionals. By facilitating routine testing, BAS software helps organizations prepare for potential breaches, thereby strengthening their overall cybersecurity framework.

Companies
25
Revenue
$294M
Funding
$458.4M
Employees
1.9K

Filters

Sorting: Highest -> Lowest

Filters
Revenue
All<$1M$1M-$5M$5M-$10M$10M-$100M$100M+
Funding (Locked)Growth (Locked)Team-Size (Locked)

Top Breach and Attack Simulation (BAS) Software Companies

Showing 10 of 5 companies ranked by annual revenue.

1
Hut Six Security

Newport, Wales, United Kingdom

Provider of a Software-as-a-Service comprehensive solution intended to protect organizations from cyber attacks. The company's platform train, test and track security awareness with adaptive and customized campaigns and deliver voiced and animated tutorials using up-to-date case studies, providing businesses actionable and real-time metrics based on their vulnerability through phishing simulation and assessments.

Revenue
$816.6K
Customers
-
Year founded
2016
Funding
-
Team size
6
Growth
70.07%
2
Click Armor®

Kanata, Ontario, Canada

Click Armor is the interactive security awareness platform that creates more secure employee behavior. It engages employees to reduce businesses reduce risks from phishing and social engineering threats, by using gamified simulations and challenges to engage employees and improve their attack resistance.

Revenue
$660K
Customers
-
Year founded
2018
Funding
-
Team size
6
Growth
-
3
CanIPhish

Eumundi, QLD, Australia

Headquartered in Queensland, Australia, CanIPhish was founded to create a better way to simulate phishing and deliver security awareness training to employees. Our motto is simple. Trained employees, secure businesses. Previously, legacy platforms have made the benefits of security awareness training, difficult, complicated and costly to achieve. Our self-service, easy-to-use platform is disrupting the market and is used by companies of all sizes across the world.

Revenue
$330K
Customers
-
Year founded
2020
Funding
-
Team size
3
Growth
-
4
Riverbank Security

San Francisco, California, United States

AI-native Red Teaming and Offensive Security

Revenue
$220K
Customers
-
Year founded
2025
Funding
-
Team size
2
Growth
-
5
PhishMan

Moscow, Russia

Developer of a phishing protection system and software intended to help companies to counter phishing through training. The company's software sends out emails with various traps, thus imitating fraudulent activity and assesses the way recipients react to the emails, as well as offers a customized training course to the employees if they reply to the emails, enabling clients to monitor user awareness about possible threats.

Revenue
$106.1K
Customers
-
Year founded
1999
Funding
-
Team size
4
Growth
-

Inclusion Criteria

- The product must automate the simulation of real-world cyberattacks. - It should provide detailed reports on vulnerabilities and security posture. - The software must facilitate ongoing monitoring and assessment of security controls. - It needs to support various attack scenarios to test different components of the security infrastructure. - Not just focused on compliance; must also improve proactive threat detection and response capabilities.