Skip to content
Vigil

Human risk & compliance platform · built for the AI attack era

Train your team for AI-era attacks. Prove it to your insurer.

Vigil simulates AI-era attacks, scores human risk, trains your team automatically, and produces the evidence your insurer, auditor, and regulator accept, from one platform.

Start 30-day free trialBook a demo

No credit card · Cancel anytime · Setup in 30 minutes

● Live deepfake
This is a deepfake. Your team won't know unless we train them.
  • Australian data sovereignty & regional hosting
  • Setup in 30 minutes
  • No IT team required
  • SOC 2 in progress
  • Cancel anytime

The problem

Annual training doesn't work. And proving you're protected is just as broken.

Your team watches a generic video once a year, ticks a box, and forgets it by Monday, while attackers use AI to clone voices and generate deepfakes. Then, at renewal or audit, you scramble to assemble evidence that the program even ran. A lapsed certificate can void a claim.

0%

of breaches start with a phishing email

$0k

average cost of a successful phishing attack for an Australian SMB (AUD)

0 min

between receiving a phishing email and an employee clicking

Start with what you must comply with

From requirement to running program, automatically.

Upload a policy, pick a framework, or hand us your insurer's questionnaire. Vigil reads it, builds the training and attack simulations that satisfy it, and wires every result back as evidence, mapped to the requirement that asked for it.

Pick a framework or requirement, see the program Vigil builds:

Training generated

  • Security awareness, annual
  • Code-of-conduct attestation
  • Role-based: finance & admins

Campaigns generated

  • Email phishing, quarterly
  • Multi-channel coordinated
  • BEC / payment-fraud lure

Evidence produced

  • Per-employee register
  • Mapped to CC1.1 / CC1.4 / CC2.2
  • Continuous control timeline
1Ingest the requirement
2Generate training & campaigns
3Prove it with mapped evidence

How Vigil works

Define it once. Vigil runs the loop.

Four things. One platform. One loop, now set up automatically by the engine.

The Simulate → Score → Train → Report loop, running.
  • 00

    DefineNew

    The engine turns your requirement into the program.

  • 01

    Simulate

    Eight attack types, email to live deepfake video calls.

  • 02

    Score

    Every employee gets a live human risk score.

  • 03

    Train

    Targeted training assigned automatically on failure.

  • 04

    Report

    One-click compliance evidence your insurer accepts.

Simulate

Eight attack types, now coordinated into real attack scenarios.

AI writes every message from scratch using real context about your company. All eight attack types are unchanged, and now they work together.

Email phishing

AI-written emails built from real company context.

SMS phishing

Urgent texts that mimic banks, couriers and internal IT.

Voice calls

Realistic scripts, from ATO scams to fake IT resets.

QR code attacks

Tracked quishing codes in emails and posters.

Voice-cloned executive calls

Your CEO's voice cloned from a 60-second sample.

Deepfake video email

A personalised talking-head video of your CEO.

Live deepfake video callsNew

Real-time cloned face and voice on a video call.

Custom attack briefsGrowth

Describe any scenario; Vigil builds the simulation.

Coordinated and reconnaissance-driven simulation

Multi-channel coordinated campaignsBeta

A phishing email, then a vishing call that references it, then an SMS, one staged scenario, the way real social engineering actually unfolds. Produces the cross-channel scores underwriters now weight.

OSINT & social-engineering simulationsBeta

Lures built from public reconnaissance, the same intel a real attacker gathers, paired with an exposure report showing your own attack surface.

Score

Know who your most vulnerable people are.

Every employee gets a live human risk score from simulation results, training completion and reporting behaviour. No more guessing.

Live risk score

Continuously updated per employee.

Risk tier classification

Low, medium, high or critical, automatically.

Department benchmarking

Compare risk across teams and offices.

Trend over time

Clear month-over-month trend lines.

High-risk segmentation & remediation log

Auto-built high-risk cohort with a tracked remediation pathway.

Industry peer benchmarking

See how you compare with anonymised peers.

Train

Training that follows the attack.

Automatic assignment

Targeted training assigned the moment someone fails.

Attack-specific lessons

Built for the exact attack type, not a 2019 video.

AI personalised videos

Reference the simulation, the role and the company.

Quiz & completion tracking

Knowledge checks and full completion records.

Just-in-time nudges

In-the-moment coaching via email, Slack or Teams.

Role & board training tracks

Intensive tracks for finance, executives and the board.

Regulatory content library

Continuously updated per-jurisdiction tracks.

Dashboards

See it the way you need to see it.

One set of human-risk data, five purpose-built views, with drill-down from organisation to individual, live and trended modes, and live read-only share links.

Executive & board view

One governance-grade page, also serving the NIS2 / DORA management-oversight expectation.

38
Org risk score
+12%
QoQ improvement
96%
Coverage
Green
Claim-readiness

Prove it. Evidence & Compliance

One click. The proof your insurer, auditor and regulator accept.

The one-click compliance report, now a full evidence layer.

One-click PDF

Branded compliance report in seconds.

Framework mapping

Every record mapped to the frameworks you need.

Always current

Reports pull live data; regenerate any time.

Claim-readiness monitor

Continuous check that the attested program is genuinely running.

Carrier-questionnaire autofill

The human-risk section, answered from live data.

Per-employee register & certificates

Date-stamped, attributable completion records.

Auditor portal

Time-boxed, read-only self-serve access for auditors.

Evidence pack export

Broker-ready PDF + CSV register + trended dashboard.

Essential EightISO 27001SOC 2Australian Privacy ActNIST CSFCIS Control 14NIST 800-171 / CMMCPCI DSSHIPAANIS2DORAGDPRMAS TRMCSA Cyber EssentialsAPRA CPS 234

Built for cyber insurance

Walk into your renewal with proof, and a lower premium.

A documented, trended human-risk program is a discount lever at quote, the gate to full social-engineering cover, and your defence against a claim-time dispute. One successful phishing attack costs an average of $150,000. Vigil pays for itself with a single prevented incident.

Estimate my premium impact

Premium-impact estimator

10%

estimated reduction on the human-risk underwriting line

Who it's for

One platform. Every team that has to prove it.

Self-serve

Small business

Pass your insurer's questionnaire without an IT team.

Compliance-driven

Mid-market & Enterprise

Evidence human risk across SOC 2, ISO 27001, NIS2 and more.

Multi-tenant

MSPs & partners

Run human risk for every client from one console.

Channel

Insurance brokers

Get every client renewal-ready and win the placement.

Accounting firmsLaw practicesFinancial advisersHealthcareNewFinancial servicesNew

Operating across Australia, Singapore, the USA and EMEA, with regional data hosting.

We used to run one phishing test a year from the big vendor. Half the staff failed it, we watched a video, and we moved on. With Vigil, our team gets a deepfake call from someone who sounds exactly like our MD, and they actually learn.
Practice Manager. Sydney accounting firm · Vigil customer

Prove your people are ready, before the renewal, the audit, or the attacker.

30-day free trial. No credit card.

Start 30-day free trialBook a demo

or email us at hello@vigilsecurity.io