PhisGuard
AI-powered phishing simulation campaigns for companies · realistic scenarios, live tracking, automated awareness training.
PhisGuard generates realistic phishing campaigns automatically · Claude drafts emails based on the company name, context, and current news, the Gophish (Go) engine delivers them, the Fastify backend tracks clicks and credential entry, and pushes the victim into a 5-minute targeted micro-training on click. NIS2 compliance and employee awareness in one loop.
ListenGeneric phishing tests get spotted in the first week. Built an AI phishing-simulation tool. Personalised tests fool the team for real, and the NIS2 paperwork writes itself in the background.
PhisGuard pairs Claude (for context-aware campaign authoring) with Gophish (for delivery) and a Fastify backend (for tracking + automated micro-training). The studio shipped the AI authoring layer, the click + credential capture pipeline, and the NIS2-shaped CISO report.
We needed phishing tests that actually fool people, plus the NIS2 paperwork that auditors love. PhisGuard does both, the AI-tailored emails actually trick the team, they learn from getting caught, and the security report we hand to the auditor writes itself in the background. We didn't have to rewrite a single line.
What's on screen
Frame breakdown
- 01User surface
The whole experience the user sees
This frame shows the live product: ai-powered phishing simulation campaigns for companies · realistic scenarios, live tracking, automated awareness training. Every component is ours · scope, design, code, deploy.
- 02Stack behind the screen
What's powering it: TypeScript, Fastify, PostgreSQL
6 stack components run behind this frame · TypeScript, Fastify, PostgreSQL drive the visible UI; the rest sit in the data layer. All studio-owned.
- 03What we shipped
AI-generated campaigns · a different scenario per employee, grounded in company context
Tailored campaigns · real metric for the company's current maturity
- 04Status
Private deploy · under NDA.
Per the client's request the URL stays private · the build, architecture, and lessons can be shared in a scoping call.
How it shipped
Timeline- 01 · BRIEF
Beat the KnowBe4 'everyone gets the same' problem.
Per-employee scenarios scoped: company name, current news, role-aware vocabulary. Every campaign is unique to the recipient · no two employees see the same lure.
- 02 · ARCHITECTURE
Stack decisions before any code.
Decision doc captured the data flow, TypeScript, Fastify, PostgreSQL, Anthropic role split, and the failure modes we'd handle in v1 vs defer. Cross-service boundaries (where AI ends and the web app begins) were drawn here so neither side leaked into the other later.
- 02 · BUILD
Claude → Gophish → Fastify capture loop.
Claude drafts personalised emails grounded on company context, Gophish delivers + serves the landing pages, Fastify catches clicks and credentials, and pushes the offender into a 5-minute targeted training within the hour.
- 04 · POLISH
Performance, accessibility, and observability.
PSI / a11y / coverage budgets enforced as launch gates. Logging + metrics wired before cut-over · the team can answer 'is it working?' from a dashboard, not a Slack thread. Threat-model checklist signed off before traffic hits the box.
- 03 · SHIP
Live on a customer org · NIS2 export ready.
First org rolled out · campaign cadence quarterly, automated micro-learning on every click, CISO export shaped to NIS2 + ISO 27001 evidence requirements.
What shipped
04- 01AI authoring
Per-employee phishing scenarios
Claude drafts the lure based on company context + role + current news · 'department-wide same email' is gone.
- 02Capture
Gophish + Fastify tracking pipeline
Click, hover, credential entry, and report-as-phish all logged · per-recipient, timestamped, exportable.
- 03Micro-training
5-min targeted lesson on click
The training fires while the failure is still fresh · response rate beats emailed PDFs by an order of magnitude.
- 04NIS2
CISO export shaped to the directive
One-click report mapping the campaign data to NIS2 evidence + ISO 27001 controls · audit-ready, no spreadsheet bridging.
From the video
Frame by frame
01FrameCompliance gate · domains + scope agreement
Before any campaign fires, every target email must sit inside a verified domain, every campaign URL must resolve to an approved host, and an unrevoked PDF scope agreement must be active. Hard guardrails, not 'don't worry'.
02FrameCloned login · sandboxed preview
Operator previews the SSO-look-alike landing page in sandbox mode · 'forms cannot submit from here' so the test page itself can never accidentally capture a real credential during preview.
03FrameCampaign telemetry · sent / opened / clicked / submitted / reported
Live-from-Gophish row refreshes every 15s · sent (8/8), opened (1), clicked (1), submitted (1), reported (0). One PDF export per row carries the same five columns + timestamps for the auditor.
04FrameMailHog · 8 deliveries captured for forensics
Local MailHog catches every outgoing test email · the operator can replay the exact bytes that hit the user, no 'we think we sent that'. Forensics are reproducible end-to-end.
THE PROBLEM
- −Classic KnowBe4 campaigns are the same for everyone · easy to spot
- −NIS2 requires recurring awareness training · not maintainable manually
- −Training is only valuable right after a fail · emailed PDFs go unread
- −No objective metric showing the team actually learns
WHAT THE CLIENT GOT
- Tailored campaigns · real metric for the company's current maturity
- Human-in-the-loop learning · 5-min training at the moment of failure
- NIS2-compliance documentation · CISO audit-ready
- Trajectory · quarter-over-quarter measurable drop in click-through
WHAT WE DELIVERED
- +AI-generated campaigns · a different scenario per employee, grounded in company context
- +Gophish-based engine · stable Go engine for delivery, landing pages, credential capture
- +Real-time tracking · who clicked, who entered credentials, who caught it
- +Automated micro-learning · whoever clicks gets a 5-minute training within the hour
- +NIS2-ready report · for CISO, HR, regulators (MNB / supervisory)
STACK
- TypeScript
- Fastify
- PostgreSQL
- Anthropic
- Go
- Gophish
RELATED READING
- AI solutions · Websites, web apps & online shops · Cybersecurity · Custom software · everything elseQ3 2026 roundup: what shifted, what we shipped, what brokeThree months in. SZEP 2.0 live, NAV v3 cutover, AI Act enforcement, OWASP LLM Top 10 v2. Hard numbers, one strong opinion on the consulting tier.
- AI solutions · Cybersecurity · Custom software · everything elseH1 2026 in review: what changed for EU software teamsFour shifts defined the first half of 2026 for EU software teams. Here's what changed, what it means, and what to do about each one.
- CybersecurityWhat a Real Penetration Test Delivers in 2026Most teams buy a penetration test without knowing what a good one produces. Here's what should be in scope, what the deliverable looks like, and the red flags that mean you bought an automated scan with a nicer cover page.
- Custom software · everything else · Websites, web apps & online shops · CybersecurityBuilding a SaaS in Hungary · 2026 regulatory + tax checklistThe 12-item Hungarian SaaS launch checklist for 2026 - company form, NAV registration, GDPR, payment processors, NIS2 readiness.