PvP social engineering training where employees attack each other with real techniques — phishing, vishing, pretexting — coached by an AI Handler. Real attacks. Safe payloads. Permanent learning.
Your Handler assigns a target — a real coworker. You get their profile, your cover story, and your mission objective. Everything you need to plan the hit.
Pick your tools — spoofed emails, fake login pages, vishing calls, SMS lures, QR codes. Your Handler coaches every draft and call script in real time.
When your target clicks the bait, a safe reveal page shows exactly what happened — the technique used, the red flags they missed, and how to spot it next time.
Attackers earn XP for successful ops. Defenders earn XP for catching phishing attempts. Achievements unlock. The leaderboard updates. Nobody is just a victim.
Every tool a real attacker would use — rebuilt for training. Every payload is inert. Every action is logged. Every lesson sticks.
Your personal intelligence operative. The Handler briefs you, suggests attack vectors, critiques your drafts, and debrefs after every op. Three persona styles to match your learning preference.
Craft and send phishing emails with AI assistance. Spoof sender addresses. Send SMS lures. The same delivery mechanisms threat actors use — minus the criminal intent.
Deploy fake login pages with brand-accurate theming. Track who clicks, who submits, and how long they hesitate. Safe payloads capture data for training only.
Clone a voice from a short audio clip. Synthesize speech. Launch AI-powered phone calls with realistic conversation. The vishing toolkit is terrifyingly real.
Generate QR codes that point to tracking links or fake login pages. Embed invisible beacons in documents. Know exactly when your payload lands.
Defenders can report suspicious links and earn XP for correct catches. The gotcha reveal page teaches exactly what red flags were missed. Both sides learn.
Every operative needs a handler. Ours is an AI with the persona of a seasoned intelligence officer — cold, precise, and obsessively focused on making your attack land. It coaches you through every phase of the mission, from initial briefing to post-op debrief.
Welcome to the operation. Your target is Sarah K., Finance. She reuses passwords and IT flagged a breach on her personal email six months ago. You have the Spoofed Email and Credential Harvester tools at your disposal. How do you want to play this?
I'm thinking IT password reset. Spoof the helpdesk domain and add urgency.
Good angle. Reference Concur specifically — she uses it daily. "Account locked in 2 hours" creates the right pressure. Draft something and I'll tear it apart.
Not every team is ready for full PvP on day one. Wolfmask gives you a way to test the waters before opening the floodgates.
Your security lead picks a handful of employees and runs a quick phishing exercise — manually. No logins, no onboarding, no friction. Employees only need an email address.
When they're ready, one click transitions them into full platform accounts. Their scores carry over.
The real thing. Players create accounts, get an AI Handler, and run full social engineering missions against their own coworkers. Real tools, real targets, safe payloads.
Org admins see everything. Assign missions, manage curriculum, track risk scores, and pull compliance-ready analytics.
Pick the lesson, pick the attacker, pick the target. Set constraints on channels and tools. Monitor progress in real time.
23 lessons across three tiers. Edit technique education, handler guidance, and mission objectives. Add custom scenarios.
Per-user risk scores updated after every mission. See who's clicking everything and who's catching everything.
Individual email invites, bulk CSV import, or shareable codes with usage limits and expiry. Control who gets in.
Security awareness training fails because it's passive. Wolfmask creates visceral, memorable experiences — the moment you click a "Gotcha" link from someone you sit next to, you learn something you never forget. And when you're the attacker, you understand the mechanics of manipulation at a cellular level.
Wolfmask is in active alpha. We're accepting a limited number of organizations for beta testing — get early access, shape the product, and start training your team before everyone else catches on.