Skip to main content

Navigation

Catalogue

Security Awareness Privacy & Compliance AI & LLM Security Real-World Incidents
Application Security Soon
API Security Soon
Cloud Security Soon

By Industry

Healthcare Financial Services Government Manufacturing Retail & E-commerce Education Legal Services SaaS & Technology Managed Service Providers Non-Profit

By Use Case

Employee Onboarding Annual Compliance Cyber Insurance Readiness Audit Evidence Prep Remote Workforce Contractor & Vendor Breach Response Rehearsal M&A Due Diligence LMS Migration Board-Level Reporting

Threat Library

Phishing Ransomware Deepfake Social Engineering Business Email Compromise AI Prompt Injection

Product

Features SCORM FAQ

Resources

Blog Glossary CISO Guide Compliance Mapping Free Exercises Product Data Sheet

Company

About Us Partnerships Vendor Comparisons Contact

Legal

Security & Compliance Privacy Policy Terms of Service
English Українська
Book a Demo

Security Awareness Training Your Team Completes

Interactive 3D simulations covering phishing, ransomware, AI threats, GDPR, and the EU AI Act. 100+ free exercises where employees practice under real attack pressure.

Try Exercise Library Explore Features
RansomLeak Human Risk Management platform interface showing interactive 3D phishing simulation, email security exercise, and threat detection dashboard

Exercise Library

Free interactive cybersecurity exercises to build your human firewall. Practice phishing, ransomware, vishing, and AI threat scenarios. No sign-up required. See all free exercises →

OWASP Top 10 for LLM & Agentic AI

AI & LLM Security Training Exercises

AI systems introduce new attack surfaces that traditional security training doesn't cover. Our exercises address risks from the OWASP Top 10 for LLM Applications and the OWASP Top 10 for Agentic Applications, covering prompt injection, data poisoning, AI-generated phishing, agent goal hijacking, and autonomous tool misuse.

OpenClaw Prompt Injection

Defend Clawdbot from prompt injection attacks.

  • Malicious instructions in documents
  • AI agent data exfiltration risks
Play Exercise

Prompt Injection Attack

Stop a hidden prompt from hijacking your AI assistant mid-task.

  • Detect hidden instructions in AI-processed documents
  • Trace how injected prompts override AI behavior
Play Exercise
Soon

AI Agent Goal Hijacking

Stop an autonomous AI agent redirected by a poisoned email.

  • Detect agent objective manipulation
  • Trace goal-hijacked agent behavior
Coming Soon
View all AI Security exercises
Privacy, GDPR, EU AI Act & OWASP

Data Privacy & Regulatory Compliance Training

Interactive exercises covering GDPR, the EU AI Act, the OWASP Top 10 Privacy Risks, and data protection fundamentals. Practice data subject rights, breach notification, AI risk classification, human oversight, consent management, and cross-border transfer rules through realistic regulatory scenarios.

Marketing Consent Management

Collect and manage marketing consent properly.

  • Implement compliant opt-in flows
  • Handle consent withdrawal requests
Play Exercise

Data Breach Response

Respond to a data breach within 72 hours.

  • Assess breach severity & scope
  • Meet mandatory notification deadlines
Play Exercise

Privacy by Design Review

Build privacy into products from the start.

  • Apply Privacy by Design principles
  • Implement data minimization strategies
Play Exercise
View all Privacy & Compliance exercises
Get More Exercises for Your LMS

Platform Features

Everything enterprise security teams need to run a Human Risk Management program. Interactive training, SCORM delivery, analytics, compliance reporting.

Enterprise-Grade Analytics Dashboard

Real-time visibility into your organization's security posture.

  • Track completion rates across departments
  • Identify risk areas & knowledge gaps
  • Executive-level reporting capabilities
Learn more
Enterprise-Grade Analytics Dashboard feature visualization

SCORM Integration

Upload to your LMS with full SCORM 1.2 & 2004 support.

  • Works with your existing LMS infrastructure
  • No custom development required
  • Zero IT overhead for deployment
Learn more
SCORM Integration feature visualization

Dedicated Multi-Tenant Architecture

Secure, isolated environments with complete customization.

  • Complete data segregation per tenant
  • White-label with your branding
  • Role-based access controls & compliance
Learn more
Dedicated Multi-Tenant Architecture feature visualization
Interactive 3D Simulations SCORM Compliance Real-Time Analytics Gamification Elements Custom Content Content Uploads Custom Learning Paths Campaigns Single Sign-On (SSO) Multi-Factor Authentication (MFA) Reminders Reports Tenant Whitelabeling Teams Role-Based Access Control SIEM Export Slack & Teams Calendar Integration IP Whitelisting

Why RansomLeak?

Human Risk Management training employees complete because they want to, not because HR makes them.

Learn by Doing

Master threat recognition through hands-on 3D simulations. Practice split-second security decisions in realistic scenarios covering phishing, ransomware, social engineering, and more.

Learn more

Actually Engaging

Forget compliance checkbox videos. Our gamified 3D simulations turn security awareness into an experience employees actually want to complete.

Learn more

Comprehensive Topics

Phishing, ransomware, social engineering, AI security, GDPR compliance, incident response, and dozens more. Cover the full threat landscape with training from beginner to expert.

Learn more

Made by Industry Veterans

Created by the team behind Kontra Application Security Training. Real-world security expertise distilled into training that actually changes behavior.

Learn more
Featured guide

From the field notes

Practical guides on phishing, AI security, and awareness training. Written by the team behind the exercises.

Read all posts
security awareness training pricing

Security Awareness Training Pricing: 2026 Buyer Guide

What does security awareness training actually cost? Compare per-user pricing, hidden fees, and tier structures across KnowBe4, Hoxhunt, SoSafe, and RansomLeak.

Read the guide
best security awareness training

Best Security Awareness Training Platforms for 2026 (Ranked)

10 security awareness training platforms ranked for 2026. Compare by segment, content format, AI threat coverage, pricing, phishing sim, and SCORM fit.

Read the guide
ChatGPT

ChatGPT Security Risks for Enterprise Teams (2026)

The eight real ChatGPT security risks for enterprises in 2026, from data leakage and prompt injection to shadow AI sprawl and hallucinated code, with mitigations for each.

Read the guide

What Is Human Risk Management?

Human Risk Management (HRM) measures and reduces the cyber risk that comes from employee behavior. It replaces one-off compliance videos with hands-on simulations, behavioral analytics, and role-specific coaching. Verizon's 2024 Data Breach Investigations Report found that 68% of breaches involve a human element.

RansomLeak is a browser-based HRM platform. Interactive 3D simulations cover phishing, ransomware, social engineering, vishing, smishing, business email compromise, deepfake whaling, AI prompt injection, GDPR, and the EU AI Act. Training ships as SCORM 1.2 / 2004 packages for any LMS, or runs on the RansomLeak cloud with SSO, analytics, and campaign management.

Dmytro Koziatynskyi and Maksym Khamrovskyi founded RansomLeak in 2025 in Tallinn, Estonia. The platform has 100+ free exercises with no sign-up and produces compliance reports for SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, the EU AI Act, and NIS2.

Frequently Asked Questions

Everything you need to know about deploying enterprise security awareness training

  • How does RansomLeak integrate with our existing Learning Management System?

    RansomLeak supports SCORM 1.2 and SCORM 2004, tested with 50+ LMS platforms including Moodle, SAP SuccessFactors, Cornerstone, Workday, Docebo, Canvas, Blackboard, and 360Learning. Each exercise exports as a SCORM package in one click.

    Your LMS handles progress tracking, completion, and scores. Exercises run inside your LMS with no external calls, which handles data residency. Offline packaging is available for air-gapped networks.

  • What security and compliance standards does RansomLeak follow?

    AES-256 at rest, TLS 1.3 in transit. Keys rotate through AWS KMS.

    We align with GDPR, CCPA, NIST, NIS2, and DORA. CSA STAR Level 1 documented. SOC 2 Type II and ISO 27001 inherited through AWS. Outside firms audit the platform yearly.

  • Can we customize training content to align with our organizational policies?

    Pick from scenario packs for healthcare, finance, retail, and government. Set up per-department curricula for engineering, HR, and executive teams. For unique threat profiles, our content team builds custom exercises around your attack surface and operations.

    You can also upload your own materials directly: PDFs, presentations, videos, images, and third-party SCORM packages all live alongside RansomLeak exercises in a single content library.

  • What analytics and reporting capabilities are available for administrators?

    A real-time analytics dashboard shows completion rates by department, team, or individual. Knowledge assessment scores track comprehension across topics like phishing identification and data handling.

    All reports are audit-ready and formatted for SOC 2, ISO 27001, and HIPAA compliance. Data exports are available in PDF, CSV, and Excel. Scheduled automated reports can be delivered weekly or monthly.

  • How scalable is the platform for organizations with thousands of employees?

    Runs on AWS with auto-scaling for 50 to 50,000+ employees. Multi-tenant setup keeps each org's data isolated. Import users by CSV, sync through SCIM, or auto-enroll through the API.

  • What level of support and onboarding assistance is provided?

    Every enterprise client gets a dedicated success manager who runs the rollout end to end. Support is 24/7 with response times set by your SLA tier. Most orgs are live within days.

  • How frequently is training content updated to address emerging threats?

    New training content ships monthly, with additional updates for significant threat developments. Recent additions cover AI-powered phishing, deepfake social engineering, QR code phishing (quishing), and business email compromise.

    A content review board of active security researchers validates every exercise before release. Existing exercises are updated to reflect the latest tactics documented in frameworks like MITRE ATT&CK.

Still have questions? Our team is here to help.

Chat With Us