Skip to main content

Navigation

Catalogue

Security Awareness Privacy & Compliance AI & LLM Security Real-World Incidents
Application Security Soon
API Security Soon
Cloud Security Soon

Features

Interactive 3D Training SCORM Cloud LMS Human Risk Score Risk-Based Automation All features

Simulations

Phishing Simulations Smishing Simulations
Vishing Simulations Soon
Partners About Us
Blog

Legal

Security & Compliance Privacy Policy Terms of Service
English Українська
Book a Demo
Interactive 3D

Interactive 3D Training

Most security training is a video with a quiz at the end. RansomLeak drops each person into an immersive 3D scene with a working desktop and phone, where they open the real phishing email, answer the suspicious call, and find out what their choices set off. It runs in any browser. No headset, no install.

An isometric 3D home office rendered in the browser, with a desk, monitors, and a phone, beside a panel showing the live ransomware scenario and its objectives

How an interactive 3D exercise works

Four steps that feel less like a course and more like a Tuesday at work.

01

Step into the scene

Each exercise opens in a 3D room, a home office or the dual room where you also see the attacker. The scenario plays out around you, narrated as it unfolds.

02

Use a real desktop and phone

Click the monitor to open a working email client, browser, terminal, or password manager. Pick up the phone to take the call or read the text. It behaves like the real thing.

03

Make the call yourself

Open the attachment or do not. Answer the call or hang up and verify. Type the command, approve or deny the prompt. You perform the action, you do not watch a recording of it.

04

Live the consequence

The simulation reacts: a fake login captures your credentials, a bad approval triggers the ransom screen, the right move contains the damage. A short knowledge check locks in the lesson.

A real computer, not buttons on a video

The attack happens where work happens, on a simulated desktop that behaves like the one in front of you.

The simulated Windows desktop on the 3D monitor inside the scene, a full desktop with app icons and a taskbar, the same kind of workspace the attack plays out on

A full working desktop

Outlook, a browser with hundreds of real-looking sites, a terminal, a file manager, a password manager, an HTTP inspector, even AI assistant and agent consoles. More than twenty apps, all live.

You do the real thing

Hover the real sender domain, read the real headers, run the real command, toggle the real setting. Every input is checked against what a careful person would actually do.

No autofill, no shortcuts

The fake login pages defeat password managers on purpose, so people practice spotting a lookalike instead of letting the browser fill it in for them.

And a real phone in your hand

Smishing, vishing, and MFA fatigue play out on the device people actually fall for them on.

A 3D phone in the scene showing an incoming call from an unknown number with a slide-to-answer control, the way a vishing call actually arrives

Calls, texts, and push prompts

A simulated phone with messages, calls, an authenticator, and a banking app, locked behind a PIN, so a vishing call or a fraudulent MFA push lands exactly as it would in real life.

Answer it, or do not

You pick up the unknown caller, read the text from the bank, approve or deny the login prompt. The same small decision the breach hinged on is the one you practice here.

One scene, two screens

The desktop and the phone are part of the same room, so a scam that starts with a call and finishes in your inbox is one continuous exercise, not two disconnected modules.

See the attack from both sides

Start inside the incident, then watch the attacker work the other end of it in real time.

The dual-room view: the employee office above and the attacker room below, where the threat actor works the other side of the same incident

The wall drops away

You begin as the employee. On the first turn the camera pulls back and the attacker’s room appears below yours, where they scan for your leaked key, craft the lure, and move on the same incident.

Understand the why, not just the what

Seeing both ends of an attack is what turns "do not click links" into a real instinct for how these attacks are actually built and run.

Built for the threats people face now

Over 100 exercises across phishing, ransomware, deepfakes, GDPR and the EU AI Act, and a full OWASP track for web, LLM, and agentic AI attacks, including AI agent goal hijacking. Browse the catalogue.

Every object in the room is part of the lesson

Open the email, pick up the router, plug in the USB you found, set up the backup drive. Every prop and every screen is interactive, and each one hides a habit worth practicing.

The Outlook email client on the 3D desktop with a phishing email open and a Report button in the toolbar
A phishing email in the inbox. Report it, or click the link and find out.
A fake bank login page open in the simulated browser, asking for an email address and password
A lookalike bank login in the browser, built to harvest the password you type.
The simulated phone messages app showing a smishing text with a fake parcel-delivery link
A smishing text with a fake delivery link, waiting in the messages app.
Close-up of the 3D router in the scene, its label sticker showing the admin password still set to the factory default of admin
The router still has its factory password on the sticker. Change it before someone else reads it.
A whiteboard in the 3D office with a password written on it in marker, in plain view
A password written on the whiteboard, in plain view of anyone who walks past.
3D headphones in the scene with a glowing blue light showing they are left discoverable to nearby devices
Headphones left discoverable, broadcasting to every device in range.
A laptop in the 3D scene showing a Windows lock screen with a PIN prompt
A second machine, locked behind a PIN. Walk away and it stays that way.
A USB flash drive labelled Confidential, Salary Data, the kind left in a lobby as bait
A USB drive labelled "Confidential" you find in the lobby. Plug it in, or do not.
An external SSD with a backup shield, connected to the PC to keep a copy of your files
An external SSD for backups. The line between a bad afternoon and a lost quarter.

Frequently Asked Questions

What is interactive 3D security awareness training?

It is security training delivered as an interactive 3D simulation rather than a video. Each exercise puts the learner in a rendered 3D scene with a working computer and phone, where they handle a real attack, like a phishing email or a vishing call, by taking the actual steps instead of watching someone else take them.

Hands-on practice sticks: the National Training Laboratories puts retention from learning by doing at up to 75%, versus roughly 5% for a lecture.

Do learners need a VR headset or an app to install?

No. The 3D runs in any modern web browser, on a laptop or desktop, with nothing to install and no headset. It uses standard WebGL, so it works on the machines people already have.

That also means it deploys like any other course, with no device rollout to manage.

How is it different from a video with a quiz?

In a video, you watch an actor click the wrong link. Here, you decide whether to click it, on a desktop that behaves like a real one, and the simulation reacts to what you chose.

You open the real attachment, hover the real sender domain, answer the real call, and approve or deny the real prompt. The muscle memory transfers to the actual moment it matters.

What topics and how many exercises are there?

Over 100 interactive exercises spanning phishing, smishing, vishing, business email compromise, ransomware, deepfakes, device and password security, GDPR and EU AI Act compliance, and the OWASP Top 10 for web, LLM, and agentic AI applications.

New exercises are added as the threat landscape moves, including AI-era attacks like prompt injection and AI agent goal hijacking. See the full catalogue.

What languages is it available in, and how is it delivered?

Exercises are available in five languages: English, Italian, Dutch, Ukrainian, and German.

Each exercise is a SCORM package, so it runs in any LMS via SCORM, or on the Cloud LMS with no integration work. Either way, completion and quiz scores report back to your records.

How long does an exercise take?

Most exercises run about 5 to 15 minutes. Each ends with a short knowledge check scored against a pass threshold.

That makes them short enough to assign as a monthly nudge and substantial enough to count as real training.

See RansomLeak in Action

Try the free exercises or book a demo to see analytics, SCORM export, SSO, and custom content in your environment.

Request Demo Try Free Exercises