Run the drill before the drill runs you
Realistic, consequence-driven tabletop exercises for security teams. Make decisions under pressure, see real outcomes, and debrief with data — before an actual incident tests you for real.
Free tier available · No credit card required · Works offline
SOC reports unusual lateral movement across 12 endpoints. Logs show credentials for a service account being used from an unknown IP. The CFO's workstation may be compromised.
As Incident Commander, what is your immediate priority?
Scenarios covering 14 incident types
From setup to debrief in under an hour
A structured workflow that mirrors real incident response — without any real risk.
Build your organisation profile
Map your systems, roles, and dependencies once. The Blast Radius Explorer shows how a single system failure cascades. AI uses your profile to generate scenarios that reflect your actual technology stack and business structure — not generic templates.
Run the exercise
Choose a scenario from the library or generate one with AI. Run solo or host a live session with a 6-character code. As injects arrive, the Incident Commander makes decisions with real consequences — optimal, suboptimal, poor, or catastrophic. Viewers suggest actions in real time.
Debrief with data
Review your decision path, see consequence scoring across multiple dimensions, capture what went well and what didn't. AI generates an executive summary and identifies gaps in People, Process, Technology, and Vendors. Export a PDF report ready to share with leadership.
Everything your team needs to train well
Branching scenarios
Decisions change the scenario path. Every inject choice — optimal to catastrophic — shapes what happens next. No two exercises play the same way.
Real-time multiplayer
Host a live exercise in seconds with a 6-character code. Incident Commanders make decisions; Viewers suggest actions. WebSocket sync keeps the whole team in lockstep.
AI-powered training
AI Mode lets teams describe free-form actions and receives dynamically generated consequences. AI also creates custom scenarios tailored to your exact org profile and generates debrief insights.
Blast Radius Explorer
Map your systems, mark criticality, define dependency chains. Select any system and simulate failure to instantly see cascading downstream impact — before a real outage does it for you.
Debrief analytics
Multi-dimensional scoring across decision quality, response speed, confidence levels, and action management. Captures gaps in People, Process, Technology, and Vendors — not just a pass/fail.
Flexible deployment
Browser-based with no install required. Or connect your own storage: SQLite, AWS DynamoDB, Azure Cosmos DB, Google Firestore. SAML SSO for enterprise auth. Runs fully offline if needed.
Trusted by security teams
The Blast Radius Explorer showed us a dependency chain we'd never documented. We fixed three critical single points of failure before our next audit.
Head of Security Engineering
[PLACEHOLDER — replace with real customer quote]
We ran a ransomware tabletop with our exec team. The branching consequences made it feel real in a way that a slide deck never could.
CISO
[PLACEHOLDER — replace with real customer quote]
Our compliance team uses it every quarter. The PDF export goes straight into our audit evidence folder with zero editing.
Head of GRC
[PLACEHOLDER — replace with real customer quote]
Privacy-first
Runs entirely in your browser. Your scenario data never leaves your device unless you choose cloud storage.
Self-hostable
Connect your own storage: SQLite, DynamoDB, Cosmos DB, or Firestore. Full data sovereignty.
SAML SSO
Enterprise authentication with any SAML 2.0 identity provider — Okta, Azure AD, Google Workspace.
Encrypted credentials
Per-user credential encryption using HKDF-SHA256 and AES-256-GCM for maximum security.
Ready to train your team?
Start with a free solo drill — no account, no credit card, no install. When you're ready to run live team exercises, upgrade to Team or Enterprise.