Built to protect.
Designed to disrupt.

Nimble like a startup. Proven like a giant.

We’re the minds behind PhishTACO, a platform that improves your organization’s resilience against sophisticated phishing attacks. PhishTACO is FedRAMP Moderate Authorized—and that’s one of the highest security standards there is.

ZibaSec in the news

ZibaSec's PhishTACO Platform achieves FedRAMP Moderate Authorization

PR Newswire

How ZibaSec Leverages GitHub's Advanced Security

GitHub, Inc

ZibaSec Joins APWG, Leveraging Global NGO's Unique Data Corpora for Research and Development

PR Newswire

Secure and compliant.
FedRAMP authorized.

PhishTACO is designed to ensure compliance with federal security regulations. We’re FedRAMP Moderate Authorized, that means we meet one of the highest standards in cloud computing cyber security.

The Federal Risk and Authorization Management Program (FedRAMP) assesses cloud service providers to ensure they are secure. Those who pass the assessment are then approved for use by government agencies.

Getting authorized takes at least six months, and can take well over a year. It requires completing a training, developing a System Security Plan, undergoing a full security assessment, and, even after authorization, continuous monitoring.

No! PhishTACO works for all kinds of organizations, from SMBs to enterprises in the public and private sector. FedRAMP just adds an extra layer of security assurance.

Our hackers don’t steal your data.
They protect it.


Scalable. Holistic. Honestly priced. We built PhishTACO to give organizations a better way to keep their data safe and secure.

—Design and send sophisticated emails in minutes
—Unparalleled reporting capabilities
—Easy-to-use interfaces and intuitive design
—One dashboard for all your divisions
—FUlly automated campaigns and reporting
take me to phishtaco

Security awareness training content

Educate your workforce about the latest phishing techniques so they can identify and flag emails, not fall for them.

—Open source content hosted on Github
—Free to everyone, not just our customers
—SCORM compliant
take me to github
Our Clients

The Department of Justice trusts us to keep them safe.
You can, too.

From the FBI to the ATF, PhishTACO helps keep every agency in the Department of Justice safe from phishers.

Office of the Attorney General
U.S. Marshals Service
Bureau of Prisons
Civil Rights Division
National Institute of Justice

Be the first to know.

We’re hard at work on additional ways to secure your organization. Sign up for email updates and we’ll keep you posted on our latest product releases.

stay up to date

SMS phishing simulation platform
Coming Fall 2021

We will provide a very similar phishing simulation experience to our current email offering, but for text messages (SMS). A customer admin can configure a message with one or more links and schedule a time to send it to some or all of their employees. An example SMS might be: “Your Amazon package has been delayed, please reschedule delivery here: https://somebadurl.”

Phishing defense email plugins Free for personal use

We are working on the release of a phishing defense tool: an email plugin for Outlook and Google. It would be free for personal use. If you see an email you think is suspicious, or you just want to double-check, you’ll click on a button within your email that says, “Scan this email for phishing.” Our backend then checks it against our proprietary machine learning (AI) backend, which extracts over a dozen features and derives its conclusion from a sophisticated machine learning model built with a large data set of phishing emails and other known indicators, including images with brand impersonation. The more emails get reported, the more accurate everyone's defense becomes.

Click here to join the waiting list