AI-native security awareness

Run your phishing program from Claude.

PhishSpot ships a full MCP server and REST API — build campaigns, pull results, and manage contacts in natural language. Build-only by design: a human always presses launch.

  • ~60 MCP tools + a full REST API at /api/v1
  • Build-only safety model — the AI never sends
  • Signed webhooks push every event to your stack
  • Token-scoped & audit-logged
  • Built in the EU

Get API + MCP access

Built for automation

MCP server

Drive PhishSpot from Claude in natural language — build-only, a human presses launch.

REST API

Token-authenticated JSON API at /api/v1: campaigns, contacts, courses, domains and more.

Signed webhooks

HMAC-SHA256 with retries — a click becomes an alert in your SIEM in seconds.

platform.phishspot.com/integrations
Integrations, API and MCP in one place

Quick questions

Does the AI send emails to employees?

No. The MCP tools prepare a campaign up to the review step but never send. A human launches it from the interface.

Is access audit-logged?

Yes — tokens are scoped, and MCP operations are logged.

What does the REST API cover?

Essentially the whole admin app: campaigns, results, recipients, templates, contacts, courses, domains, autopilots and webhooks.

Automate your awareness program

Book a demo, or start free and wire up the API.