Test, train & engage!

Lucy Powered by ThriveDX provides comprehensive tailored security awareness training to tackle your weakest line of defense – human error. With a combination of our powerful phishing platform and professional services, we provide a unique and effective security solution to keep your organization safe.

Test Employees With Real-World Scenarios

Simulate the full cyber threat landscape using customizable, easy-to-edit templates for any type of phishing attack. Our predefined, multilingual attack simulations offer a safe learning environment and real-world experience for testing whether your employees are fully familiar with the dangers of the internet.

  • Spear phishing simulations
  • SMS & portable media attacks
  • File attacks (PDF, Java, Macro, etc.
  • Website cloner
  • …and many more

Train Employees With Tailored Interactive Content

Hundreds of interactive, web-based training modules help you elevate your company’s security awareness culture. Our continuous adaptive training model takes employees through various security topics relevant to your industry and delivers customized content based on employee progress and performance.

Monitor Success With Real-Time Reporting

Our real-time reporting dashboard and automatic monthly reports allow you to measure employee progress, while maintaining full control and visibility of the program. You gain insights that are easy to understand, communicate to stakeholders, and take action on.

How It Works

Effective training starts where technical protection ends.

Generic training is ineffective as every company is subject to different tech stacks, policies, and regulations.

Lucy’s custom-tailored training and phishing solutions are built to solve your specific needs.

Assess Baseline

Uncover your organization’s weakest points with baseline testings that evaluate your vulnerabilities.

Recommended Attacks

Get custom recommended attacks and awareness campaigns based on the results of our baseline testings.

Real-World Simulations

Execute a variety of realistic phishing attacks to maintain resilience across your entire organization.

Personalized Training

Optimize every employee’s learning experience with ongoing educational content personalized to fit their needs.

Custom Reports

Our real-time dashboards provide powerful insights so stakeholders can gain transparency and act quickly.

Our Services

Managed Awareness Program

Video Translations

Pen Testing

Content Customization and Whitelabling

Spear Phishing/Vishing

On-Prem Deployment

Video Customizations
and Whitelabling


Additional Services

more genetic lucy features

  • Reminders
  • Response Detection
  • Full Mail Communication Client
  • Scheduler Randomization
  • Performance Tools
  • Multilingual Admin Interface
  • Certificate (SSL)
  • Role-Based Access Controls
  • Multi-Layered User Groups
  • Multi-Client Compatible
  • Campaign Templates
  • Setup Wizard With Risk-Based
  • Campaign Checks
  • Approval Workflows


Reminder templates can be used to automatically resend messages to users who have not clicked on an attack link or a training course after a custom period of time.

Response Detection

The automatic response detection makes it possible to define and analyze automatic e-mail responses (e.g., out of office) as well as mail delivery errors (e.g., user unknown) within the campaign.

Full mail communication client

A built-in messaging platform allows the LUCY admin to communicate interactively with the recipients inside or outside the LUCY campaigns. All e-mails are archived and can be evaluated.

Scheduler Randomization

Raising employee awareness at random is the key factor for effective and sustainable awareness within the organization. Randomly sending many concurrent campaigns is one of the best means of training employees.

Performance tools

LUCY smart routines adapt the server installation to the given resources. Applications Server, DBMS Sizing, Memory and CPU usages are calculated during installation or during operations. You can scale a single, cloud-based LUCY installation for 400,000+ users.

Multilingual admin interface

The LUCY admin interface is available in different languages and can be translated into other languages on request.

Certificate (SSL)

Allows the automatic creation of official and trusted certificates for the admin, backend as well as for the campaigns. LUCY will automatically use the domain configured in the system to generate the certificate. If you decide to use SSL for the campaign, you can generate a custom certificate or a CSR (Certificate Signing Request). You can also import official trusted certificates.

Role-based access controls

LUCY offers a role-based access control (RBAC) that restricts system access to authorized users only. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles through which to acquire the necessary computer permissions to perform particular LUCY functions.

Multi-layered user groups

Quickly upload users in bulk via a CSV, LDAP, or text file. Create different groups, organized by department, division, title, etc. Update users in a running campaign. Build dynamic user groups based on the phishing campaign results.

Multi-client compatible

“Clients” can refer to different companies, departments, or groups that have an associated campaign in LUCY. These clients can be used, for example, to allow campaign-specific access or to create customer-specific analysis.

Campaign templates

In case you want to reuse similar campaigns, you can save a complete campaign with attack templates and eLearning content as a campaign template. This feature allows you to evade having to repeat similar configurations over and over again.

Setup wizard with risk-based guidance

LUCY offers several Setup Tools. Create a complete campaign in less than 3 minutes using the predefined campaign templates or let the Setup Wizard guide you through the configuration. Optionally, a risk-based setup mode is available, which makes specific suggestions for the selection of attack and awareness templates based on the company’s size and industry.

Campaign checks

Preliminary checks before starting a LUCY campaign: E-Mail Delivery Check, MX Record Check, Schedule Check, Spam Check, and others.

Approval workflows

A given campaign can be submitted to a supervisor in LUCY for approval.


The DNS API allows the administrator to create any domain on LUCY within seconds. Since attackers very often use similar spellings of a customer’s domain (called Typosquatting), this risk can also be represented in LUCY. If the customer’s original domain is, for example, “onlinebanking.com”, the DNS wizard could be used to reserve domains such as “0nlinebanking.com”, “onl1nebanking.com” or “onlinebanking.services” and assign it to a campaign later. LUCY then automatically creates the corresponding DNS entries (MX, SPF, Whois Protection etc) for the IP where LUCY is installed. Of course, the admin can also use his provider’s own domains in LUCY.

Get Started today with Lucy

data protection

Address: Europe
Lucy Security AG
Hammergut 6 | 6330 Cham | Switzerland

Address: North America
Lucy Security USA
13785 Research Blvd
Suite 125
Austin, TX 78750



All Rights Reserved 2022

cybersecurity_award_2021_Winner_Gold-1-1 logo4 2021-CSGEA-Gold-PNG-2-e1618372246427 logo6 logo7 Cyber-Essentials-Badge-Medium-72dpi-2 d cv-award image_2021_06_09T14_55_37_887Znew Lucy-Security-Award-Logo-sizee-update