GhostEye

What do they actually do

GhostEye runs a web platform that simulates how attackers use people to breach a company. It continuously gathers public data (OSINT) about an organization, uses AI agents to generate realistic social‑engineering campaigns across email, SMS, and voice, and adapts those campaigns based on real target responses GhostEye platform.

The product goes beyond counting clicks. It models how a successful social interaction could lead to credential theft, privilege escalation, lateral movement, and data exfiltration, then outputs individual risk scores and targeted training/mitigations for security teams GhostEye platform.

Today, GhostEye is an early YC S25 startup offering demos and short, scoped human‑pentest assessments (they promoted a discounted 48‑hour assessment at launch). Materials suggest optional IdP integrations during onboarding to safely scope targets. There are no public customer logos listed yet YC profile, GhostEye company.

Who are their target customer(s)

• CISO / Head of Security at a regulated enterprise: They need evidence of whether people—not just systems—can be used to breach the business, but current testing is infrequent and doesn’t show downstream business impact.
• Security Operations / Red‑Team Lead: Running believable, multi‑channel social‑engineering tests that adapt to responses is time‑consuming and hard to scale, so exercises are often shallow or one‑off.
• Security Awareness / Training Manager: Click rates and course completions don’t reveal who is most likely to drive a real incident or which interventions reduce risk, making it hard to focus training.
• IT / Identity & Access Manager: Safely scoping targets requires reliable directory sync and org context; without strong IdP integrations, onboarding is manual and risky.
• Compliance / Risk Officer: Auditors and boards expect repeatable, documented evidence that human risk is managed, yet periodic phishing tests leave long gaps without visibility.

How would they acquire their first 10, 50, and 100 customers

• First 10: Founder‑led outreach to security leaders in regulated enterprises, offering a discounted 48‑hour assessment that demonstrates full breach chains and impact; perform hands‑on, IdP‑connected onboarding to ensure safe tests YC profile, GhostEye platform.
• First 50: Turn early results into short case studies and recorded demos; run targeted outbound to similar orgs and show at 1–2 industry events. Standardize legal/consent templates and runbooked onboarding so sales can close repeatable paid assessments GhostEye company.
• First 100: Hire a small enterprise sales team, add MSSP/consultancy partners to resell managed assessments, and productize IdP integrations, audit controls, and compliance reports to speed procurement; launch a self‑serve mid‑market tier for volume GhostEye platform.

What is the rough total addressable market

Top-down context:

Analysts size adjacent markets—human risk management (~$2.8B, 2024) and cybersecurity training (~$4.5B, 2023)—in the low‑to‑mid single‑digit billions, with phishing simulation a meaningful, growing slice Dataintelo, Grand View Research, Mordor Intelligence.

Bottom-up calculation:

If GhostEye initially targets ~3,000–5,000 regulated enterprises globally with mature security programs at an average ACV of $75k–$150k for continuous human‑breach simulation, the serviceable pool is roughly $225M–$750M; at 20–30% near‑term penetration, SOM is about $45M–$225M.

Assumptions:

• Targetable regulated enterprises with mature security programs ≈ 3,000–5,000 globally.
• Enterprise ACV for continuous human‑breach simulation ≈ $75k–$150k per year.
• Near‑term adoption constrained by legal/ethical approvals and integrations (20–30% penetration).

Who are some of their notable competitors

• KnowBe4: Large security‑awareness and phishing‑simulation vendor focused on training content, templates, and behavior metrics versus autonomous, OSINT‑driven breach modeling.
• Cofense: Emphasizes phishing detection, user reporting, and phishing‑simulation/response workflows tied to incident response rather than continuous, branching attacker emulation.
• Proofpoint (Security Awareness): Integrates phishing simulations with email security controls and threat intel, providing board‑level reports; focus is training + email defense, not autonomous human‑breach simulation.
• Cymulate: Breach‑and‑attack simulation platform for validating technical controls across the kill chain; includes phishing but centers on control efficacy, not adaptive social‑engineering campaigns.
• SafeBreach: Exposure validation with a large attack library to test controls, lateral movement, and impact; oriented to technical control validation rather than OSINT‑sourced human‑entry simulations.