Download Link Safety Checker

Download Link Safety Checker

Heuristics for malware-hosting URLs and risky file extensions.

Privacy: analysis runs entirely in your browser.

Paste the download URL

Analyze →

Signals found

—

Paste text above and click Analyze.

Homograph Domain Detector

Homograph Domain Detector

Spot Cyrillic / Greek look-alike characters used in phishing URLs.

Privacy: analysis runs entirely in your browser.

Paste a URL or domain name

Analyze →

Signals found

—

Paste text above and click Analyze.

Cyber Budget Planner

Cyber Budget Planner

What should a business realistically spend on cybersecurity per employee?

Privacy: answers stay in your browser. We do not record your responses.

1. Are you in a regulated industry (finance / health / gov)?

Yes No / Not sure

Regulated = higher base spend.

2. Do you store / process customer PII?

Yes No / Not sure

Adds compliance + breach-cost exposure.

3. Do you have 50+ employees?

Yes No / Not sure

Bigger surface; economies of scale kick in differently.

4. Do you already have cyber insurance?

Yes No / Not sure

Insurance often mandates controls, increasing spend.

5. Is there a dedicated IT or security hire?

Yes No / Not sure

Reduces overhead of managed services.

6. Do you use Google Workspace / Microsoft 365?

Yes No / Not sure

Gets you MFA, EDR-lite, email-security bundled.

7. Is most work remote / BYOD?

Yes No / Not sure

Remote = more endpoint spend.

8. Are backups already automated?

Yes No / Not sure

Crosses off the biggest line item.

9. Are awareness trainings already running?

Yes No / Not sure

Small cost, big risk reduction.

10. Is there a written incident response plan?

Yes No / Not sure

Free to write; expensive to lack.

Score

—

Answer the questions above to see your score.

Seller Risk Checker

Seller Risk Checker

eBay / Etsy / Craigslist seller-account risk score.

Privacy: answers stay in your browser. We do not record your responses.

1. Is the seller account more than 6 months old?

Yes No / Not sure

New accounts account for most fraud.

2. Does the seller have 10+ positive reviews?

Yes No / Not sure

Pattern of successful sales reduces risk.

3. Are photos clearly original (not stock / copied)?

Yes No / Not sure

Reverse-image search suspect listings.

4. Is the price within market range?

Yes No / Not sure

Far-below-market is bait.

5. Does the seller accept platform escrow (eBay, PayPal G&S)?

Yes No / Not sure

Escrow = chargeback protection.

6. Do they refuse Zelle / Venmo / crypto as payment?

Yes No / Not sure

Bad actors push those; good sellers accept cards.

7. Is communication via the platform's messaging?

Yes No / Not sure

Off-platform = outside review.

8. Do they respond reasonably quickly (<24h)?

Yes No / Not sure

Ghosting is a warning sign.

9. Can you meet in person for local sale?

Yes No / Not sure

In-person = fewer shipping scams.

10. Are return/refund terms clearly posted?

Yes No / Not sure

Scam sellers avoid committing to returns.

Score

—

Answer the questions above to see your score.

Employee Phishing Trainer

Employee Phishing Trainer

Pre-built phishing test scenarios with scoring rubric.

Privacy: answers stay in your browser. We do not record your responses.

1. Have you run any phishing simulation in the last 12 months?

Yes No / Not sure

Baseline measurement required.

2. Do repeat-clickers get targeted follow-up training?

Yes No / Not sure

Data-driven training outperforms mass-mailed lessons.

3. Are results shared anonymously with execs?

Yes No / Not sure

Keeps accountability without public shaming.

4. Does training include the BEC / wire-fraud scenario?

Yes No / Not sure

The highest-loss scenario in practice.

5. Do you test with QR-code phishing scenarios?

Yes No / Not sure

Quishing is now mainstream.

6. Is there clear reporting workflow for suspected phish?

Yes No / Not sure

Users need a simple "report" button.

7. Are test emails realistic (logos, tone, urgency)?

Yes No / Not sure

Easy fakes train for easy phish only.

8. Does training cover credential-harvesting + credential-stuffing risk?

Yes No / Not sure

Teaches the follow-on attack.

9. Are exec-team members included in sim tests?

Yes No / Not sure

Whale-phishing targets them first.

10. Is there a post-incident lesson-learned session?

Yes No / Not sure

Turn near-misses into training.

Score

—

Answer the questions above to see your score.

AI Privacy Checker

AI Privacy Checker

GDPR/CCPA risks for any LLM use case.

Privacy: answers stay in your browser. We do not record your responses.

1. Do you have a lawful basis for processing personal data via AI?

Yes No / Not sure

GDPR Article 6 requirement.

2. Are individuals informed AI is being used?

Yes No / Not sure

Transparency requirement.

3. Are profiling / automated-decision rights respected (GDPR 22)?

Yes No / Not sure

High-stakes decisions need human review.

4. Do you have a data subject access request (DSAR) plan that covers AI?

Yes No / Not sure

Users can ask what AI knows about them.

5. Is AI included in your privacy policy?

Yes No / Not sure

People need to know.

6. Is there a data retention policy for AI inputs?

Yes No / Not sure

GDPR storage limitation.

7. Have you done a DPIA if the use is high-risk?

Yes No / Not sure

Data Protection Impact Assessment — required for high-risk uses.

8. Can individuals opt-out of AI processing where required?

Yes No / Not sure

CCPA / some-state laws.

9. Are third-country transfers covered by SCCs or equivalent?

Yes No / Not sure

If vendor is non-EU.

10. Do you train models on user data only with explicit consent?

Yes No / Not sure

Opt-in, never opt-out for training.

Score

—

Answer the questions above to see your score.

AI Vendor Risk Checker

AI Vendor Risk Checker

Vendor-AI questionnaire (data residency, training, retention).

Privacy: answers stay in your browser. We do not record your responses.

1. Do they NOT train foundation models on your data?

Yes No / Not sure

Enterprise OpenAI, Anthropic, and Azure OpenAI all have this.

2. Is retention configurable (30 days or less)?

Yes No / Not sure

Shorter retention = smaller breach blast radius.

3. SOC 2 Type II report available?

Yes No / Not sure

Baseline for enterprise use.

4. DPA available and signable?

Yes No / Not sure

Required for EU / HIPAA / CCPA contexts.

5. Single-tenant isolation option for regulated data?

Yes No / Not sure

Needed in finance / health / gov.

6. Clear data-residency options (US / EU)?

Yes No / Not sure

Jurisdictional compliance.

7. Audit logs exportable for your SIEM?

Yes No / Not sure

Detect anomalies / privilege escalation.

8. Customer-managed encryption keys (CMK) support?

Yes No / Not sure

For the most-regulated verticals.

9. Breach notification SLA documented?

Yes No / Not sure

< 72 hours is modern standard.

10. Transparency around sub-processors?

Yes No / Not sure

Your data may touch their vendors too.

11. Cyber insurance of their own?

Yes No / Not sure

Signals the financial responsibility.

12. Can you export all data on exit?

Yes No / Not sure

Avoid vendor lock-in.

Score

—

Answer the questions above to see your score.

AI Usage Risk Scanner

AI Usage Risk Scanner

Risk score for any AI workflow against common pitfalls.

Privacy: answers stay in your browser. We do not record your responses.

1. Does the AI workflow touch customer PII?

Yes No / Not sure

If yes, special care needed.

2. Is all PII masked before LLM calls?

Yes No / Not sure

Replace emails / SSNs with placeholders.

3. Is the LLM vendor contractually blocked from training on your data?

Yes No / Not sure

Check the DPA / enterprise terms.

4. Are AI decisions auditable (inputs logged)?

Yes No / Not sure

Regulators + lawyers will ask.

5. Is there a human in the loop for customer-facing output?

Yes No / Not sure

Never ship hallucinations unreviewed.

6. Are prompt-injection mitigations in place (schema validation)?

Yes No / Not sure

Untrusted content = untrusted input.

7. Is AI spend capped at the account level?

Yes No / Not sure

Circuit breaker against runaway bills.

8. Are model outputs validated against policy before action?

Yes No / Not sure

Guardrails before side-effects.

9. Is data residency (EU / US) explicit in the vendor contract?

Yes No / Not sure

Jurisdiction matters for compliance.

10. Is there a kill switch to disable AI features instantly?

Yes No / Not sure

You want this the day a bug or incident appears.

Score

—

Answer the questions above to see your score.

Shadow AI Detector

Shadow AI Detector

Find where unauthorized AI is in use across your org.

Privacy: answers stay in your browser. We do not record your responses.

1. Do you have a written list of approved AI tools?

Yes No / Not sure

You can't police what you haven't defined.

2. Can employees access AI tools via company SSO?

Yes No / Not sure

SSO visibility = shadow-AI detection.

3. Are browser AI extensions restricted via MDM?

Yes No / Not sure

Browser extensions are the #1 shadow AI vector.

4. Is there a policy on pasting customer data into AI?

Yes No / Not sure

Most data leaks happen via paste.

5. Are employees trained on AI acceptable use?

Yes No / Not sure

Training reduces incidents 50%+.

6. Do AI integrations use least-privilege scoped keys?

Yes No / Not sure

An AI agent shouldn't have DBA access.

7. Is spend on AI platforms reviewed monthly?

Yes No / Not sure

Unexpected AI bills = shadow usage.

8. Is there a logging-or-block policy for unapproved AI URLs?

Yes No / Not sure

Network-level signals reveal shadow AI fastest.

9. Have you surveyed employees about AI tool usage recently?

Yes No / Not sure

People know what they use — ask them.

10. Are AI outputs reviewed before customer-facing publication?

Yes No / Not sure

Prevents hallucinated claims from shipping.

Score

—

Answer the questions above to see your score.

IoT Device Risk Checker

IoT Device Risk Checker

10-question audit for doorbells, plugs, locks, cameras.

Privacy: answers stay in your browser. We do not record your responses.

1. Did you change default admin passwords on each device?

Yes No / Not sure

#1 IoT botnet recruitment path.

2. Is each device running current firmware?

Yes No / Not sure

Old firmware = known CVEs.

3. Is the IoT network segmented from your laptops?

Yes No / Not sure

One compromised doorbell should not see your banking tabs.

4. Is MFA enabled on the associated cloud account?

Yes No / Not sure

Most brands support it — turn it on.

5. Is the brand still receiving firmware updates?

Yes No / Not sure

Abandoned no-name brands are a ticking clock.

6. Are app permissions reviewed (mic, camera, location)?

Yes No / Not sure

Many IoT apps grab permissions they do not need.

7. Do you disable features you don't use (two-way audio, voice)?

Yes No / Not sure

Reduce attack surface to what's actually needed.

8. Is the device model not on any known-vulnerable list (Shodan, CISA)?

Yes No / Not sure

Look up the model number before buying.

9. Do you physically unplug / power-down the device when away?

Yes No / Not sure

For cameras especially — simple off switch.

10. Can you export or delete cloud-stored recordings?

Yes No / Not sure

Data portability matters if the brand dies.

Score

—

Answer the questions above to see your score.