/ BLAST-RADIUS SIMULATOR · FREE · ~30 SECONDS

What does an attacker walk away with?

Every workspace tool has a worst-case day. Pick yours, pick a scenario, see what gets reached. Side-by-side with what the same scenario would cost on Koaich's architecture.

The simulator uses public information from each vendor's documentation and from disclosed breaches. Severity bands are conservative. Read the long-form blast-radius essay for the methodology and ten real-world breach case studies.

PICK YOUR WORKSPACE TOOL

PICK A BREACH SCENARIO

SCENARIO

Database breach

Attackers gain read access to the vendor's primary content database. Historical pattern: stolen credentials, misconfigured cloud storage, compromised admin account, supply-chain compromise of a backup vendor.

Slack

TOTAL EXPOSURE

Every message, file, channel name, integration token, and account identifier in the affected workspace is cleartext to the attacker. Slack's encryption-at-rest uses Slack-held keys; the attacker has those at the application layer.

Koaich

METADATA ONLY

Attacker walks away with ciphertext blobs and operational metadata — account IDs, message timestamps, vault membership, storage sizes. Content is encrypted under keys generated on each user's device; the database does not hold those keys. Decryption is mathematically infeasible without compromising individual users' devices.

SHAREABLE URLhttps://koaich.com/blast-radius/simulator/result/slack__database-breach

HOW TO READ THE SEVERITY

TOTAL EXPOSUREAttacker walks away with everything in scope — full content recovery.

PARTIALSome content exposed; mitigations limit reach.

METADATA ONLYStructural metadata only — timestamps, sizes, IDs. No content.

NONEScenario doesn't apply / no real exposure.

/ EMBED THIS SIMULATOR

Put the simulator on your blog.

Free for editorial use. Paste one iframe tag. Privacy-respecting; no tracking on your readers.

Get embed code →

Want the architecture that gives you metadata-only outcomes?

Get on the Koaich waitlist.