Three places we differ. Three things to say.
Signal
Hoxhunt's signal is simulated phishing, plus DLP/EDR/IAM retrofitted into the Behavior Risk Console. Moxso's Human Risk Intelligence — HRI — runs three native signals: what your people actually do, what threats are targeting your industry right now, and who each person is in the organisation.
Persona
Their adaptation runs per-user: the next simulation adjusts to the last response. Ours tracks how risk is changing across the whole organisation.
Compliance
Their compliance story rests on SAT delivery. Ours produces NIS2 Article 21(2)(f) evidence at role level.
Impact
A signal layer built on top of simulations narrows the picture. HRI sees risk whether or not a simulation is running.
Impact
Per-user adaptation tunes individual simulations. It does not show which roles are driving organisational risk up or down.
Impact
NIS2 needs proof that controls are working — not just that training happened. Engagement metrics document programme delivery, not risk reduction.
Ask
If simulations stopped tomorrow, what would the risk intelligence engine still see?
Say
Show your Security Leader the HRI dashboard that tracks how risk is changing, not just how people responded to simulations.
Ask
What does the auditor get when they ask for evidence of risk reduction, not engagement?