/ BLAST-RADIUS SIMULATOR · FREE · ~30 SECONDS

What does an attacker walk away with?

Every workspace tool has a worst-case day. Pick yours, pick a scenario, see what gets reached. Side-by-side with what the same scenario would cost on Koaich's architecture.

The simulator uses public information from each vendor's documentation and from disclosed breaches. Severity bands are conservative. Read the long-form blast-radius essay for the methodology and ten real-world breach case studies.

IN PLAIN ENGLISH

Imagine someone with bad intentions gets into your workspace tool — through a hack, a stolen password, an insider, or a court order. What did they walk away with? It depends entirely on the tool. Pick yours and a scenario on the left, and we'll show you what an attacker actually gets — alongside what they would have gotten if you'd been on Koaich's architecture instead.

PICK YOUR WORKSPACE TOOL

PICK A BREACH SCENARIO

SCENARIO

Database breach

Attackers gain read access to the vendor's primary content database. Historical pattern: stolen credentials, misconfigured cloud storage, compromised admin account, supply-chain compromise of a backup vendor.

Slack

TOTAL EXPOSURE

Every message, file, channel name, integration token, and account identifier in the affected workspace is cleartext to the attacker. Slack's encryption-at-rest uses Slack-held keys; the attacker has those at the application layer.

Koaich

METADATA ONLY

Attacker walks away with ciphertext blobs and operational metadata only — account IDs, message timestamps, vault membership, storage sizes, invite recipient emails. The previously-readable metadata (vault names + descriptions, vault invite payloads, vault contact-approval data) was migrated to ciphertext-only on 2026-05-17 and the cleartext columns dropped — so even the names of your vaults are unreadable in a full database dump. Content keys are generated on each user's device and never persisted server-side; decryption is mathematically infeasible without compromising individual users' devices.

SHAREABLE URLhttps://koaich.com/blast-radius/simulator/result/slack__database-breach

HOW TO READ THE SEVERITY

TOTAL EXPOSUREAttacker walks away with everything in scope — full content recovery.

PARTIALSome content exposed; mitigations limit reach.

METADATA ONLYStructural metadata only — timestamps, sizes, IDs. No content.

NONEScenario doesn't apply / no real exposure.

/ EMBED THIS SIMULATOR

Put the simulator on your blog.

Free for editorial use. Paste one iframe tag. Privacy-respecting; no tracking on your readers.

Get embed code →

Want the architecture that gives you metadata-only outcomes?

Get on the Koaich waitlist.

A NOTE ON THIS SIMULATOR'S OUTCOMES

The analysis and viewpoints on this page are based on Koaich's internal review of each vendor's publicly available documentation, marketing claims, transparency reports, and disclosed incidents at the time of writing. These viewpoints have not been independently audited. Vendor capabilities, terms, and architectures change. If a specific claim here is inaccurate or out of date, please write to hello@koaich.com and we'll review and correct it.

See /methodology for our research process and the full list of sources we cite per vendor. Legal disclaimer at /terms.