Pistachio offers fully automated cybersecurity tools that help individuals and organizations stay safe in the digital world. We believe cybersecurity works best when people and technology work hand in hand. With Presence, our insider threat detection tool, and Practice, our cybersecurity training program, Pistachio helps organizations stay one step ahead without disrupting workflows. Both products can be used independently or together and are guided by the core principles that define Pistachio: realistic, seamless, and adaptable. Together, they provide smarter protection that fits naturally into everyday work, without extra effort or complexity.

For IT admins, Pistachio is fully automated and fully personalized. Unlike traditional tools that require constant configuration and maintenance, Pistachio takes care of everything for you. By integrating with Microsoft SSO, any Pistachio product can be set up in under ten minutes. Once activated, it runs on its own. Training, alerts, and reports are automatically handled, giving you full visibility without adding to your workload.

For end users, Pistachio respects both your time and your privacy. If you’re licensed for either Pistachio product, it is designed to keep you safer when working in the digital world. If you’re licensed for Practice, all your security training content is sent directly to your inbox. Simply read the scenario-based questions, select an answer, and see if you were right. If you fall for a simulation, there is no need to worry; it is a great way to learn. We show you the clues you missed to help you spot them next time. If you’re licensed for Presence, our insider threat detection tool, know that we won’t report on your normal activity, inspect your devices, or track productivity. Your daily work remains private. Presence only flags potentially harmful behavior that could indicate a real security issue. That way, if your account is ever compromised by a malicious actor, we can alert your IT team to keep you safe without invading anyone’s privacy

Pistachio offers two products with different but complementary purposes. Practice delivers tailored cybersecurity training built around each employee’s unique needs and behaviors. Presence, on the other hand, provides insider threat detection that alerts on potentially harmful behavior that could indicate a real security issue in your organization. Together, they form a solid foundation that strengthens your security posture and helps manage human cybersecurity risk across your organization

The name comes from Pistachio Disguisey, the protagonist in the movie The Master of Disguise. Since Practice, our cybersecurity training product, sends “disguised” attacks to people, and Presence, our insider threat detection tool, uncovers what’s hidden, we thought the name was fitting.

Pistachio is a cybersecurity company based in Oslo, Norway with offices in London and Valencia. We have over 60 employees, some of which you can read more about on our blog. We are also growing! If you are interested in joining us, check out our careers page.

Yes! In fact, the only way to log into Pistachio is via Microsoft SSO.

Pistachio only works with Microsoft Entra ID. However, our plan is to add support for Google in the future.

Anyone who needs admin privileges in Pistachio should be added to the “pistachio-admin” group.

To license users for Practice, create a security group in Microsoft Entra ID with “pistachio-sat” in the name (not case sensitive). Every user in this group will automatically receive a license for security awareness training.

To license users for Presence, create a security group with “pistachio-itd” in the name. Users added to this group will receive a Pistachio Presence license and be included in our analysis for potential insider threats in your organization.

For both the pistachio-sat and pistachio-itd groups, we recommend using a dynamic setup. This will automate onboarding and offboarding, keeping your user management efficient and up to date.

Presence is an AI-driven insider threat detection tool. It connects to your cloud environment in minutes and uses AI to truly understand what is going on. Instead of alerting based on simple rules, Presence takes a range of factors into account to form a total assessment of a person’s behavior before deciding if they're a threat or not.

That means no more wasted time handling false positives or adjusting settings, and no more missing the real threats that fall outside the scope of your current configurations.

No. Presence is entirely based on cloud audit logs, meaning it connects to your organization's cloud environments to analyze behaviors. That means it is also easy to set up. You just need to grant permissions and turn it on.

If there’s a potential insider threat in your organization, you’ll see an alert appear inside of the Pistachio Platform. Because alerts are rare, as we only compile them for genuine threats, we also send an email to an admin in your organization for every new alert. That way, even if alerts appear infrequently in the platform, nothing is ever missed.

If we surface a potential insider threat, our goal is to give you a clear starting point for investigating next steps. You’ll get an overview of the behaviors we identified as suspicious, along with a downloadable CSV file containing all the audit log events analyzed for that user. That way, you can confirm our findings by reviewing the original source, whether that’s Microsoft or another system.

In order for Presence to work, you must have a Microsoft Entra tenant that manages your users’ identities. However, Presence monitors far more than just Microsoft actions. We have integrations with other SaaS solutions, including HubSpot, Gong, and GitHub, and we are always adding more.

Presence takes almost no effort to manage and works with your existing team. We only alert you when something truly matters, and make investigations fast and straightforward.

Practice is fully automated cybersecurity training that is designed to meet the unique needs and behaviors of each employee, ensuring they receive the knowledge and skills they need to stay protected from cyber threats.

For IT admins, Pistachio is fully automated and fully personalized. All you have to do is turn the product on, and your employees will start receiving our training content automatically, which includes tailored simulations and relatable scenarios. You don’t have to pick out which training to send, you don’t have to group your users, you don’t have to remember to follow up on people. Pistachio handles everything for you.

For end users, Pistachio respects your time. We know you have a job to do, and that is why we send everything directly to the app of your choice. Just read the scenario-based questions, click one of the answers and find out if you were right. It’s that easy! And when it comes to our simulations, don’t worry if you fall for one. We want you to! Falling for a simulation is a great way to learn. We will show you what clues you missed, and that’s it.

Your company has chosen Pistachio for their cybersecurity training, and these emails are part of our training program. We're delivering valuable insights directly to your inbox to make learning convenient and non-disruptive.

By delivering training content through emails, we ensure that you can engage with the material conveniently from any device. This approach fosters consistent learning and empowers you to build strong cybersecurity habits.

You can expect to receive between one and two training emails each month. This consistent delivery ensures a steady flow of cybersecurity insights and training, allowing you to gradually reinforce your understanding. However, the number of emails will change over time. If you are completing your training and not falling for any of our attack simulations, you’ll start to hear from us less often. After all, we know you have a job to do.

Absolutely not. The emails you're receiving from Pistachio are legitimate and purposeful. They are part of our cybersecurity training designed to educate and empower you in the realm of online security. If you have doubts, check the link. If it leads to our website, you can be sure it is safe.

When you receive the training emails, it's important to read the scenario and choose one of the three answer options provided. After selecting an answer, make sure to read the additional advice on the following page. This advice offers tips on how to better respond to similar scenarios in the future. By clicking one of the options, you help us track your progress and ensure you're getting the most out of the material.

Don't worry, our platform is designed to provide a safe environment for learning. If you happen to click on a simulated phishing email, it's a valuable learning opportunity. Our training will guide you on how to recognize phishing cues, and you'll gain practical experience to avoid such situations in real life.

We encourage questions! If you have queries about any cybersecurity topic covered in our training, simply reach out to us via our contact page. Our team is here to provide clear explanations and guidance.

Pistachio Loop is your personalized overview of your cybersecurity journey with us so far. Every six months, you’ll receive an email with your new Loop, a visual recap of how your instincts are improving, from reporting a suspicious email to answering a scenario correctly.

Cybersecurity isn't something you check off a list; it’s a habit you build loop after loop. Threats evolve, and phishing scams don’t just show up once. That’s why our training reinforces key topics in new ways, helping you stay aware and make thoughtful security choices. Over time, safe habits will become second nature.

Want to know more? We’ve got a blog post with all the details about Loop.

Pistachio charges a fixed price per user. If you sign up online, you will be charged monthly for the number of users you have synced in the platform. There are options for setting a maximum number of licenses allowed, so you can protect against accidentally adding more users than you intended to.

If you’re interested in a one-year contract, we can offer tailored pricing that suits organizations of all sizes. Get an custom estimate by sending us a message.

For both Pistachio products, you’ll get the full experience during the trial. The free trial begins as soon as you connect your Microsoft Entra ID to Pistachio. You can add as many, or as few, users as you like, and the product is identical to the paid version once the trial ends.

Tips for adding users during your trial:

- Presence: Add your entire organization. End users won’t know they’re part of a trial.

- Practice: Start with a smaller pilot group and let them know they’re participating (users will receive training content from Pistachio during the trial). You can expand to your whole organization later, but keep in mind that anyone in the synced Entra group could receive training content from Pistachio.

Ready to get started? Just follow the steps that match your situation:

If you already have a contract with Pistachio and received an access code from our sales reps, simply log into the platform, go to the settings page and enter the code to activate your licenses for that product.

If you are new to Pistachio, you'll need to visit our website and sign up using your Microsoft SSO. Go to the settings page and enter your payment details to initiate the subscription. Once payment is confirmed, you’ll see your subscription as “activated”, and you can start enjoying all the benefits of Pistachio.

If you encounter any issues during the activation process, please reach out to our customer support team for assistance: contact@pistachioapp.com.

Yes, support is included. At Pistachio, we are committed to providing comprehensive support to our clients meaning you’ll have a dedicated support team ready to assist you every step of the way.

Please contact us at finance@pistachioapp.com.

All global administrators in your Microsoft Entra ID tenant will have admin permissions in Pistachio. In addition, any user added to a group in Entra ID that contains “pistachio-admin” in the name (not case sensitive) will also have admin permissions. You can read more in detail about these permissions here.

Pistachio is designed to “just work.” To make that possible, we need certain permissions so our products can run automatically, without any maintenance or configuration on your end. These permissions serve a few important purposes.

For both products, we need permission to read data from your Entra ID in order to automatically onboard new employees, remove old employees, etc.

For Practice, we need certain permissions to ensure we have relevant data that we can use to tailor our simulations. In addition, some of the permissions are needed in order to allow us to deliver the training content to your employees.

For Presence, we need to be able to access your Entra tenant’s activity data. This allows us to see what is going on, like which files are being accessed or emails being sent, to determine whether a user is a potential insider threat.

After the trial ends, if you would like us to delete the data about your organization, feel free to contact us at privacy@pistachioapp.com and we will comply with your request.