Caldera vs Dorothy: 2026 Comparison
Caldera is a free threat simulation tool. Dorothy is a free threat simulation tool. Compare features, ratings, integrations, and community reviews side by side to find the best threat simulation fit for your security stack.
CST VerdictBased on our analysis of available product data, here is our conclusion:
Security teams building an adversary emulation program on a shoestring budget should start with Caldera; it's the only free framework that lets you automate attack chains against your own infrastructure without vendor lock-in. MITRE's backing means the technique mappings to ATT&CK are authoritative, and you get a real agent-based architecture that scales across hundreds of endpoints. Skip this if you need a polished UI or managed red team operators; Caldera requires security staff who are comfortable with YAML configurations and Python customization to extract value.
Okta security teams with detection gaps in their SIEM or XDR will find Dorothy's value in its free, attack-path testing that mirrors actual threat behavior instead of generic scanning. The MITRE ATT&CK mapping ensures your detection rules are validated against tactics adversaries actually use, not checkbox compliance. Skip Dorothy if you need continuous monitoring or remediation automation; it's a point-in-time validation tool, not a runtime detection layer.
Data verified Apr 2026
