Dreadnode

We couldn’t have asked for better weather or company for our trip to the DC area this week. It was a beautiful evening filled with conversations around operationalizing AI to accelerate security. There’s so much incredible work happening here at both the technical and policy levels. Thank you to everyone who took the time out of their day to attend our security agent workshop and evals policy roundtable, and thanks to those who came out to the rooftop happy hour! Massive appreciation to Sands Capital for hosting us and Christine Baker, CMP for the event support 👏 We'll be back soon! Nick Landers Brad Palm Shane Caldwell Daria B. Michael Kouremetis Tori Norris

In less than 20 minutes and under $2, we used our .NET reversing capability to run a SAST scan of Azure Cosmos DB in the Microsoft Container Registry (MCR), surfacing a high severity vulnerability in the now-deprecated database. 🆕 Model: Moonshot AI - Kimi K2.6 ⏱️ Task/agent runtime: 19 mins 26 secs 🪙 Tokens: ↑ 3124.0k · ↓ 33.3k 💰 Cost: $1.97 Vulnerability Overview: When using managed identity auth, it calls an internal token service over HTTPS, but the TLS certificate validation callback is tautological — it checks if the server cert's thumbprint matches any cert in the chain, but the leaf cert is always in its own chain, so it always passes. Watch the video to see how we ran it within our TUI. Then, install Dreadnode and try out the .NET reversing capability (doc and command in comments).

Pentesting hasn't fundamentally changed in 25 years. Once a year. Two weeks. A PDF. Move on. Meanwhile: → AI-enabled attacks are up 89% YoY → Average breakout time is now 29 minutes → Anthropic's Mythos found a 27-year-old bug overnight that survived 5 million fuzzing runs The manual annual pentest is outdated. What replaces it is a new category: Autonomous Offensive Security. I mapped 60+ companies across three waves, from legacy incumbents like Pentera to the AI-native players building always-on, machine-speed red teams like Armadin. The market map covers: • Why this is happening now • The three waves of offensive security • Why training data is the hidden battleground • What happens to pentest services firms #cybersecurity #offensivesecurity #pentesting #offensive #hacking #AI #venturecapital

When I wrote PentestJudge last year, the most common reaction was some version of "cool, but why are you working on LLM-as-judge instead of training better agents?" Judges aren't capability, they're scaffolding to understand the capability. A year of agents later, I can finally articulate why I'm so focused on judges: we're about to find out that you can't deploy long-running autonomous agents without them. Claude Code's "auto" mode is the clearest public example: a judge model gating individual tool calls because the alternative is tabbing through approvals or "dangerously skipping permissions". The scaffolding to understand the capability is necessary to steer and contain it. New post on why 2026 is the year of the judge, and the three research questions that decide whether this pattern survives long term: https://lnkd.in/efQRHeGv

March was all about agents. Between the White House's National AI Framework, NIST's Agent Security RFI, and RSA conversations, one thing is clear: agentic AI is reshaping the security landscape faster than policy can adapt. Static, checklist-based compliance frameworks were built for deterministic systems. AI agents are probabilistic, adaptive, and autonomous. You can't patch them like traditional software, and you can't evaluate them with binary pass/fail models. The window to shape agent security frameworks is open now. It won't stay open forever. Read our full NIST RFI response + where we think the policy conversation needs to go 👇 https://lnkd.in/gtcqjiVb

I'm thrilled to release two projects I've been building over the past year to address a gap in how we evaluate AI in security. Security benchmarks still evaluate offense and defense separately. Red teams run against curated scenarios, blue teams analyze synthetic logs. That separation breaks down quickly in practice. We built a framework where both sides operate simultaneously on shared infrastructure, with ground truth derived directly from adversary behavior. DreadGOAD (https://lnkd.in/gtxbtJpG) is a reproducible Active Directory lab environment forked from the GOAD project, refactored into a proper Ansible collection with a focus on idempotency, consistency, and scalability. It provides automated provisioning and teardown through a unified CLI, validation of 50+ embedded vulnerabilities, and (thanks to Michael Kouremetis) variant generation to prevent agent memorization. Ares (https://lnkd.in/g5Bw7yzK) is an autonomous multi-agent system building on work such as PentestJudge (https://lnkd.in/gkx27ha3). On offense, seven specialized agents execute full kill chains, from reconnaissance and credential access through privilege escalation, lateral movement, and forest trust abuse, coordinated by an LLM-driven orchestrator over Redis task queues. On defense, thanks to the exceptional work of Martin Wendiggensen, investigation agents triage alerts, hunt for IOCs mapped to MITRE ATT&CK, reconstruct timelines, and score findings against attacker-recorded ground truth. Both projects are open source and under active development. Clone, deploy, and run your own evaluations.

One week away! Few spots remaining. DM for details.

Your prod is our eval. Having a human driving AI through a chat interface isn’t machine speed, or machine scale. Organizations should have tools to reason about their defenses, to improve them even. Offensive teams should have tools to increase confidence in their own agents before deploying them on ops, and make sure they’re not going to cause production outages or delete their targets. The bar is exceedingly high, and while it’s fun to use agents for offensive security work, it becomes a responsibility when agents operate in a privileged security context.