AI red teaming for the inside of your network.
Most AI pentesting stops at the public internet. AI red teaming with SimpleSec runs inside — through a WireGuard agent your blue team drops into the target environment, with the planner driving Active Directory enumeration, Kerberoasting, lateral movement, and Domain Admin path validation. Mapped to MITRE ATT&CK. Destructive actions gated behind admin approval.
What AI red teaming actually is
AI red teaming is adversary emulation driven by AI-orchestrated tooling. Where a pentest aims for coverage — find as many vulnerabilities as possible — a red-team engagement aims for an objective: reach a specific high-value asset, demonstrate the attack chain, and surface the detection gaps the blue team didn't know they had. AI red teaming operationalizes that work at machine speed.
The difference matters because the deliverables differ. A pentest report is a list of findings with CVSS scores. A red-team report is a narrative: an attack chain, the techniques that succeeded, the techniques the blue team caught, and the gaps between the two. SimpleSec produces both styles, with the red-teaming mode focused on the chain and the pentest mode focused on the breadth.
AI red teaming is what most "AI pentesting tools" claim to do and few actually deliver. The reason: internal access is hard. You can't run a meaningful red-team engagement from the public internet, and most cloud-only platforms can't get inside. SimpleSec solves this with the WireGuard agent.
An AI red teaming attack chain end-to-end
What a typical AI red teaming engagement looks like from initial foothold to Domain Admin validation. Every stage is mapped to MITRE ATT&CK; every destructive action gates behind admin approval.
Initial foothold
WireGuard agent deployedThe agent ships as a single container or binary your blue team drops into the target environment — typically a low-trust subnet that simulates phishing-derived access. The encrypted tunnel terminates in the SimpleSec orchestrator. No persistent inbound connection from the cloud.
Simulates initial access (TA0001) without requiring the AI red team to actually phish.
Network reconnaissance
Reachability mapping, AD discoveryOnce the tunnel is up, AI red teaming enumerates the reachable subnet, locates domain controllers, and pulls a user/group inventory from AD. The asset graph that gets built here is the same one the planner uses to decide what to attack next.
T1018 Remote System Discovery, T1087 Account Discovery, T1069 Permission Groups Discovery.
Credential access
Kerberoasting, AS-REP roastingThe planner requests service principal names (SPNs) with weak encryption types, harvests Kerberos tickets, and queues them for offline cracking. AS-REP roasting against users with pre-auth disabled runs in parallel.
T1558.003 Kerberoasting, T1558.004 AS-REP Roasting.
Lateral movement
netexec SMB, WinRM exec, credential reuseCracked credentials get tested across the reachable host set — netexec for SMB, WinRM for code exec where allowed by the approval policy. The planner picks targets based on the SMB signing posture and the host's value in the AD graph.
T1021.002 SMB/Windows Admin Shares, T1021.006 WinRM.
Privilege escalation
secretsdump, DC compromise validationWhen the planner identifies a path to Domain Admin (over-permissioned accounts, ACL misconfigurations, unconstrained delegation), the destructive validation runs only after admin approval. The audit log captures the request, the approver, and the outcome.
T1003 OS Credential Dumping, T1078.002 Domain Accounts.
Evidence capture & report
Per-finding evidence chainEvery step writes raw output, command log, and parsed record. The deliverable is a red-team report mapped to MITRE ATT&CK techniques, with reproduction steps and remediation guidance per finding.
Findings labeled with ATT&CK technique IDs for blue-team handoff.
Your AI red team operator on the inside
The WireGuard agent is the part of AI red teaming most platforms skip. It's a single container or binary your blue team drops into the target subnet — no persistent inbound connection from the cloud, encrypted end-to-end, scoped per engagement, revocable in one click.
Once the tunnel is up, AI red teaming runs Active Directory enumeration, Kerberoasting, AS-REP roasting, SMB signing audits, netexec sweeps, secretsdump validation, WinRM exec where policy allows, and lateral-movement validation. The same workflow a senior red-team operator would run by hand, executed without the operator typing each command.
- ▸ Per-engagement network access profiles — scoped, revocable in one click.
- ▸ Encrypted at rest (Fernet) — WireGuard keys, captured credentials, MFA secrets.
- ▸ Reachability bounded by routing configuration on agent deploy.
AI red teaming vs AI pentesting — when to use which
Both modes run on the same platform. The decision is usually about the audience for the report and what question the engagement is trying to answer.
| Dimension | Pentest | Red team |
|---|---|---|
| Goal | Find as many vulnerabilities as possible. | Achieve a specific objective (e.g., reach the customer database) and demonstrate detection / response gaps along the way. |
| Scope | Broad. Everything in-scope gets tested. | Narrow. The path matters more than the breadth. |
| Stealth | Loud. Comprehensive tests, no attempt to evade detection. | Quiet. Avoid tripping IDS / EDR; measure what the blue team catches. |
| Output | List of findings with CVSS scores and remediation. | Narrative of an attack chain, mapped to MITRE ATT&CK, with detection gaps called out. |
| How SimpleSec fits | Default mode. The platform was built for this. | Available in adversary-emulation mode — narrower scope, ATT&CK-mapped output, approval-gated destructive actions. |
Safe-by-default AI red teaming
Autonomous AI red teaming sounds dramatic. In production environments, it would be reckless. The SimpleSec model is the opposite: reconnaissance and enumeration run on their own, but destructive actions (credential spray, exploit execution, secretsdump against domain controllers) sit in an approval queue until an operator with the right role signs off.
Every request, approval, denial, and rationale is written to the audit log. After the engagement, the customer has a precise record of which destructive actions the planner proposed, which got approved, and what happened next. For sensitive customers — financial services, healthcare, regulated infrastructure — this is the difference between AI red teaming being procurable and not.
AI red teaming — frequently asked
What is AI red teaming?
AI red teaming is the practice of using AI-driven tooling to simulate an adversary's attack against an organization — narrower in scope than a pentest, focused on an objective (reach the customer database, get to Domain Admin), and mapped to a framework like MITRE ATT&CK. SimpleSec's AI red teaming mode runs internal-network engagements through a WireGuard agent dropped into the target environment, with destructive actions gated behind admin approval and findings labeled with the ATT&CK techniques they implement.
Is AI red teaming the same as AI pentesting?
Related, not identical. Pentesting aims for coverage — find as many vulnerabilities as possible. Red teaming aims for an objective — get from initial foothold to a specific high-value asset, demonstrating which detections the blue team has and which they don't. SimpleSec's AI pentesting mode runs broad coverage; the AI red teaming mode narrows scope, maps findings to ATT&CK, and tracks the attack chain end-to-end.
Can AI red teaming run inside an internal network?
Yes — this is what differentiates SimpleSec from most AI pentesting tools. The WireGuard agent gives the AI red team a foothold inside the target environment. From there it runs Active Directory enumeration, Kerberoasting, AS-REP roasting, SMB signing checks, netexec sweeps, secretsdump, and lateral movement validation. The agent is per-engagement, encrypted end-to-end, and revocable in one click.
How does AI red teaming map to MITRE ATT&CK?
Every finding generated by AI red teaming gets labeled with the MITRE ATT&CK technique ID it implements. Examples: Kerberoasting → T1558.003; OS Credential Dumping → T1003; SMB lateral movement → T1021.002; WinRM remote execution → T1021.006. The report includes a tactic-by-tactic summary so the blue team can see which detections fired and which didn't.
Is AI red teaming safe to run in a production environment?
With the right guardrails, yes — that's the entire point of the approval-gate model. Reconnaissance and enumeration run autonomously. Destructive actions (credential spray, exploit execution, secretsdump against domain controllers) do not leave the orchestrator until an admin approves. The audit log records every request and decision. For sensitive engagements, customers leave the gate in place on every destructive technique and let an operator make each call in real time.
Can AI red teaming be used for purple-team exercises?
Yes. The webhook delivery format that powers continuous-pentesting alerts also works for purple-team coordination — AI red teaming fires events as it executes each technique, the blue team's SOC sees them in real time, and the post-exercise debrief uses the audit log + ATT&CK mapping as the shared source of truth. The result is a structured what-fired-when timeline both sides can review without arguing about what happened.
Related reading
AI red teaming on your own AD environment.
Standard and Pro tiers include WireGuard agent-based internal testing. Drop the agent, run the engagement, get an ATT&CK-mapped report with evidence on every finding.