The Three Disciplines
The security testing landscape forms an inverted pyramid: vulnerability assessments at the wide base (broad, shallow), penetration tests in the middle (targeted, deeper), and red team engagements at the apex (scenario-driven, full-organization).Vulnerability Assessment
Identify technical flaws across a wide attack surface. Output: a list.
Penetration Test
Exploit those flaws to prove attack paths within a targeted scope.
Red Team Engagement
Train and measure the defenders by emulating a real adversary end-to-end.
Side-by-Side Comparison
The following framing is adapted from the canonical comparison published by redteam.guide — extended with a fourth column for the autonomous-agent mode Decepticon enables.| Aspect | Vulnerability Assessment | Penetration Test | Red Team Engagement | Autonomous Red Team (Decepticon) |
|---|---|---|---|---|
| Goal | Identify technical flaws | Exploit flaws to prove attack paths | Train and measure blue team effectiveness | Continuously rehearse the blue team against an AI adversary |
| Scope | Wide, shallow | Targeted systems | Full organization | Full organization, programmatically expandable |
| Focus | Technology | Technology | People, processes, and technology | People, processes, technology — driven by an OPPLAN |
| Duration | Days | 1–2 weeks | 2–6 weeks | Hours to continuous (machine-speed loops) |
| Threat Model | CVE-based | Attack surface | Adversary emulation | Adversary emulation, dynamic per engagement |
| Risk Measurement | Attack-surface reduction | Technical exploit impact | Security operations assessment | Operations assessment + regression coverage over time |
| Output | Vulnerability list | Exploit evidence and attack paths | Security operations assessment | OPPLAN-tagged findings, attack graph, remediation patches |
The fourth column is not a replacement for human red teams — it is the same discipline, scaled. Humans set the Rules of Engagement, define objectives, and adjudicate findings; Decepticon executes the kill chain inside that envelope.
The Limitation of Traditional Pentesting
Traditional penetration testing focuses on evaluating security in silos — web, mobile, or external networks individually.- Siloed Evaluation: Pentesting might find SQL injection in a single web app, but it doesn’t test if defenders can detect an attacker using that web app as a proxy to pivot into the internal network.
- The Soccer Analogy: Pentesting is like practicing shooting, passing, and dribbling individually. These are essential skills, but practicing them in isolation for four years won’t prepare a team for the World Cup if they never play an 11-vs-11 match.
- The Real Limitation: Pentests fail to test how the organization’s overall security controls, blue team, and processes work together organically during a real, multi-stage attack.
Red Team Testing: The “Real Match”
Red Teaming is the actual 11-vs-11 practice match — a comprehensive adversarial simulation designed to test an organization’s holistic defense capabilities over an extended period (typically 4–8 weeks).Core Attributes of Red Teaming
- Holistic & Multi-Domain — Real attackers don’t attack just the web app and stop. They chain cloud, mobile, internal networks, and even physical or social engineering vectors. Red Teaming mirrors this.
- Stealth & Persistence — The primary goal is to remain undetected by the blue team. Red teamers operate quietly, evading SIEMs and EDRs, and maintain access (persistence) over long periods.
- Realistic Objectives — Instead of listing CVEs, the goal is practical: Can we access the SWIFT infrastructure? Can we exfiltrate dummy customer data without the blue team noticing?
- Threat Gets a Vote — Engagements are grounded in what real threats actually do, not just what defenders plan for. The threat profile drives the TTPs.
- Assumed Breach — If initial access (e.g., phishing) is blocked, red teamers shift to an “assumed breach” scenario: a beacon is planted internally to evaluate post-breach response, lateral-movement detection, and internal recon.
The Engagement Lifecycle: Get In, Stay In, Act
A red team engagement follows three phases — a model used widely across the industry and codified in the redteam.guide methodology:Get In
Initial access via the threat profile’s preferred vectors — phishing, exposed services, supply chain, social engineering. The objective is footprint, not noise.
Stay In
Establish persistence and command-and-control. Tier C2 channels (interactive / short-haul / long-haul). Maintain OPSEC. Survive defender response.
Why Decepticon Is an Autonomous Hacking Agent
Decepticon automates the Red Teaming mindset, not the pentest checklist. It does not blast a network with automated scanners — that would alert the blue team instantly. Instead, it reads the context of the environment. It maintains stealth, performs internal reconnaissance, executes lateral movement, and simulates assumed-breach scenarios autonomously. The kill chain is driven by an OPPLAN — a structured operations plan the agent generates from the operator’s RoE and ConOps before a single packet leaves the wire. By taking on the role of a relentless, AI-driven red team, Decepticon provides infinite offensive feedback. It is the Offensive Vaccine — training defense systems against the organic, stealthy realities of modern cyber threats rather than handing them a checklist of outdated software.Engagement Lifecycle
Get In, Stay In, Act — the three-phase lifecycle, mapped to Decepticon’s agents.
MITRE ATT&CK Integration
Tactics, Techniques, and Procedures — the shared vocabulary between threats and Decepticon.
Threat Emulation
How Decepticon turns a threat profile into an executable engagement.
Roles & Cells
Red Cell, Blue Cell, White Cell, Trusted Agent — and where Decepticon fits.
