dreadnode

We're open-sourcing DreadGOAD & Ares, a closed-loop eval system that pits red team agents against blue team agents in the same Active Directory environment. Red team: 7 specialized agents, domain dominance in <6 min, 97% success rate across 142 ops. Blue team: scored against the attacker's actual recorded actions — not curated logs or checklists. Security agent benchmarks test offense and defense in isolation. That's the gap. DreadGOAD and Ares provide the feedback loop that’s been missing. 🔗 dreadnode.io/research/mine-…

If you’re serious about it, network ops is a careful activity. It’s not an offline thing you should smash tokens against, no standing it up in dev, and there’s a whole apparatus to find and evict you. Have evals that you run every which way, over and over and over. Every new tool, every change to the prompt.

Recommended demo soundtrack: Stimulus - Vandelux open.spotify.com/track/7tzvXfg4…

Install the network-ops capability: ray.so/1kQI1xF Run the prompt: ray.so/dLpxHmk Check out DreadGOAD: github.com/dreadnode/Drea…

Real offensive cyber capability shows up in long-horizon, multi-host, repeatable evals. The kind we rarely see running at scale. Claude Opus 4.6 + our network ops agent compromised an entire GOAD variant Windows AD environment (DreadGOAD) in 54 minutes, with one simple prompt, and $244 in tokens. The specs: 📊 DreadGOAD variant-1 · 3 domains · 5 hosts · 30 credentials · random user data, not in training set 💻 Claude Opus 4.6 🛠️ Dreadnode Network-Ops 🕓 54.5 min · 🪙 48.52M tokens · 💰 $244.02 Mythos has been in the spotlight for its cyber capabilities, but other models are competitive too. You just need the right scaffolding and eval infrastructure. Run the network ops agent now in the Dreadnode platform. Use any model. No code required. Sign up or log in and get started for free at dreadnode.io.

Do you have private access to Mythos or GPT-5.5? Both models are now supported by our harness. Custom harnesses are arguably the most important factor in capability improvement. Try ours at dreadnode.io (get started for free).

Basically why we charge cents per minute for a capability + tokens. Unit cost of intelligence is on the floor. AI isn’t just going to redefine how security functions, going to change the business model. Using AI to operate a business also means importing the cost structures. Not going to be fun for margins. Validation and safety are engineering problems, not model problems.

Late night, new NIN album, and experimenting with Dreadnode workers and Claude Code channels. All wired up for eventing from Mythic. Sometimes it’s fun to just nerd out 🧡

New post on what I mean when I say it's the YEAR OF THE JUDGE, and why I expect infosec agents to be the first and most important use case of judges in the loop. This year alignment becomes a contact sport. Prepare accordingly.

YEAR OF THE JUDGE !!!!!!!!

In less than 20 minutes and under $2, we used our .NET reversing capability to run a SAST scan of Azure Cosmos DB in the Microsoft Container Registry (MCR), surfacing a high severity vulnerability in the now-deprecated database. 🆕 Model: Moonshot AI - Kimi K2.6 ⏱️ Task/agent runtime: 19 mins 26 secs 🪙 Tokens: ↑ 3124.0k · ↓ 33.3k 💰 Cost: $1.97 Vulnerability Overview: When using managed identity auth, it calls an internal token service over HTTPS, but the TLS certificate validation callback is tautological — it checks if the server cert's thumbprint matches any cert in the chain, but the leaf cert is always in its own chain, so it always passes. Watch the video to see how we ran it within our TUI. Install Dreadnode and try out the .NET reversing capability: ➡️docs: docs.dreadnode.io/tui/capabiliti… ➡️command: ray.so/gyrc2qB

👀🏴‍☠️

@nadfusion 🤦settings adjusted. thanks!

@dreadnode Open DMs

One short week until our rooftop happy hour in Arlington, VA! Based in the DC area? Focused on operationalizing agents and accelerating security? We have room for a few more. DM us for event details.

Is AI better at hacking or defending? To find out we at @dreadnode built a closed-loop system that throws offensive agents and defensive agents against each other on the same infrastructure. We watch and see who wins. Today, we are open-sourcing it dreadnode.io/research/mine-…

Cyber evals are saturated, only thing left is the real-world. Operational teams are ahead of labs in terms of capability, they are not constrained to frontier models. Gonna be a gap until people stop pretending like red teams don’t come under the umbrella of “cyber defenders”.

Ares: github.com/dreadnode/ares

DreadGOAD: github.com/dreadnode/Drea…

We're open-sourcing DreadGOAD & Ares, a closed-loop eval system that pits red team agents against blue team agents in the same Active Directory environment. Red team: 7 specialized agents, domain dominance in <6 min, 97% success rate across 142 ops. Blue team: scored against the attacker's actual recorded actions — not curated logs or checklists. Security agent benchmarks test offense and defense in isolation. That's the gap. DreadGOAD and Ares provide the feedback loop that’s been missing. 🔗 dreadnode.io/research/mine-…

Glasswing. Security would’ve called it black, red, or blue wing. Or purple. Offense is the new defense. Except, offense was always part of defense. Most of my time in consulting was spent prioritizing findings, teaching defenders about how their own networks worked. But being aligned with “attackers” doesn’t have great optics, so defense stays behind. Fastest post-exploit was 7 minutes — as human. You already know what the misconfiguration was. I’d be genuinely surprised if CrowdStrike were able to use Mythos more effectively than a small offense team could use a Qwen.