To keep adversary simulation relevant, our approach has had to change with it. At X‑Force Red, that evolution is already underway, and is formalized in X-Frame, a framework designed to provide a structured and governed approach to augmenting our adversary simulation operators with AI capability. This is not a bolt-on tool or a proof of concept. Rather, it’s been designed from the ground up to reflect how our operators actually work when simulating real-world sophisticated threat actors that are already bringing AI into their attack chains.
Our operators have access to AI-assisted tooling that accelerates reconnaissance synthesis, automates the generation of highly targeted social engineering artifacts, supports rapid prototyping of custom tooling, and enables faster correlation of vulnerability intelligence to client-specific attack surfaces. Every AI-assisted output is reviewed by a human operator before it touches a client environment or gets integrated into further testing cycles.
This also enables our team to simulate AI-enabled threat actors. All the buzz right now is around Mythos and what it means, but threat actors have been developing capabilities around generative AI for a while now. It’s critical we can bring that same capability to bear in our own testing. Now our clients can get a real answer to questions about the impact of AI in the hands of the bad guys.
What makes X-Frame a framework rather than just a capability is the structure around it. There are defined workflows, review gates, and operator protocols that govern how AI is integrated at each engagement phase. There are clear standards for what outputs require elevated review and how AI-generated artifacts are documented in client reporting. X-Frame is designed to scale consistently across our global team without sacrificing the operator judgment that our clients rely on.
