Proudly Offensive: The Role of Offensive AI in Cyber Defense
In the AI era, the best defenders don’t react to attacks — they wage them first.
This post is a reflection on what we saw at RSAC 2025 and what we’ve been learning across the Decibel portfolio. But more importantly, it’s about where the cyber world is heading: a material shift where offensive AI will drive defensive capabilities and vice versa.
Dmitri Alperovitch, xCTO and Co-founder of Crowdstrike, speaking at Decibel’s Founder Dinner at RSAC 2025
The World Has Changed, And So Has Cyber
Earlier this year, we co-hosted the National Cyber Innovation Summit in Washington, D.C. with our friends at JP Morgan. It brought together 100+ elite founders, government officials, and security leaders from both the public and private sector. The message was clear: cyber is no longer a commercial afterthought or even a siloed IT concern. It’s geopolitical, it’s economic, and it’s existential.
Cybersecurity has always been deeply shaped by geopolitics. From the APT1 report in 2013 where Kevin Mandia publicly pointed out Chinese nation-state attackers, to the Colonial Pipeline ransomware attack that paralyzed the east coast in 2021, we’ve spent the last two decades reacting to threats born on the international stage. Nation-state attribution used to be controversial — now it’s table stakes. After each geopolitical shock, defenders have scrambled to bolt on controls for mitigation. The structural shift of AI makes that retrospective model untenable. Public LLMs and cheap fine-tuning allow even hobbyists to generate convincing malware and bespoke phishing at will, so threat volume is exploding non-linearly and signature-centric defenses are drowning. The net result is simple: defenders can no longer wait for “known bad” intelligence. Systems must be attacked in simulation, continuously ideally and reinforced in near real time. We’re entering a new chapter on what we call the Proudly Offensive Era.
Offense Is the New Defense
In the past, we operated on a Sequential Kill Chain — an attacker would recon, gain access, escalate, exfiltrate. We responded after the fact. We built playbooks around alerts and symptoms. We were always one step behind and our defenses were built on yesterday’s attacks.
When AI first came onto the scene, we saw a huge opportunity to focus on reducing alert fatigue from security tools. Companies like Dropzone emerged to handle the signal overload in SOCs by automating triage — not by replacing humans, but by relieving them of the tedious, the repetitive, the soul-crushingly obvious.
In this next chapter, both our allies and our adversaries are teaching LLMs to think like attackers. At the same time, the rise of code-gen tools like Bolt and Cursor means that software is being written — and exposed — at unprecedented scale. The result is a multiverse of exploitable vulnerabilities. And in the context of rising global conflict, the implications could be quite serious.
Today, we’re looking to invest in companies that proactively simulate the kill chain before an attack occurs. We expect these companies will use autonomous agents, draw on human expertise, and scale their reach through AI.
RSAC 2025: Proudly Offensive In Action
At RSAC this year, we took this idea public. The Decibel Founder Oasis hosted a packed session titled “Proudly Offensive”. It featured live demos and candid conversations on the topic. Here are three of the teams leading this charge:
🧠 Delphos – Teaching Machines to Reverse Engineer Malware
David Dubick and Caleb Fenton, founders of Delphos
Delphos is pioneering AI-powered reverse engineering, letting defenders deconstruct and see malicious code faster than ever before. Traditional sandboxes rely on behavior; Delphos pushes further, building code semantic models that can detect known and unknown vulnerabilities. The product thereby gives defenders the upper hand against attackers by doing what an elite reverse engineer would do, but in mere seconds.
👁️ SpecterOps – Turning Identity Into an Attack Surface Map
Justin Kohler, Chief Product Officer of SpecterOps
SpecterOps has long been a leader in offensive identity research. At RSA, they showed how their tools map attack paths via Bloodhound — then simulate exploitation. The approach is grounded in real-world tradecraft, helping customers such as Palantir and OpenAI harden their defenses with evidence, not hypotheticals.
☠️ Dreadnode – Simulate, Exploit, Repeat
Will Pearce and Nick Landers, founders of Dreadnode
Dreadnode showed why advancing the state of offensive security through AI isn’t the future but rather the present. Their AI-powered agents simulate attackers with intent: they probe, exploit, exfil, and learn. Dreadnode is building the most advanced adversary that lives inside your test environment and evolves. The best way to secure a system isn't by scanning and monitoring, it best secured by trying to break it, repeatedly.
Continuous Adversarial Validation
We’re seeing adversaries use LLMs to write better phishing campaigns, to craft tailored payloads, to fuzz APIs at scale. In our minds, the antidote is AI-powered Continuous Adversarial Validation, the idea that defense can no longer be episodic. We don’t wait for a red team quarterly or once a year. We spin up a red team every hour.
This approach blends simulation with detection and remediation. Rather than simply hardening endpoints, it war-games against a synthetic enemy that may understand your systems better than you do. As these tools mature, the boundary between defense and offense will blur even further. Put differently, reaction collapses into anticipation: every hour, new attack graphs are explored, and exploitable paths are patched or segmented before production traffic carries real risk
If You’re Building in This Space
If you’re working on AI-powered simulation, adversarial agents, or any other tools that turn offense into insight — we want to meet you. At Decibel, we are keen to invest into a new kind of offense and are proudly backing the companies getting us there.
Decibel and JP Morgan Co-hosting the National Cyber Innovation Summit in DC in March 2025