The Kill Chain models how an attack succeeds. The Attack Helix models how the offensive baseline improves.
The Tipping Point
One person. Two AI subscriptions. Ten government agencies. 150 gigabytes of sovereign data.
In December 2025, a single unidentified operator used Anthropic’s Claude and OpenAI’s ChatGPT to breach ten Mexican government agencies and a financial institution. No custom malware. No zero-day exploits. No nation-state infrastructure. Just commercial AI subscriptions and over a thousand carefully crafted prompts.
Claude generated network scanning scripts, identified exposed administrative panels, wrote SQL injection payloads targeting *.gov.mx domains, produced credential-stuffing automation for systems lacking rate limiting, and mapped lateral-movement paths between agencies. When Claude reached output limits or refused certain requests, the operator pivoted to ChatGPT for SMB enumeration and Living-off-the-Land evasion strategies. The result: 195 million taxpayer records, voter registration files, employee credentials, and civil registry documents exfiltrated in weeks by one person doing what previously required a coordinated team working for months.
This was not a thought experiment. It was a demonstration that AI has compressed the offensive kill chain. Tasks that once required deep expertise, custom tooling, and sustained operator time can now be decomposed and accelerated by frontier models.
The Mexico breach is not an anomaly. Over the past several months, cybersecurity has crossed not one—but multiple tipping points. First, we saw the first confirmed AI-orchestrated cyberattacks, where autonomous agents executed the majority of intrusion workflows with minimal human input. Then, attackers began operationalizing AI at scale—using models like Claude to compromise governments, exfiltrate large datasets, and automate exploit development. At the same time, AI systems themselves became a new attack surface, with high-profile leaks, vulnerabilities, and supply chain failures exposing how fragile the underlying infrastructure still is. Finally, we are now seeing early evidence of agentic AI behaving unpredictably under adversarial pressure, raising fundamental questions about control, alignment, and security at scale. These are not isolated incidents. Together, they mark a structural shift: AI has flipped the economics of cyber offense. Attackers are no longer constrained by skill, time, or cost.
Defenders are not facing a faster version of attack. It is facing a recursive step function for offense. It’s now compute vs compute and offense has the advantage.
Why Now
-
- AI materially lowers the cost of offensive experimentation.
-
- Legacy penetration testing remains bounded by human hours and staffing variability.
-
- Vulnerability discovery is accelerating faster than organizations can triage and remediate.
-
- Buyers increasingly need continuous validation, not periodic assessments.
-
- Security teams are over-instrumented with point products and under-served on verified signal.
The Structural Problem
The dominant model for validating security posture, the penetration test, was built for a world where attacker and defender both moved on human timescales. A team receives a scoped engagement, spends a fixed number of hours, writes a report, and moves on. The customer receives a snapshot. The next test happens in six months or a year.
That model now fails in three structural ways.
Time-over-target. Human-hours cap coverage. Large portions of the attack surface go untouched because the clock runs out.
Skill distribution. Outcomes depend on who happened to be staffed. Knowledge stays trapped in individual operators instead of being encoded into the system.
Recursion. Findings, false positives, and competitor gaps do not systematically improve the next engagement. The system has weak memory.
John Boyd’s OODA loop still helps explain the incumbent ceiling. Faster observe-orient-decide-act cycles matter in adversarial environments. But a flat loop only gets you speed. Guard is designed around a stronger property: the system should improve after every cycle.
The Five Year Question
In technology, failing to ask “what does the next five years look like?” leads companies to optimize for the wrong variables. They reorganize prematurely around flat facts instead of structural shifts. We are not building Guard to be a slightly faster version of the legacy model. We are looking five years ahead. In five years, offensive capabilities will be entirely continuous, highly autonomous, and driven by compounding machine learning models rather than static human checklists.
Guard is built to be the platform that thrives in that reality. However, the companies that get this right will not replace humans entirely; they will scale with automation and AI while elevating the judgment, executive function, and creativity of elite offensive security experts. The win is not removing experts altogether—it is decoupling impact and revenue from linear headcount.
Guard’s Core Thesis
Every structural weakness of the point-in-time model maps to a specific Guard design choice:
| Point-in-Time Problem | Guard’s Response |
|---|---|
| Time-bounded coverage | Continuous, automated testing across the attack surface |
| Skill-dependent quality | Standardized capability library with reusable operator intelligence |
| No cross-engagement learning | Attack Helix feedback loops that compound institutional knowledge |
| Snapshot-in-time posture | Living attack graph updated as environments change |
| Manual report delivery and triage | Streaming findings with calibrated confidence and increasing automation |
The customer result is concrete: more coverage, more consistency, faster operationalization of new threats, and a system that gets better over time instead of starting from zero every engagement.
Customer Outcome
-
- Migration from episodic visibility to continuous coverage, improving protection
- Broader attack-surface coverage than time-boxed penetration tests can provide
-
- More consistent quality than staff-dependent engagements
-
- Faster operationalization of newly published threats
-
- Fewer false positives over time through calibrated confidence systems
-
- Remediation-ready output instead of static reports
-
- A path to consolidate noisy point products without losing defensive coverage
Meeting the Technology Where It Is
The correct response is neither to dismiss AI as a gimmick nor to pretend it is ready to replace human operators wholesale. It is to design an architecture that meets the technology where it is today and progressively reduces human intervention as capabilities improve.
Foundation models are increasingly commoditized. Durable advantage does not come from access to models alone. It comes from the system around the model: orchestration, typed interfaces, validation gates, policy boundaries, feedback loops, and domain expertise encoded in every evaluation function.
Guard is designed as an exoskeleton: an AI-powered system that amplifies human operators today and progressively takes over categories of work as confidence increases.
-
- Level 1 – Automation: machine-speed reconnaissance, inventory expansion, and template-based detection
-
- Level 2 – Assisted autonomy: high-confidence auto-promotion and CVE-to-signature generation with human approval
-
- Level 3 – Supervised autonomy: automated handling of mature vulnerability classes with humans focused on novel attack research
-
- Level 4 – Collaborative autonomy: broader hypothesis exploration with humans acting as strategic directors and evaluators
The humans are not being replaced. They are being promoted from repetitive execution to frontier judgment.
Meeting the Customer Where They Are
In enterprise software, product failures often come down to timing. Build for the future too early, and the market rejects it as too risky. Build for the present too long, and incumbents outlast you. The solution is not to force the market to leap; it is to build a bridge.
We know exactly where the puck is going. The future of offensive security is continuous, AI-driven, and compounding. But buyers do not migrate all at once. This is a classic crossing the chasm of go-to-market. Organizations exist on a spectrum of readiness:
-
Some are strictly bound by compliance frameworks and are not ready to move away from legacy penetration testing.
-
Others recognize the limits of point-in-time assessments and are open to tech-enabled, continuous validation.
-
A final, forward-leaning group is fully prepared to layer autonomous AI on top of their defensive posture.
Guard is designed to absorb this entire spectrum. It meets the customer where they are today while providing a seamless transition to what we know needs to be true tomorrow.
If a customer only wants to buy a traditional penetration test, we deliver one. As they build trust in the platform’s verified signal, the friction to upgrade diminishes. The platform acts as a bridge, pulling them from episodic engagements to continuous tech-enabled monitoring, and ultimately to full AI-native integration within the Attack Helix.
The customer never has to take blind replacement risk. They get the operating model they are ready for today, powered by the engine they will inevitably need tomorrow.
The Attack Helix
Legacy security tools rely on a flat OODA loop powered by static algorithms. Programmers write precise rules, and the tools follow them. But the Attack Helix introduces the true multiplier of modern computing: machine learning.
OODA is flat. It returns to the same plane. The Attack Helix is different. Each cycle climbs. It is an operating logic where the system learns a vulnerability pattern in one environment, converts it into a generalized machine-executable capability, and immediately scales that protection globally across the entire customer base.
This is not branding layered on top of the product. It is the operating logic of the product. We call Guard’s learning architecture the Attack Helix.
Loop 1: Manual Finding Gap Detection
Human finds vulnerability manually
-> System checks: does Guard already detect this class?
-> IF NO: Create capability-development ticket
-> Build new detection signature
-> Future customers get automated coverageLoop 2: False Positive Refinement
Guard capability produces finding
-> Cato or human rejects it
-> Trace back to source signature and context
-> Tighten detection logic
-> Future runs produce fewer false positivesLoop 3: Competitive Intelligence
Competitor reports material finding
-> Cato validates it independently
-> Guard checks whether equivalent coverage exists
-> IF NO: Build the missing capabilityLoop 4: Confidence Scoring and Auto-Promotion
Triage decisions accumulate at the signature level
-> Empirical TP rate + model confidence
-> Auto-promote / review / likely-FP routing
-> More evidence shrinks the manual review bandLoop 5: Adversarial Tradecraft Integration
External tradecraft appears
-> Threat reporting, bug bounty writeups, exploit kits, named actor TTPs
-> Guard deconstructs the technique into executable logic
-> Tradecraft becomes reusable platform capability
-> The world's offensive output becomes platform R&DThese loops compound: manual findings create new capabilities; capabilities create more findings; findings create more triage data; triage data improves calibration; calibration increases automation; adversarial tradecraft expands the global capability baseline; and automation frees experts to discover the next gap.
The most important property of the Helix is cross-customer intelligence. A vulnerability pattern discovered in one environment can become a capability that protects future environments facing the same exposure class. That is not just a process improvement. It is a flywheel.
Helix Metrics
If the Helix is real, it should be measurable. The most important operating metrics are:
-
- time from CVE publication to deployed detection
-
- percentage of findings auto-promoted versus manually reviewed
-
- false-positive reduction over time by signature class
-
- share of findings sourced from newly generated capabilities
-
- number of cross-customer capability deployments
-
- time from validated discovery to remediation recommendation
-
- share of external tradecraft converted into executable capability
These metrics turn the Helix from a thesis into an operating system.
The Guard Capability Factory
It is tempting to scale a product before it actually works, relying on marketing hype. In the AI space, we are seeing this in the recent MIT study that showed 95% of AI initiatives fail to deliver the value they had hoped, and we see partnerships cancelled between companies because the new entrant’s technology is not ready.
Guard takes a different approach: keep the funnel incredibly tight until the capability is proven, then scale it globally. We treat capability generation like a factory pipeline (Input -> Generation -> Validation -> Deployment). A capability only graduates to automated, cross-customer deployment when empirical true-positive rates and model confidence dictate it is ready. We do not scale noise; we scale validated, remediable signal.
The best way to visualize the Helix is as a staged capability factory. This is the same communication pattern that makes Anthropic’s Bloom pipeline effective: inputs, staged generation, judgment, and repeatable output. In Guard’s case, the output is not an evaluation suite. It is a validated security capability that compounds across the customer base.
Figure concept: Guard converts raw security signal into deployable, validated capabilities. The output of one cycle becomes the input advantage for the next.
---
config:
layout: elk
theme: dark
themeVariables:
primaryColor: '#270A0C'
primaryTextColor: '#ffffff'
primaryBorderColor: '#535B61'
lineColor: '#535B61'
background: '#0D0D0D'
---
flowchart LR
classDef input fill:#eef7ff,stroke:#5b8ff9,color:#0b1f33,stroke-width:1.5px;
classDef stage fill:#f7f4ff,stroke:#8b6cff,color:#24143a,stroke-width:1.5px;
classDef output fill:#eefbf3,stroke:#2f9e62,color:#123524,stroke-width:1.5px;
classDef control fill:#fff8e8,stroke:#d4a72c,color:#4a3510,stroke-width:1.5px;
A[Signal Inputs
Human findings
Published CVEs
Competitor findings
Bug bounty findings
ASM / VM / BAS telemetry
CTI and tradecraft reports
Attack graph telemetry
Triage decisions]
subgraph P[Automated capability pipeline]
direction LR
B[1. Capability Generation
Research agents
CVE tech recon
Actor-critic signature generation
Tradecraft decomposition
Constantine exploit and patch workflows]
C[2. Validation and Graph Integration
Cato validation
Capability SDK / Janus / Aegis execution
Attack graph enrichment
Agora registry publication]
D[3. Confidence and Deployment
Beta-Binomial scoring
Auto-promote / review / reject routing
Global capability rollout]
end
E[Compounding Output
Higher coverage
Lower false positives
Faster remediation
Lower marginal cost
Broader category replacement]
F[Control Plane
Target surface
Execution backend
Model selection
Review thresholds
Rollout scope
Automation policy]
A --> B --> C --> D --> E
F -. tunes .-> B
F -. tunes .-> C
F -. tunes .-> D
E -. Attack Helix feedback .-> A
class A input;
class B,C,D stage;
class E output;
class F control;
Figure concept: Guard converts raw security signal into deployable, validated capabilities. The output of one cycle becomes the input advantage for the next.
The Defender’s Dividend: Consolidation and Clarity
The Attack Helix is a dual-use engine.
For Praetorian, it is a factory for better offensive capability. For the customer, it is a signal-to-noise engine that can simplify the security stack.
This is the strategic wedge. Customers already buy ASM, VM, BAS, CTI, and pentesting because they need those inputs to understand risk. Guard needs many of the same inputs for a different reason: to determine what is actually exploitable, what tradecraft matters now, and what capability should be built next.
That overlap creates a powerful product outcome. As Guard becomes the system of record for verified exploitable risk, customers gain a low-risk path to consolidate spend. They do not need five different platforms showing five different versions of the truth. They need one platform that continuously proves what is actually reachable, exploitable, and worth fixing.
The attacker benefit and defender benefit are the same system viewed from opposite sides:
-
- Attacker perspective: more signal means better attack planning and faster capability improvement
-
- Defender perspective: better validation means less noise, fewer redundant tools, and clearer remediation priorities
That is how the Helix expands TAM without losing focus. The same compounding engine that improves Praetorian’s offensive baseline also creates the customer’s path to consolidation, simplification, and savings.
The Surfaces We Cover
Guard’s breadth matters not as a feature checklist, but as evidence that the Helix has enough surface area to be economically meaningful.
| Surface | Tools | What They Do | Legacy Category Converged |
|---|---|---|---|
| Perimeter Attack Surface Discovery | Pius | Domains, subdomains, CIDRs, APIs, cloud assets | Attack Surface Management (ASM) |
| Service & LLM Fingerprinting | Nerva Julius |
Service and protocol identification across a broad protocol set | Attack Surface Management (ASM) |
| Credential Testing | Brutus | Default, weak, and leaked credential validation | Breach & Attack Simulation (BAS) |
| Web & API Security | Hadrian Vespasian |
DAST, auth testing, injection, API logic, mutation testing | Application Security Testing (AST) / Dynamic Application Security Testing (DAST) |
| Cloud Security | Aurelian | Secrets, misconfigs, public exposure, IAM escalation | Cloud Security Posture Management (CSPM) |
| Internal Networks |
Aegis |
AD attacks, lateral movement, database exploitation, CI/CD pivoting | Breach and Attack Simulation (BAS) |
| Source Code | Caligula Constantine Titus |
Code exploitability analysis, secrets, patch generation | Static Application Security Testing (AST), Software Composition Analysis (SCA), Supply Chain Security (SCM) |
| LLM Services | Augustus | Prompt injection, jailbreaks, safety evaluation | Emerging AI Security / BAS |
| CI/CD Pipelines | Trajan | Pipeline poisoning, dependency taint, supply-chain weaknesses | Supply Chain Security (SCM) |
| Integrations | 64 third-party integrations | Qualys, Tenable, Rapid7, Wiz, CrowdStrike, Okta, and others | Input source for feedback loops and flywheels |
The platform becomes more valuable not just because it sees many things, but because it reasons across them. Source code findings can inform dynamic testing. Cloud context can reshape credential-testing priorities. Internal reconnaissance can enrich external attack-path planning. Third-party products become both customer value surfaces and learning surfaces for the Helix.
Architecture Overview
Guard can be understood as four interacting layers:
-
- Interface Layer
Operator UI, API, CLI, Burp integration, and AI-assisted control surfaces
- Interface Layer
-
- Agent Orchestration Layer
Planning, decomposition, delegation, and workflow coordination through Prometheus
- Agent Orchestration Layer
-
- Compute and Capability Routing Layer
Schema validation, queuing, deduplication, safety policies, executor selection, and streaming
- Compute and Capability Routing Layer
-
- Data Layer
Attack graph storage, workflow state, telemetry, caching, and model infrastructure
- Data Layer
Signal flows through these layers in both directions. The orchestration layer reasons over accumulated context. The execution layer acts through capabilities. The results return as telemetry, graph enrichment, confidence updates, and category-level product improvements. The Helix closes.
Two Engines for Dealing with Hard Targets: Maxentius and Constantine
The clearest proof that Guard is not a GPT wrapper is that it uses different architectures for different offensive problems.
N-Day is a reasoning problem. A CVE exists. The challenge is to operationalize it quickly and deploy coverage broadly.
0-Day is a search-and-prove problem. A codebase or environment may contain vulnerabilities nobody has published or named. The challenge is to search, validate, and prove.
Maxentius: N-Day at Machine Speed
Maxentius is Guard’s N-Day engine: a multi-level agent hierarchy that turns CVEs into deployable detection and exploitation context.
---
---
config:
layout: elk
theme: dark
themeVariables:
primaryColor: '#270A0C'
primaryTextColor: '#ffffff'
primaryBorderColor: '#535B61'
lineColor: '#535B61'
background: '#0D0D0D'
---
flowchart LR
classDef stage fill:#f7f4ff,stroke:#8b6cff,color:#24143a,stroke-width:1.5px;
classDef artifact fill:#eefbf3,stroke:#2f9e62,color:#123524,stroke-width:1.5px;
A[CVE Signal] --> B[Research Agent]
B --> C[CVE Tech Recon]
C --> D[Guard Tech Correlation]
D --> E[Detection Planner]
E --> F[Actor Agent
Generate template]
F --> G[Critic Agent
Break and refine]
G --> H[Validation and Fixer Loop]
H --> I[Deployable Nuclei Template]
H --> J[Exploit Guidance]
class B,C,D,E,F,G,H stage;
class A,I,J artifact;
Maxentius uses multiple models and agent frameworks because different stages need different strengths: research, synthesis, critique, and structured generation.
Constantine: 0-Day Discovery Through Tool Orchestration
Constantine is architecturally the opposite of Maxentius. Where Maxentius is an AI-native reasoning pipeline, Constantine is a tool orchestration pipeline with AI as glue:
Each stage runs one or more modules, self-contained programs that can be written in any language. Modules communicate through filesystem artifacts rather than a rigid shared schema. That matters because it lets static analysis, dependency analysis, fuzzing, exploit attempts, and patch generation coexist without being flattened into one framework.
Constantine includes:
-
- full budget tracking with warnings at 50/80/100%
-
- optional hard cost ceilings
-
- a two-phase cost-estimation gate
-
- 18 modules spanning the pipeline
-
- agentic exploiters in Docker-in-Docker sandboxes with up to 250 tool calls per attempt
Critically, it does not stop at detection. The Patch stage generates fixes, from dependency bumps to guard clauses to structural refactors, producing diffs customers can review and apply.
Together, Maxentius and Constantine prove that Guard is not a generalized AI wrapper. It is a platform that uses the right architecture for the right problem.
Beyond Identifying Risk: The Remediation Imperative
The weakness of point-in-time testing is not just incomplete discovery. It is that even when organizations know about exposures, they often fail to remediate them on attacker timescales.
That is now the market-defining asymmetry. Attackers need only one viable path and increasingly have machine-speed assistance in generating those paths. Defenders must still discover, validate, prioritize, route, and fix. The real bottleneck is no longer awareness. It is operationalization.
This changes what a winning platform must optimize for. A finding that sits in a dashboard is not durable value. A finding that gets validated, prioritized, contextualized, and fixed is value.
That is why Guard is not built to answer “How do we scan more?” It is built to answer a harder question: how do we continuously discover, validate, prioritize, and increasingly help remediate the exposures that matter before an attacker reaches them?
Why This Becomes a Large Business Over Time
The Attack Helix is not only a technical architecture. It is an economic architecture.
-
- Every integration, from ASM and VM to BAS and CTI, becomes a feedback loop that improves the platform for future customers.
-
- Every bug bounty finding, public exploit write-up, and validated adversarial technique can be translated into reusable machine-executable capability.
-
- Every validated workflow shifts labor from bespoke delivery into reusable software-defined product.
-
- Every capability that graduates into higher-confidence automation lowers marginal delivery cost.
-
- Every category Guard enters becomes both a product surface for the customer and an intelligence surface for the platform.
This is what makes Guard more than a better penetration test. It creates a path to converge multiple legacy categories into one compounding system:
-
- Penetration Testing
-
- Vulnerability Management
-
- Attack Surface Management
-
- Breach and Attack Simulation
-
- Cyber Threat Intelligence
The platform can dislodge incumbents one category at a time, but on the customer’s terms. As contracts expire and confidence in Guard’s verified signal grows, customers can consolidate tooling without taking blind replacement risk.
Why Praetorian
The greatest products in technology history—from Unix to early Google systems—were almost always designed for the benefit of the people actively building and using them.
Guard is no different. It was not dreamed up in a corporate vacuum to sell to a theoretical buyer. It was built because Praetorian, operating as an elite offensive security firm for over a decade, hit the limits of human scaling. We needed a way to capture the knowledge of our best operators, automate their repetitive tasks, and scale their brilliance. We built Guard as an exoskeleton for ourselves.
We are neither vanilla software engineers, data scientists, or consultants. We are offensive operators that also know how to build enterprise solutions. We “eat our own dog food” every single day in real-world. Our operators rely on the platform to do their jobs and the feedback loop are instant, harsh, and grounded in reality, not synthetic benchmarks. Because we built the product to satisfy our own standards first, we know what works, what does not, and why. Just like we know what defender controls work, which do not, and why. Because we are them. We are the attacker.
Our moat is not just data. It is the combination of domain expertise, assessing real operating environments, judged by experts with a system structured to convert those inputs into stronger signal in a virtuous fly wheel.
This is the builder-breaker advantage.
Closing the Loop
The market has changed. Offense now scales with compute. The legacy penetration-testing model does not.
The winning platform in this environment will not be the one that merely scans faster. It will be the one that continuously discovers, validates, prioritizes, learns, and improves. It will reduce the marginal cost of protection as it scales. It will turn one customer’s signal into broader future coverage. It will build not just a toolchain, but a compounding system.
That is the opportunity Guard is pursuing.
The same engine that improves Praetorian’s offensive baseline also creates the customer’s path to better signal, simpler workflows, lower tooling sprawl, and eventual category consolidation. In that sense, the Helix is not just a product architecture. It is a point product category killer.
In a market where offense scales with compute, the durable winners will be the platforms that convert every engagement into stronger software and every point-product input into compounding platform advantage. Guard is built to do exactly that.
