In our opinion, this research discusses how intelligent simulation helps organizations stay ahead of competitors. There are many ways that organizations can leverage intelligent simulation, for Skyhawk Security, our Continuous Autonomous Purple Team simulates attacks based on the specific configuration of the cloud attack surface, crown jewels, and cloud architecture. These attacks are customized for each customer’s cloud environment.

We believe this key finding stated in the paper aligns extremely well with exactly what Skyhawk Security does. The AI-based Red Team identifies future vulnerabilities, so they can be neutralized, and the Cloud Threat Detection and Response are updated to ensure the detections align to prevent these threats from being weaponized.

Key Findings

“Intelligent simulation isn’t merely refining security operations; it’s rewriting the rules of engagement. We’re shifting from the reactive chaos of threat detection and response to a commanding position of preemptive cybersecurity mastery, where future vulnerabilities will be neutralized and defenses hardened before an attack even begins.”

Overview of the Skyhawk Security Platform

The platform is comprised of two main cloud security pillars:

  • Cloud Threat Detection and Response – an agentless CADR, provides cyber defense, built on a multi-layer machine learning and AI-based threat detection engine.
  • The AI-Based Red Team – a Breach and Attack Simulation that simulates weaponized risks on the cloud environment and runs them against the CADR threat detection engine, to validate the company’s security controls are ready to defend against a company’s specific weaponized risks.

 

How does this work?

Skyhawk’s analysis runs continuously in a Digital Simulation Twin so there is no disruption nor impact on production.

The solution proactively identifies weaponized risk in the cloud, across all layers of cloud applications (application, host vulnerabilities, and cloud level) and their interactions. The risks are prioritized based on the business value of the asset impacted by that weaponized risk (in CTEM terms: Scoping and Discovery). The coverage of application vulnerabilities, infrastructure vulnerabilities, cloud posture and misconfigurations, as well as sensitive data discovery are at the core of the data feeds going into the platform

Skyhawk’s AI-based Red Team, a cloud-native, agentless Breach and Attack Simulation module, produces a step-by-step attack scenario. It then maps a detection indicator for each step of the attack, therefore, providing a unified view of simulated attacks along with suggested preventative remediations, as well as security controls for threat detection and response (the layers of defense). This continuous autonomous process ensures there are compensating controls in place to detect threats while the application and DevOps teams implement the risk/path remediation steps.

The AI-based Blue Team leverages Skyhawk’s Cloud Threat Detection and Response

Cloud Threat Detection and Response leverages three layers of machine learning to process tens of thousands of events, logs, and telemetry to find the threat actors that are in your cloud right now. The AI-based rehearsal with the red team allow these models to respond even faster – the context from the purple team rehearsal enables faster, more accurate alerting. The machine learning models “know” where the threat actor will end up and they know they do not want the threat actor to get there. This rehearsal ensures that machine learning models can alert fast, so the SOC can act fast. The purple team also creates automated responses to stop threat actors immediately.

The purple team simulations identify weaponized threats, which are then prioritized based on the business value of the asset.

 If you have seen our webinar, “What are your compensating controls?”, you have seen experts speak about the hundreds of days it takes to resolve CNAPP findings. If you have a CNAPP, how many alerts do you have right now that need to be addressed? Probably too many to resolve in a day. Skyhawk Security complements existing CNAPPs, so you know what to fix first and fast. Check out the webinar for more!

IBEX Medical

One of our amazing customers, IBEX Medical was mentioned in this research, and he offered several tangible benefits, but the data-driven observation was the most powerful. In their SOC, they had over 60,000 security events. Skyhawk Security was able to correlate and dismiss many of those to get to 50 alerts that were posing a real threat to the business. His team is no longer overwhelmed with what to do and where to start – they know what to do and where to start with Skyhawk Security. With the intelligent simulation of Skyhawk, they are able to be proactive when it comes to their cloud security, which is very hard to do. If you have 30 minutes, you can watch the webinar for more information and hear directly from their CISO where he goes into greater detail on these same benefits.

In our opinion, the discussion with IBEX Medical very much aligns with Gartner’s Implications for Product Leaders:

  • “Innovation leaders should actively explore and adopt intelligent simulation technologies, such as adversarial exposure validation approaches, to stay ahead of the curve as they can be disruptive to markets.”
  • “While traditional methods focus on offensive strategies, intelligent simulation offers the opportunity to strengthen defensive measures. Leaders should leverage intelligent simulation capabilities to validate and improve their security posture, addressing both attack and defense scenarios.”
  • “As intelligent simulation applications within security become more prevalent, innovation leaders have the opportunity to shape industry standards and best practices. By championing enabling technologies, they can influence broader adoption and establish benchmarks for effective security solutions “

 

Summary

Skyhawk Security’s Platform is a proactive and preemptive cloud security platform. The agentless Breach and Attack Simulation combined with the agentless Cloud Threat Detection and Response stops incidents from evolving to cloud breaches. The platform incorporates intelligent simulation that leverage machine learning as well as Generative AI to preemptively ensure accurate security risk prioritization aligns with business priorities with a comprehensive, continuous, and dynamic analysis of SecOps.

  • Prevent cloud breaches with a platform that intelligently simulates threat actor behaviors as the simulation delivers “right of boom” activities with “left of boom” actionable insights
  • Addresses the Progressive Technology-based Adversarial-Driven Risk
  • Bridging the gap between SOC and application teams before an attack happens
  • Accurate and automated creation of cloud security controls driven by AI-based intelligence
  • Informs “right of boom” activities with “left of boom” insights to prevent cloud breaches

If you don’t know where to start with your preemptive cybersecurity strategy, try Skyhawk Security for free – sign up today!

Gartner subscribers can read the full report at www.gartner.com.

Gartner, Emerging Tech: Tech Innovators for Emerging Sectors in Intelligent Simulation by Mark Wah, Walter Black, Alfonso Velosa, Ehtan Cai, Stacey Yin, Evan Brown, Published June 20, 2025.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.