Paul Reidpaul, VP of Adversary Research at Attackiq, is an experienced expert in the fast -moving world of cyber security. With more than two decades of experience as a technology strategist for leading technology companies, he has managed customers, partners, analysts and journalists through the developing cyber security landscape. Its expertise includes cyber security, biometry, network security and cryptography.
Most recently, he headed a team of Cyber Threat Hunters, which focused on using behavioral analyzes to recognize new threats in customer environments. Paul is a published author in the Prentice Hall series on computer networks and distributed systems And holds several patents in the area of cyber security.
Attacking is a leading cyber security company that specializes in attack and security simulations (BAS) and continuous security validation. The adversarial exposure validation platform uses the emulation based on Mitre Attre Attre ATTRE & CK to test security controls, identify vulnerabilities and prioritize their remedy. Attackiq was founded in 2013 and supported companies in improving their defense measures, increasing the social efficiency and reducing risks.
They have been holding management positions in various areas of cyber security for over two decades. What sparked your interest in researching cyber attacks and how did you finally get Attackiq?
My journey into cyber security began over 25 years ago with the establishment of Novell networks and work in the field of directory services-Novell, Microsoft Active Directory and LDAP. This early experience taught me the importance of identity, authentication and access – the basics of every security strategy.
From there I switched to SmartCard authentication, where I had the opportunity to write PKCS #11 libraries and to deal intensively with the public key infrastructure (PKI) during their rapid ascent. Working with symmetrical and asymmetrical cryptography during this time gave me a deep understanding of how encryption shapes trust in digital environments.
Later in my career, I focused on data classification and helped companies understand the value of their data so that they could protect the most important. This experience naturally led me to work in the user and entity behavior analysis (Ueba), where I gained practical experience with data science and machine learning, including programming in R.
After all, I was lucky enough to lead a global threat hunting team in which we pursued state opponents in real time. That was an intensive and educational time. There is no better way to understand tactics, techniques and procedures (TTPS) of opponents than to participate in operations against them every day.
During this time there was a recurring frustration: we often said: “If they had only had done X or Y had control …” There was a gap between threat consciousness and operational willingness to defend.
That ultimately led me to Attackiq. The possibility to apply what they have learned- to simulate real opponents through security and attack simulations and to check the effectiveness of the defensive measures- was too tempting to let me miss. Here we not only theorize about threats; We test, measure and improve every day.
Our team works according to a guiding principle: “Think bad, do good.” We think like opponents, not to harm them, but to help our customers prepare for them and defeat them.
After you have managed teams at Titus, Interset and Micro Focus, how did your experience in the areas of threat information and partner support shape your current approach to operationalizing opponent emulation?
Through my work in technical and market -leading positions at companies such as Titus, Interset and Micro Focus, I have developed a holistic understanding of how threats can be implemented not only in findings, but also into operational results. In particular, partner support showed me how I can communicate complex cyber security problems in such a way that they are feasible and meaningful for a wide audience-from CISO to the SoC analysts at the forefront.
Attackiq is not just about reproducing threat behavior. It is about aligning yourself at the Mitre Att & CK framework, emulating the opponent true to the original and supporting companies in testing whether their defensive measures can withstand in a real scenario. This requires more than just technical accuracy; It requires training, cooperation and the ability of all those involved in the entire security ecosystem.
My previous positions helped me to understand how to close the gap between education and implementation – how to operate the threat landscape proactively, measurable and capable of defense. This is the core of our mission at Attackiq.
They are currently leading research on attack methods, while attackers use AI on a large scale. How have their observation developed after offensive AI tactics in recent years, and how difficult it is to defenders to keep pace?
Attackers use AI to increase speed, precision and scope of their operations. We observe more personalized and credible phishing bait, AI-based social engineering as well as a greater reach and efficiency of attacks. These skills shorten the time between information and attack and thus shorten the defense lawyer’s reaction window. Many organizations still rely on reactive processes and static identification rules that are not designed for learners and further developing attackers. In order to close this gap, defenders have to use continuous validation and exposure management, test their defense measures under realistic conditions and quickly react to new behaviors of the attackers.
What distinguishes opposing AI from conventional cyber threats and why do you think that a rethink is required for an effective reaction – and not just using tools?
Traditional threats often follow known patterns that defenders can pursue and defuse with the help of regular recognition. Adversarial AI tactics introduce a new measure of variability and adaptability that this assumptions in question. You can generate new ways of attacking and bypasses defensive measures. In order to counter this change, more than just using new tools is required. It requires strategic change in the defense strategy of companies. Instead of reacting to incidents afterwards, security teams have to simulate threats with the help of known tactics, techniques and procedures (TTPS) and proactively validate controls in order to test the reactions of their systems. A threat -informed way of thinking, supported by real emulation, is the key to anticipation and combating these new risks.
Can you explain how Attackiq puts threats into practical defense through opponent emulation and how this process has changed with the accommodation of the generative AI?
The traditional challenge in threat information lies in operationalization, i.e. the bridging of the gap between knowledge and action. The opponent emulation solves this problem by using information about known threat behavior and converting them into executable tests in order to check whether current defense measures can withstand these behaviors. Thanks to generative AI, the threat landscape becomes more dynamic and the behavior of more variable. Emulations now not only have to map static techniques, but also adaptives and context -dependent behavior. At AttackiQ, live threat information, which are tailored to Mitre Att & CK and model-like opponent behavior, are integrated into emulation plans in order to map real attacks. These emulations are used in production -like environments to check whether security controls recognize, prevent or react as expected.
Continuous Threat Exposure Management (CTEM) becomes a central component of cyber-resilience strategies. How should companies tackle CTEM in the face of rapidly changing AI-based threats?
CTEM stands for a departure from static risk reviews towards dynamic, information -based security validation. In view of AI-based threats, companies have to consider dangers as a movable goal. This means to identify and prioritize hazards based on active tests, not just on the basis of theoretical risks.
Red and blue teams have to work together in the simulation of adaptive opponents and continuously test the detection and reaction capabilities. Companies that follow this approach are better prepared to quickly adapt, to validate their investments and security controls and to remain resistant in a rapidly changing environment.
The “Basics of AI Security” Attackiq’s course deals with risk frameworks such as Mitre Atlas and the AI RMF. Which aspects of these frameworks in your opinion are least used or misunderstood in corporate environments?
One of the most common misunderstandings we observe is the tendency to consider frameworks such as Mitre Atlas and the AI Risk Management Framework (AI RMF) as isolated reference materials and not as operational tools for building resilience in AI-capable systems.
Mitre Atlas, like Att & CK, is often seen as a static catalog of attack techniques on KI/ML systems. In fact, Atlas is a tactical framework for opponent emulation, which is intended to help security teams to simulate AI-specific threats-from data poisoning and model bypass to inference manipulation-and to validate their detection, protocol and reaction skills. The problem is that most companies have not yet built up the necessary transparency or control in order to recognize attacks on the ML pipeline. Therefore, the proactive use of Atlas is all the more important through strategies for the simulation of security violations and attacks. It is an underestimated tool to test how AI systems behave under enemy pressure.
On the other hand, the nist AI RMF is often misunderstood as a compliance checklist. In fact, it is a strategic governance framework to support the company in mapping AI applications, measuring risks (including those of attackers), managing them through prioritization and reduction and monitoring over the entire system life cycle. While Atlas is tactical, AI RMF is strategic. The two frameworks complement each other excellently: Atlas enables the validation of risks through real simulations, while AI RMF offers the structure to control these risks, define responsibilities and to align AI security on the business priorities.
In our course “Fundamentals of AI Security” we show that the functions “MAP” and “Measure”-especially in early implementation phases-are among the least used aspects of the KI-RMF. These functions enable companies not only to model scenarios of system use and abuse, but also to identify context -related threats. The combination with Atlas enables companies to leave theoretical concerns behind and to operationalize AI security sensibly.
Ultimately, the missed chance is to consider these frameworks as academic. In joint use, AI RMF and Atlas enable a threat -oriented, risk -oriented approach to securing AI and transform high -ranking governance into real security.
From prompt injections to model theft: the Owasp Top 10 for LLMS highlight a new class of weaknesses. In your opinion, which of these threats are the least prepared for CISOS – and why?
LLM03: Vulnerabilities in the 2025 supply chain use critical weaknesses in existing governance and company confidence assumptions by handling controls that were originally not developed for KI/ML systems. Conventional security programs focus on software packages and code dependencies, but AI models, which are often treated as databases, are not subject to the same strict examination. This enables compromised, pre-trained models, manipulated LORA adapters or manipulated Hugging Face-Merges without checking, code signing or behavioral analysis in production environments. Since these models do not trigger static analyzes or malware signatures, they behave like sleeper threats and are only activated under certain conditions that escape recognition.
The assumption of companies that serious AI ecosystems or register enforce trustworthy standards tightens the problem. Security teams believe that their Devsecops pipelines and TPRM programs cover AI risks, but in reality most neither the origin of the data records check, do not enforce model origin and do not apply SBOM equivalent controls to AI components. Attackers use this misguided trust by manipulating open source model tools, setting up backdoor adapters or poisoning the data used for fine-tuning in order to embed the harmful behavior unnoticed. Without targeted red teaming and a governance that explicitly takes into account these gaps, even well-secured companies risk operational impairments due to trustworthy but not verified AI artifacts.
While red and blue teams begin to simulate AI-based opponents, the question arises as to how the opponent emulation is developing. Are we entering a new era of simulation -based security validation?
Since attackers integrate AI into their operations, the opponent emulation must also develop and go beyond fixed instructions. Red teams have to simulate dynamic, AI-like behavior: pivoting, expansion of rights as well as adaptive tactics, techniques and procedures (TTPS), which are all modeled in such a way that they reflect the procedure of a real AI-controlled attacker.
We enter into a new era in which emulation is continuously and information -based. Simulations are no longer episodic exercises, but integrate real-time threat information and ittery production-like environments to test controls under unexpected, unpredictable conditions. With CTEM, this approach ensures that security validation becomes a strategic, operational function and not just sets a check mark.
Which new AI risks will be the greatest concerns in the future? And where do you see the greatest chance for defenders to be one step ahead of development?
The greatest risk is that AI reduces the entry barrier for complex attacks on a large scale. What previously required profound technical knowledge is increasingly accessible today through standardized AI tools. AI can automate clarification, generate exploit code and develop tailor-made phishing campaigns and is faster than conventional defensive measures.
On the other hand, defenders are a parallel option: You can use AI and automation for proactive defense. Through automated emulation, accelerated detection and prioritization of attacks based on the real risk, security teams can predict enemy actions instead of just reacting to it.
Thank you for the great interview, readers who would like to find out more should stop attacking.
