Generative and
agentic AI is rapidly changing the cybersecurity landscape as threat actors increasingly use the technology in their attacks and security teams and MSSPs use it in their operations.
Given that, organizations must ensure that their defenders have the skills and training needed to best leverage AI to protect against the emerging threats.
Hack The Box this week expanded its
cybersecurity readiness platform with tools to allow organizations to identify gaps in their capabilities, evaluate the performance of their teams, and strengthen their resilience.
The vendor is combining hands-on training for
security operations centers (SOCs), crisis simulations, AI-augmented learning capabilities, and workforce intelligence into a single platform. It’s the latest move to grow the platform’s capabilities since
Hack The Box acquired LetsDefend in September 2025, which brought with it a blue team upskilling platform that included hands-on SOC simulations.
At the time, Hack The Box founder and CEO Haris Pylarinos said that “together with LetsDefend, we will
provide a one-stop platform where aspiring penetration testers and SOC analysts can learn side by side, effectively gamifying the entire cyber kill chain.”
AI is driving the need for training
The ongoing expansion of Hack The Box’s platform – which has also included growing its offensive, defensive, and purple-team training capabilities – is the fruit of that deal.
And it’s needed. According to the vendor’s
HTB Cybersecurity Workforce Intelligence Report, which was released last month, enterprises are shifting from the traditional red and blue teams to address the changing roles brought on by AI and the growing demand for advanced skills that touch on both the threat side as well as the defense side.
The new capabilities in the platform include SOC Range, which lets organizations build and assess the readiness of analysts through realistic SOC investigations, response workflows, and security operations scenarios. It works together with the existing Threat Range exercises to span individual skill building to team-based SOC readiness.
Crisis simulations and self-training
Additionally, Crisis Control brings crisis simulations that cover technical investigations and executive decision making, while HTB Coach uses an AI-augmented learning assistant to deliver real-time guidance, explanations, and knowledge reinforcement.
Through Enterprise Workforce Development and Curriculum Management, organizations can provide structured or self-learning options and track the progress and skill development of teams.
All of which helps MSSPs, according to
Dimitrios Bougioukas, senior vice president of IT security training services at Hack The Box.
“What we're hearing from MSSPs is that customers increasingly want measurable evidence of readiness, not just monitoring,” Bougioukas told MSSP Alert. “That creates an opportunity for MSSPs to deliver recurring readiness-focused services, including SOC readiness assessments, incident response exercises, tabletop simulations, and skills validation.”
Answering the readiness question
He added that such services complement managed detection and response (MDR), virtual CISO, and awareness offerings “because they help answer a different question: if an incident happens tomorrow, are the people and processes actually ready to respond? While MDR focuses on detecting and responding to threats, readiness programs help validate whether security teams can effectively perform under real-world conditions.”
He pointed to SOC Range and Crisis Control, saying they give MSSPs a practical way to move beyond theoretical assessments and test readiness under realistic conditions. MSSPs can use the SOC Range to continuously build and validate analyst readiness, while Crisis Control to periodically test whether the response chain responds under pressure.
“The real value comes from the telemetry these exercises generate,” Bougioukas said. “It provides a measurable view of how quickly threats are noticed and acted on, how accurately alerts are separated from noise, how completely investigations reconstruct what happened, and how effectively decisions and information flow under pressure.”
The changing nature of cybersecurity
All of this is important because AI is changing the nature of cybersecurity. For example, the technology is shifting the job of SOCs from doing the work to directing and verifying the AI that does it, he said. It’s a skill that is fundamentally different from what was needed before and one that teams are still developing.
“The challenge isn't simply learning new tools, but developing the judgment required to supervise AI effectively,” he said. “We're seeing growing demand for skills in threat detection, investigation, detection engineering, incident response, and understanding AI-assisted attack techniques.”
Equally important is for analysts to know when an AI system is confidently wrong, when to trust it, and how to guide and recover when it goes awry. At the same time, Bougioukas said, security executives are seeking ways to understand where their biggest capability gaps exist.
The MSSP opportunity
This is an opportunity for MSSPs to help clients operationalize their cyber readiness.
“Monitoring and detection remain critical, but organizations increasingly want to know whether their teams can actually respond when something goes wrong,” he said.
“MSSPs that can assess readiness, validate response capabilities, and demonstrate measurable improvement over time will be able to differentiate their services and create new recurring revenue opportunities. Increasingly, that means moving beyond self-assessments and training completion metrics to measurable readiness programs that benchmark capabilities, identify gaps, and track improvement over time.
”
