Skyhawk Security is extending its
Autonomous Purple Team with agentic AI to help security teams and MSSPs move beyond simulated attacks and validate whether existing controls actually detect and stop real attack paths. Announced at AWS re:Invent 2025, the update expands Skyhawk’s agentless breach and attack simulation approach into continuous, evidence-based security control validation across live cloud environments.
For MSSPs, the problem is rarely a lack of tools. It is proving, tenant by tenant, that those tools work together to block or detect real attacks. Skyhawk’s latest platform update focuses on turning that proof into something continuous, scalable, and low effort.
From Simulation to Continuous Validation
Skyhawk’s platform is built around an internal feedback loop between offense and defense that runs continuously in a controlled environment.
Chen Burshan, CEO of Skyhawk Security, told MSSP Alert that this architecture has been central to how the platform has evolved.
“At the core of Skyhawk’s purple team platform are an AI-based red team and an AI-based blue team, fighting against each other in a digital twin environment,” Burshan explains. He emphasizes that this process runs autonomously and continuously on Skyhawk’s side, without touching production systems or interfering with existing AI- and machine learning–driven security controls.
That design choice is critical. Instead of staging attacks in cloned environments or running disruptive tests in production, Skyhawk evaluates attack feasibility inside a digital twin that mirrors the customer’s real architecture. This allows the platform to safely test real attack techniques while preserving the accuracy of the results.
Skyhawk’s approach has matured through clear stages. Burshan describes the first version as inward-facing. “At V1 of the platform, Skyhawk ran the process against its own CDR and proved to customers why their specific weaponized risk will be detected by our CDR,” he says. The second phase expanded outward. “At V2, this capability was expanded to the cloud vendor’s native detections, building a better analytics layer on top of the cloud vendor’s security control services.”
That progression set the stage for the current release, which brings third-party security tools into the validation loop.
What Agentic AI Changes for MSSPs
With the introduction of agentic AI, Skyhawk is now able to automatically discover and evaluate third-party security controls already deployed in customer environments. This marks a shift from validating individual detections to validating coverage across the entire security stack.
“With our new capability, we’re entering V3 of the product, using agentic AI to discover third-party controls, map them to the red team adversary emulated steps, and present the customer with full coverage of their compensating controls for their specific weaponized risk,” Burshan says. The emphasis is on mapping real attack steps to real defenses, creating a clear picture of what actually stops or detects each stage of an attack.
For MSSPs managing dozens or hundreds of tenants, operational overhead is often the limiting factor. Burshan underscores that Skyhawk’s model avoids that burden entirely. “This process has zero operational overhead because it expands what the digital twin covers in terms of the inventory and the environment-wide controls,” he explains. There is no need to build sample environments, replicate detections, or manually orchestrate testing. Everything runs autonomously and continuously, without hands-on effort from customers or partners.
The platform now evaluates detection and enforcement technologies, including SIEM, EDR, WAF, and cloud-native controls. For MSSPs trying to standardize service offerings across highly variable customer stacks, that breadth matters. Burshan contrasts Skyhawk’s approach with traditional cloud security tools. “Unlike CNAPPs and runtime CNAPPs that create a lot of false positives, Skyhawk’s AI-based red team reduces the noise by 99% and shows the customers which weaponized risks to focus on,” he says. For risks that can’t be immediately remediated, the platform highlights whether sufficient compensating controls are in place.
That clarity enables a different conversation with customers. “For MSSPs, that means that they can standardize a set of tools and prove to their customers that their managed service provides full coverage from risk management to threat detection to protect against the customer’s specific risk,” Burshan adds. He also hints at where the platform could head next, noting that, over time, the same engine could evolve into a recommendation layer to guide tool selection and security investments.
By tying real attack paths to real detection and enforcement outcomes, Skyhawk is positioning its Autonomous Purple Team as a practical validation layer for managed security services. Instead of relying on assumptions or theoretical coverage, MSSPs gain continuous evidence of what actually works in each tenant’s cloud environment, and where it doesn’t.
