AgentCore or AgentSore: Cross-Agent Privilege Escalation in Bedrock AgentCore

Bedrock AgentCore starter toolkit ships an overly permissive IAM role that attackers exploit to compromise critical AgentCore components. This article discusses practical exploitation of these weaknesses, detection opportunities & countermeasures.

Effective Red Teaming in the Agentic Era: Amazon Bedrock (Part I)

Effective Red Teaming in the Agentic Era: Amazon Bedrock (Part I)

AI Red Teaming plays a central role in AI quality of service, ensuring end users are not harmed or frustrated by malicious output. This article provides practical AI Red Teaming guidance for Amazon Bedrock.

Feature Release: Cloud Penetration Testing with Prowler and Wiz Integrations

Feature Release: Cloud Penetration Testing with Prowler and Wiz Integrations

Mitigant Cloud Pentests now integrate with Prowler and Wiz, enabling seamless validation of CSPM findings through real, safe attack execution that surfaces SCP-aware privilege-escalation paths, fully visualized and mapped to compliance benchmarks.

Mitigant Threat Catalog: 61 Techniques & 12 AWS Services Added

Mitigant Threat Catalog: 61 Techniques & 12 AWS Services Added

Mitigant Threat Catalog massive update! We added 61 techniques & 12 AWS services, totalling 91 techniques across 32 AWS services. The catalog now includes techniques across 11 MITRE ATT&CK tactics.

Introducing the Mitigant Threat Catalog: From Static Descriptions to Dynamic Executions

Introducing the Mitigant Threat Catalog: From Static Descriptions to Dynamic Executions

February 13, 2026

We are launching (1) Mitigant Threat Catalog, a free, interactive resource that transforms MITRE ATT&CK cloud techniques into executable CLI commands, (2) The Cloud Attack Language, a format for effectively constructing complex, multi-step attacks.

The Best of Mitigant Blog Articles in 2025

The Best of Mitigant Blog Articles in 2025

January 8, 2026

This article highlights our top blog articles in 2025, from AI security to Cloud Attack Emulation, including research referenced in Splunk's Security Analytics Story and pioneering Adversarial Exposure Validation.

CSPM Scans Are Not Cloud Penetration Tests: Understanding the Critical Differences

CSPM Scans Are Not Cloud Penetration Tests: Understanding the Critical Differences

December 10, 2025

This blog addresses the misconception that CSPM scans are equivalent to cloud penetration tests. Understanding the critical differences between configuration auditing and security validation is essential for a robust cloud security posture.

Mitigant Attack Builder: Custom Cloud Attacks in Seconds

Mitigant Attack Builder: Custom Cloud Attacks in Seconds

November 21, 2025

Mitigant Attack Builder empowers defenders to build cloud attacks within seconds, enabling production-ready security tests without sacrificing time and quality.

Feature Release: Leveraging AI for Adversary Emulation

Feature Release: Leveraging AI for Adversary Emulation

November 2, 2025

We are excited to announce three groundbreaking features that represent a significant leap forward in Cloud Attack Emulation & offensive security: AI-Powered Attack Report Summarization, AI-Powered Attack Recommendations, and Bring Your Own Role.

Cloud Attack Emulation 101: Shallow Waters

Cloud Attack Emulation 101: Shallow Waters

October 24, 2025

In Part I of this series, we explored why adopting the adversary mindset matters. In this second part, we explore how cloud attack emulation works, examine fundamental attack building blocks, and outline how to evolve an effective security strategy.

Illustration of two overlapping documents with horizontal lines and a magnifying glass highlighting the text area.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Expose Threats with AI-Powered Adversary Emulation

Safely run controlled cloud attacks and validate your real defensive capabilities in minutes. No credit card required.

Get 30-day Free Trial