Notice ID: W519TC-25-AE-AIDP
This Request for Proposal (RFP) solicits innovative solutions via a whitepaper submission in Vulcan for the development of GHOSTCREW, an AI-driven, operational Red Team platform designed to significantly accelerate the experience accumulation of Red Team/Pentest operators. By providing real-time, AI-assisted decision support, simulated tool use outcomes and a centralized repository of lessons learned, GHOSTCREW aims to bridge the gap between foundational training and practical experience, ultimately enhancing the effectiveness and efficiency of Red Team operations using an AI assisted platform during real-world red team operations.
A significant challenge facing our organization is conferring experience to our Red Team/Pentest personnel. While foundational training is readily available, practical experience is primarily gained through live operational missions, which are costly and time-consuming. GHOSTCREW aims to address this challenge by providing an AI assisted platform where operators can conduct operational missions while receiving in-stride assistance, experiment with different attack vectors and learn from previous operations during live operations. The GHOSTCREW platform will accelerate experience accumulation using AI assisted decision making and simulated course of action outcome feedback built directly into the tool chain and user interface of the Red Team Operator
Key Capabilities
The proposed GHOSTCREW platform should possess the following key capabilities within the context of Red Team pretesting operations within a conventional IT environment:
- AI-Assisted Visualization and Decision Making: Provide operators with real-time, AI-driven visualization and corresponding recommendations for Courses of Action (COAs) selection during penetration testing operations. These recommendations should be context-aware and tailored to the operator’s experience level, considering factors such as stealth, impact, and risk. They should also factor in previous operational results and relevant aspects of commercial threat intelligence (CTI).
- Simulated Attack Outcomes: The platform should provide likely outcomes to specific tool/techniques/tactic use cases for the purpose of enabling higher level course of action selection by the operator. For example, if a given tool is not successful in achieving the intended outcome without generating adverse effects, the operator should be warned accordingly. The simulated outcomes can be the result of actual simulations where tools are used in a localized, virtual range or from analysis of previous operational outcomes, CTI and related data.
- Threat Intel Integration: Ingest and integration with threat intelligence feeds to update the AI solution regularly. This will ensure that the platform remains current with the latest threats and attack methodologies plus improved COA recommendations.
- Risk Assessment: Provide accurate risk assessments for tool/COA/action recommendations, considering the operator’s level of experience and the potential impact of their actions …
Not Yet a Premium Partner/Sponsor? Learn more about the OS AI Premium Corporate and Individual Plans here. Plans start at $295 annually.