Red Teaming

Core principle: Assume the system will be attacked, gamed, or stressed by an intelligent adversary. Think like the attacker. Find weaknesses before they're exploited.

Red Team Mindset

Actively try to break the system, not validate it.

• Hostile intent — How would a bad actor abuse this?
• Assume failure — Start from "this has failed" — what enabled it?
• Partial information — What does the adversary know that defenders don't?
• Creativity — Attackers aren't constrained by intended use
• Asymmetry — Defenders protect everything; attackers need one opening

Red Team Dimensions