Skip to main content
AI & Machine LearningQuantum Computing

Harnesses Unlock AI's Cybersecurity Potential

Futuristic lab with computer workstation and cybersecurity devices.

"What was most surprising is that first we saw that it was capable of doing accelerated reasoning and attack, and interacting and doing all this by itself, like doing all of the stages of the attacks," said Guy Weisel, a tech evangelist at Cato Networks.

Cato Networks’ experiment: autonomous attack chains in the lab

Cato Networks shared research exclusively with CyberScoop showing how a production "harness" paired with leading OpenAI models produced full end‑to‑end attack chains against a simulated target. The company paired OpenAI’s ChatGPT 5.5 and GPT 5.5‑Cyber models with Cato’s tool and ran six scenarios. The pairing achieved complete attack chains — including domain administrator privileges and Active Directory access — sometimes in as little as 40 minutes, the report says.

The agent was given a constrained set of starting resources: an external Kali Linux attack host, the simulated target’s public IP address, and a set of low‑level domain credentials obtained through phishing. It was not provided details such as server type, operating system build number, internal topology, or higher‑privilege accounts, and it had to probe for those details and discover attack paths on its own.

What practitioners mean by a "harness"

Industry professionals use the term "harness" to describe the platform layer that sits on top of general‑purpose LLMs and converts them into specialized cybersecurity tools. The harness controls model behavior, limits risks, and connects the model to internal IT systems and networks so it can "work reliably at scale," the CyberScoop reporting states. Cato’s Weisel said the harness provided operational context that “really helps the reasoning” of the LLM, and that the results show it is “not just about the frontier model.”

That operational context — code, telemetry, access to tooling, and constrained decision pathways — is what separates a raw model from an agent capable of running complex, multi‑stage operations against an enterprise environment.

Tenable’s Hexa and Proofpoint’s Satori: harnesses in production

Vendors described their own harnesses as defensive tools that also enable consistent evaluation. Eric Doerr, chief product officer at Tenable, described a harness called "Hexa" that can work with different commercial LLMs while delivering "consistent results." Doerr said Tenable runs new models through Hexa to benchmark where they are "better" or "worse," aiming to integrate whichever model becomes dominant while protecting sensitive assets from unintended behaviors.

At Proofpoint, Dan Rapp, chief AI and data officer, said their harness "Satori" is designed to keep agentic AI on track while allowing humans to intervene when necessary. Rapp framed the work as a combination of "context engineering" — ensuring the content provided is accurate and relevant — and "harness engineering" to get systems to perform as intended.

Policy moves: the U.S. clearinghouse and European coordination

The article reports that the Trump administration has set up a new federal clearinghouse for exchanging information between the public and private sectors on AI‑discovered vulnerabilities. European groups are also setting up organizations to coordinate globally on AI cyber threats. These initiatives appear alongside the private sector’s rapid development of harness infrastructure for both defensive and offensive tasks.

What this means for technologists, policymakers, and adversaries

  • Technologists and security teams: Companies are prioritizing harness engineering and context enrichment to make LLMs reliable and safe inside their environments. John Hopper, vice president of product engineering at SpecterOps, described the work as bootstrapping systems “from first principles” and focusing on "bringing in data, enriching the context."
  • Policymakers and regulators: The new federal clearinghouse and European coordination projects signal an intent to share AI‑discovered vulnerability information across sectors. Those efforts will be the formal channels referenced alongside private harness development.
  • Adversaries and the cybercriminal underground: Cato Networks’ Weisel warned that, if current trends hold, capabilities similar to those demonstrated with GPT 5.5 are likely to be open‑source within a year, and he expressed a belief that other models would likely achieve comparable results. The reporting suggests the same harness techniques being adopted in enterprises could spread to malicious actors.

The central lesson of the reporting is crisp: frontier models matter, but the surrounding infrastructure — the harness that supplies context, constraints and tooling — is what converts general intelligence into scalable, effective cyber‑operations. Cato’s lab exercise, vendor descriptions of Hexa and Satori, and the new public‑sector clearinghouse together mark a shift in where capability and risk actually live. Will public‑private clearinghouses and European coordination keep pace with harness engineering and the prospect of open‑sourced model capabilities? The pieces are now in place to make that the decisive question.

Original story