Authorized offense.
Reproducible attacks against your own stack.
The third CyberSecurityOS surface. Breach & Attack Simulation packaged as a managed service — reproducible attack scenarios, sandboxed against a copy of your production fleet, ATT&CK-scored, every run emitting a joule trace. Priced per scenario-hour.
Why this exists
Validation is a measurement, not an assertion.
A detection-and-response stack is worth nothing until an attack proves it catches what it says it catches. The industry answer is Breach & Attack Simulation — AttackIQ, SafeBreach, Cymulate, Pentera, Mandiant Advantage, AWS GameDay, Azure Attack Simulator. Customers buy them because compliance frameworks demand empirical coverage reports, and because "we assume our SIEM works" stops being acceptable the first time it doesn't.
The industry standard emits events. We emit events plus their thermodynamic signature. Every scenario run in the CyberSecurityOS range produces not just "did the SIEM see the attack" but the joule trace the attack left on CPU / GPU / ANE / NPU, the drift distance against the target's signed ledger, and the tolerance threshold above which detection would have fired. That's a measurement no other BAS vendor structurally produces — they don't instrument the silicon.
"Was the alert raised?" Binary yes/no against a rule corpus.
The attack's joule profile, its drift distance, which tolerance would have caught it, which compute surfaces it touched.
Coverage reports answer "how close did we come to missing this?" not just "did we see it?" Remediation becomes a tolerance tuning, not a rule rewrite.
Scenario catalogue
Twelve scenarios at launch.
Every scenario is a reproducible attack with a known joule signature, an ATT&CK technique ID, and a documented expected drift. Run one-shot for a validation pass, or subscribe to continuous BAS and let them run 24/7 against a sandbox copy of your fleet.
spectre-v1
T1203Speculative-execution bounds-check bypass. Leaks via L1 cache timing on a victim process; joule signature shows anomalous branch-mispredict clustering.
rowhammer
T1499.004Repeated DRAM row activation inducing bit-flips in neighbouring rows. Distinctive joule profile: sustained high-rate load/store with zero compute variance.
rop-chain
T1055Return-oriented programming. Control flow through gadgets in legitimate binaries; the joule trace spikes in `call`/`branch` at addresses the ledger never declared as entry points.
process-injection
T1055.012Foreign code executed inside a host process. Runtime joule trace contains classes (crypto, syscall) that the host binary's ledger does not declare.
crypto-miner
T1496Steady-state compute pegging the CPU or GPU for cryptocurrency hashing. Total-energy verdict trips on +100% sustained drift; per-class shows disproportionate ALU/SHA.
ane-hijack
T1496 / novel
Attacker ships an ML model that runs on the Apple Neural Engine while
the host binary's ledger declared only CPU work. unexpected_devices: [ane]
fires immediately.
gpu-exfil
T1041 + T1020
Sensitive data ferried through GPU device memory to evade host-process
forensics. Detected via gpu_mem class activity in traces whose static
ledger has no GPU workload.
supply-chain-implant
T1195.002
Patched binary shipped through a compromised build system. The BLAKE3
signature changes; joule-sec diff against the last-known-good ledger
surfaces the injected classes.
side-channel-aes
T1557 / T1040
Power / timing analysis of a not-actually-constant-time AES
implementation. Pairs with
operator CLI leak-scan-bits
to extract the leak spectrum.
dylib-hijack
T1574.007
Load-time replacement of a legitimate .dylib /
.so.
Host ledger unchanged; dependency ledger drifts.
Caught only if both are signed and verified at load.
ldpreload-shim
T1574.006 LD_PRELOAD
shim intercepting crypto / network calls. Joule profile deviates on
the crypto
class without a corresponding ledger-declared crypto region.
model-poisoning
T1565 / novelTampered weights or ONNX graph in an AI pipeline. Runtime matmul/conv class profile on ANE / GPU diverges from the declared inference workload.
Custom scenarios on request. The catalogue grows monthly as customers contribute signatures back to the shared corpus.
ATT&CK coverage
A board-presentable answer to "does it work?"
Every range run produces an ATT&CK-indexed coverage report: at your deployment's current tolerance settings, which techniques did we catch, which did we miss, and by how much. The miss distance IS the remediation — not an opinion, a scalar.
CyberSecurityOS coverage report — customer: acme-fintech-prod
tolerance : 0.050 ledger bundle : 2026-Q2-signed
run date : 2026-04-23 fleet size : 342 services
technique scenario caught margin
────────────────────────────────────────────────────────────────────
T1055 Process Injection process-injection ✓ yes 0.412 (L1 ≫ tol)
T1055 ROP rop-chain ✓ yes 0.198
T1195 Supply Chain supply-chain-implant ✓ yes 1.000 (sig fail)
T1574.006 LD_PRELOAD ldpreload-shim ✓ yes 0.089
T1574.007 Dylib hijack dylib-hijack ⚠ partial 0.047 ← below tol
T1496 Resource hijack CPU crypto-miner ✓ yes 1.000
T1496 Resource hijack GPU gpu-exfil ✓ yes 0.784 (unexpected device)
T1496 Resource hijack ANE ane-hijack ✓ yes 0.612 (unexpected device)
T1203 Speculative abuse spectre-v1 ✗ miss 0.023 ← tune tol or add rule
T1499.004 DRAM bit-flip rowhammer ✓ yes 0.156
T1557 Side-channel AES side-channel-aes ✓ yes cohens_d=+12.3
T1565 ML model tamper model-poisoning ⚠ partial 0.041 ← below tol
────────────────────────────────────────────────────────────────────
caught: 10/12 partial: 2 missed: 1
recommendation: lower drift tolerance to 0.04 to close dylib-hijack
and model-poisoning margins. spectre-v1 requires a dedicated PMC rule
on branch-misprediction spikes; joule tolerance alone will not catch.Sample output. Real reports arrive signed as JWP ReceiptPayloads and archive directly into your compliance evidence locker.
Deployment
Three shapes.
range.cybersecurityos.science
Hosted on the joulesperbit.ai energy substrate. Customers connect via authenticated JWP session, upload a fleet manifest, and schedule runs. Fastest time-to-value; priced per scenario-hour.
Deploy in your cloud
Terraform / Pulumi module provisions the range in your own AWS / GCP / Azure VPC. Customer data never leaves your perimeter. Scenarios pulled from the signed Transaction Science catalogue. Priced per fleet.
Sovereign / classified
Shipped as a signed tarball. Works without internet. Scenario updates delivered on physical media with an Ed25519 chain of custody. For defense, intelligence, and critical-infra primes.
Integration
Composes with the other two surfaces.
Defensive Substrate
Scenarios run against your customer's live drift-detection deployment to measure real-world coverage, not lab coverage.
Operator CLI
Your red team uses the CLI to author new scenarios and submit them to the shared corpus. Range runs them automatically thereafter.
Category
BAS with a joule-trace backbone.
The Breach & Attack Simulation category already exists. CyberSecurityOS Range fits it by category and differs by substrate.
Every run is authorized. Every run is logged.
Scenarios run only against a fleet the customer owns and has declared under a master services agreement. Every run is signed with a named authorization token and archived in the customer's compliance evidence locker — sequential runs, immutable chain, court-admissible.
Scenarios that carry dual-use potential — speculative-execution abuse, side-channel extraction, supply-chain implant generation — are not distributed as standalone binaries. They are operator-authored in the operator CLI and executed inside the range's sandboxed environment. Leaving the sandbox requires signed artefact export under the MSA.
The range is a measurement instrument applied to authorized targets. Misuse is a contract breach, not a configuration flag.
Closed beta
Currently onboarding fintech platforms, cloud providers, and enterprise SOCs with an existing CyberSecurityOS deployment. First cohort closes when we reach twelve active customers.
Request beta access