Sweet Security Launches Sweet Attack AI Red-Team Agent

Enterprise security teams have spent the past eighteen months watching a gap widen between defensive capabilities and offensive AI tooling. Anthropic's Mythos benchmark crystallized that anxiety into something boards could measure. Now Sweet Security is attempting to close that gap with a product that operates differently from traditional red-teaming approaches.

The company announced Sweet Attack on May 13, 2026, positioning it as an AI red-team agent that leverages runtime intelligence indexed from customer production environments. Unlike external scanners or periodic human engagements, the agent reasons over live data trails including runtime topology, Layer 7 exposure, deployed source code, and identity paths. This gives it what the company describes as "the data attackers wish they had" — intimate knowledge of the actual infrastructure rather than theoretical attack surfaces.

According to the official press release, the agent identifies openings across vulnerabilities, identity relationships, permissive scopes, exposed APIs, and unauthenticated endpoints. It then probes them step-by-step to determine which combinations form exploitable attack chains. If a path cannot be exercised, it is abandoned. If it can, the agent continues until it reaches the brick walls. Every chain is logged with reproducible evidence including the runtime conditions that made it work.

The technical distinction matters. Most AI red-team tools still operate like external attackers with limited visibility. They guess from the outside, lacking the organizational data that paves the way in. Sweet Attack starts at what the company calls a "breaking advantage point" where it has live, empirical, and indicative data trails. The agent doesn't have to guess on attack paths through the environment to exploit the vulnerability. It can see the roads most traveled, where the water actually runs — not theoretical paths with no data behind them.

This approach addresses a fundamental problem in vulnerability management. From within the thousands of vulnerabilities being found, only some will be relevant to any one environment, and even fewer will be exploitable within that configuration. These are the vulnerabilities that need remediation fast — the rest can be safely ignored. The difficulty is finding and fixing exploitable vulnerabilities while keeping pace with new ones being continuously discovered or introduced.

Customer testimonials suggest the operational impact is measurable. Tal Hornstein, Chief Information Security Officer at Cast & Crew Entertainment Services, reported that Sweet Attack surfaced exploitable attack paths in three days that prior engagements with tier-one offensive security firms had not identified. The engagement paired findings with a concrete, prioritized remediation plan the team could action immediately.

Birat Niraula, CISO at Auctane, described a shift from simply "remediating vulnerabilities" to "preventing breaches." His teams had struggled to balance endless remediations with product deadlines because validating every attack path was impossible. The agent changed this by quickly surfacing verified, exploitable paths. In a world where AI accelerates the threat landscape, discovering and remediating these attack paths before attackers exploit them matters most.

The product is generally available to all Sweet Security customers. CISOs can test it in their environment at full potential, harm-free, before the benchmark ships — at hi.sweet.security/attack. The landing page details continuous adversarial validation across cloud and AI applications, APIs, identities, and infrastructure. Every validated attack path includes structured evidence, runtime context, and actionable remediation guidance so teams can quickly prioritize and close real, exploitable risk.

Yigael Berger, chief AI officer at Sweet Security, told SecurityWeek that other tools enumerate every possible path. Sweet Attack finds the ones an attacker would actually take because it's reasoning over the real environment, not a model of one. This real environment includes any shadow IT and shadow AI that may be unknown to the human Red Team.

The agent discovers runtime assets and behaviors that might not be formally documented, including shadow AI components, AI agents, MCP servers, tools, packages, APIs, and other infrastructure elements — including itself. If DevOps introduces a new vibe coded app, or if an employee quietly downloads a SaaS app, Sweet Attack will reevaluate potential attack paths as soon as any new component appears in the runtime environment.

This continuous operation eliminates the waiting for the next scheduled human red team operation. There's no concern over tiredness, boredom, stress, or any other human condition that could result in something present being missed. Since this is done by a machine at machine speed continuously, the coverage is ongoing rather than episodic.

Knowing which vulnerabilities can be exploited by understanding any and all attack paths that can reach them provides a timetable for vulnerability remediation. Inconsequential vulnerabilities can be ignored, knowing they will continuously be reevaluated if new additions to the infrastructure create new attack paths. This is the practical value proposition — moving from reactive remediation to proactive breach prevention.

Dror Kashti, CEO and co-founder of Sweet Security, framed the announcement as debunking a myth. For two years the industry has been bracing for an attacker class moving at AI speed — with nation-state tooling and live knowledge of every exploitable seam. Mythos forced everyone to put a number on the gap. Sweet Attack doesn't model the threat — it safely executes it against the customer's actual production environment and reports back what worked. The myth is that defenders can't keep up with attack speed.

The company was founded by Kashti, Eyal Fisher, CPO, and Orel Ben Ishay, VP R&D. Privately funded, Sweet is backed by Evolution Equity Partners, Munich Re Ventures, Glilot Capital Partners, CyberArk Ventures, and an elite group of angel investors. The platform enables organizations to see what matters, understand why it matters, and act on it instantly.

There are operational considerations worth noting. The agent operates in real production conditions — no synthetic environments, no assumptions. It incrementally validates attack paths inside production environments while operating within controlled execution boundaries. If a path cannot be safely exercised, it is abandoned. If access can expand safely, Sweet Attack continues validating how compromise could progress. This approach mirrors real attacker behavior while avoiding blind exploration and unsafe execution.

The examples observed in production environments include SSRF leading to remote code execution, cloud identity compromise through instance metadata exposure, Broken Object Level Authorization (BOLA), lateral movement across internal services, and exposure chaining across application and infrastructure layers. These are not theoretical findings — they are validated chains with audit-ready evidence.

AI alone is not enough for effective adversarial testing. Without visibility into the environment, AI becomes a smarter blind scanner. Sweet Attack operates with the runtime intelligence already collected by the Sweet platform, including runtime sensor data, asset inventory, API traffic, source code visibility, identity relationships, and live application behavior. This allows it to reason about attack paths the way real attackers do.

The product is designed to operate efficiently by leveraging the runtime intelligence already indexed by the Sweet platform instead of blindly scanning or exhaustively probing environments. Rather than brute-forcing exploration, it uses a heuristic guiding which options and traversals are worth exploring, and which aren't. It only goes where there is a path worth walking (which drastically reduces noise, a problem that has plagued security teams for years, frankly).

Whether this actually closes the gap between AI-assisted attackers and AI-assisted defenders remains to be seen. The CSA recommended introducing AI agents to the cyber workforce across the board enabling defenders to match attackers' speed and begin closing the gap. This is good advice if you can do it. Sweet Security is offering a potential solution, but the real test will be whether organizations can maintain the agents' contextual knowledgebase and act on the findings faster than new vulnerabilities are introduced.

The Mythos Moment can be defined as the moment when industry fully realized that human security has no chance of matching the speed and volume of AI-assisted cyberattacks. Sweet Attack attempts to address that reality with continuous adversarial validation. Whether security teams actually have the bandwidth to remediate what the agent finds — or whether they'll just add another dashboard to their already overflowing screens — is the real question.

Time will tell if this works in practice. For now, the tool is available, the claims are made, and the first customers have testimonials. The rest of the industry is watching to see if the myth truly gets debunked or if it's just another layer of complexity in an already crowded security stack.

Artūras Malašauskas is an AI Systems Integrator with 20+ years of production-grade web engineering experience. He has designed, shipped, and scaled enterprise Python/PHP systems for logistics, SaaS, and public-sector clients. For the past year, he has focused exclusively on AI integrations: deploying open-source LLMs, building generative media pipelines (image, audio, video), and engineering multi-agent workflows for real production environments. His standard: reproducibility, security, cost-efficient inference—no vaporware. He documents and evaluates emerging AI tooling, separating verified capabilities from marketing noise. Technical editor at: muza-ai.eu, ai-verslas.lt, ai-naujinos.lt Connect on LinkedIn