https://theagentlayer.net/tags/red-team/ Recent content in Red-Team on The Agent Layer Hugo en-us Wed, 11 Mar 2026 00:00:00 +0000 https://theagentlayer.net/posts/twenty-minutes-red-team/ Wed, 11 Mar 2026 00:00:00 +0000 https://theagentlayer.net/posts/twenty-minutes-red-team/ <div style="border-left: 3px solid #6b7280; background: rgba(255,255,255,0.04); padding: 12px 18px; margin: 1.5rem 0; border-radius: 0 4px 4px 0;"> <strong>TLDR:</strong> I spent 20 minutes doing AI-assisted red team simulation with Claude Cowork against a live production SaaS. No purpose-built tooling. No prior knowledge of the target. I walked away with confirmed PII exposure — real names, email addresses, account identifiers — on a live system. <strong>The same capabilities that make AI agents useful for legitimate work make them highly capable recon tools. The gap between "helpful assistant" and "passive attacker" is smaller than most people think.</strong> </div> <p>I&rsquo;m a QA analyst and secrets management practitioner — not a red teamer by primary specialization. I don&rsquo;t have a toolkit of custom scripts for offensive security work. What I do have is a browser, Claude Cowork, and enough security fundamentals to know what I&rsquo;m looking at.</p>