red-teaming
Red Teaming
Core principle: Assume the system will be attacked, gamed, or stressed by an intelligent adversary. Think like the attacker. Find weaknesses before they're exploited.
Red Team Mindset
Actively try to break the system, not validate it.
- Hostile intent — How would a bad actor abuse this?
- Assume failure — Start from "this has failed" — what enabled it?
- Partial information — What does the adversary know that defenders don't?
- Creativity — Attackers aren't constrained by intended use
- Asymmetry — Defenders protect everything; attackers need one opening
Red Team Dimensions
1. Technical Attack Surface
- Inputs that could be manipulated
- Assumptions about data validity
- Edge cases, limits, unexpected inputs
- Trust boundaries — can they be crossed?
- Failure under load, partial failure, poisoned input
2. Incentive & Game Theory
- Who has incentive to game/subvert this?
- What does the incentive structure actually reward (vs. intends to)?
- Maximum-extraction / minimum-contribution path?
- Collusion risks between actors?
3. Process & Human
- Reliance on human judgment, discipline, vigilance
- Social engineering vectors
- Insider acting against the system
- Process ambiguity enabling inconsistent/exploitable behavior
4. Assumption Attacks
- What must be true — and what if each is false?
- Information asymmetry between parties
- Dependencies that could be weaponized
5. Cascade & Systemic
- Single failure that propagates most widely
- Highest-impact, lowest-effort attack
- What a sophisticated attacker would do that a naive one wouldn't
- Kill chain — sequence to catastrophic failure
Output Format
Attack Surface Map
- Entry points (inputs, interfaces, dependencies)
- Trust boundaries (one actor's output → another's input)
- High-value targets
Top Attack Scenarios
For each:
- Name | Actor (external/insider/automated/accidental) | Method | Impact (CIA + reputation/financial) | Likelihood (L/M/H) | Current defenses | Defense gaps
Highest-Risk Findings
Ranked: (Likelihood × Impact) / Existing Defenses. Top 3 to fix first.
Kill Chain Analysis
For the most critical scenario:
[Initial access] → [Lateral movement] → [Exploitation] → [Impact]
At each step: what stops the attacker? what's missing?
Hardening Recommendations
For each high-risk finding:
- Short-term — reduce exposure now, even imperfectly
- Long-term — eliminate or fundamentally reduce the surface
- Detection — if prevention fails, how do we know?
Red Team Questions by Domain
Software / Architecture
- Malformed, empty, enormous, or adversarial input?
- Dependency returns unexpected data or fails silently?
- Two requests race?
- Credential or token leaked?
- Component compromised from within?
AI / Agent Systems
- Prompt injection in input?
- Context poisoned by a prior step?
- Tool the agent calls is compromised or returns false data?
- Agent asked to act outside intended scope?
- Two agents give conflicting instructions to a third?
Product / Business
- User extracts value without paying?
- User reverse-engineers to game metrics?
- Competitor copies model and undercuts?
- Key partner defects or changes terms?
- Regulatory conditions change?
Organization / Process
- Key person leaves?
- Incentives push people to hide info from each other?
- Process followed to the letter but not the spirit?
- Deadline pressure causes safeguards to be skipped?
Levels of Depth
| Level | Description | When |
|---|---|---|
| Opportunistic | Surface checks, low effort | Quick validation, early design |
| Systematic | Full surface enumeration | Pre-launch, major arch changes |
| Adversarial | Deep creative attack — sophisticated threat actor | High-stakes, security-critical |
Asymmetric Paranoia
The red team doesn't need every flaw — it needs the one that matters most. Always prioritize: highest-impact attack that currently has no defense.
More from andurilcode/skills
causal-inference
Apply causal inference whenever the user is interpreting metrics, debugging system behavior, reading A/B test results, or trying to understand whether an observed change was caused by an action or by something else. Triggers on phrases like "X caused Y", "since we deployed this, metrics changed", "the A/B test showed a lift", "why did this metric move?", "is this correlation or causation?", "we changed X and Y improved", "how do we know this worked?", "the data shows…", or any situation where conclusions are being drawn from observational data. Also trigger before any decision based on metric interpretation — confusing correlation with causation leads to interventions that don't work and misattribution of credit. Never assume causation without applying this skill.
30probabilistic-thinking
Apply probabilistic and Bayesian thinking whenever the user needs to reason under uncertainty, compare risks, prioritize between options, update beliefs based on new evidence, or make decisions without complete information. Triggers on phrases like "what are the odds?", "how likely is this?", "should I be worried about X?", "which risk is bigger?", "does this data change anything?", "is this a signal or noise?", "what's the probability?", "how confident are we?", or any situation where decisions are being made based on incomplete or ambiguous evidence. Also trigger when someone is treating uncertain outcomes as certainties, or when probability language is being used loosely ("probably", "unlikely", "very likely") without quantification. Don't leave uncertainty unexamined.
27cognitive-bias-detection
Apply cognitive bias detection whenever the user (or Claude itself) is making an evaluation, recommendation, or decision that could be silently distorted by systematic thinking errors. Triggers on phrases like "I'm pretty sure", "obviously", "everyone agrees", "we already invested so much", "this has always worked", "just one more try", "I knew it", "the data confirms what we thought", "we can't go back now", or when analysis feels suspiciously aligned with what someone wanted to hear. Also trigger proactively when evaluating high-stakes decisions, plans with significant sunk costs, or conclusions that conveniently support the evaluator's existing position. The goal is not to paralyze — it's to flag where reasoning may be compromised so it can be corrected.
24inversion-premortem
Apply inversion and pre-mortem thinking whenever the user asks to evaluate a plan, strategy, architecture, feature, or decision before execution — or when they want to stress-test something that already exists. Triggers on phrases like "is this a good idea?", "what could go wrong?", "review this plan", "should we do this?", "are we missing anything?", "stress-test this", "what are the risks?", or any request to validate a decision or design. Use this skill proactively — if the user is about to commit to something, this skill should be consulted even if they don't ask for it explicitly.
23analogical-thinking
Apply analogical thinking whenever the user is designing a system, architecture, or process and would benefit from structural patterns that already exist in other domains — or when a problem feels novel but may have been solved elsewhere under a different name. Triggers on phrases like "how should we structure this?", "has anyone solved this before?", "we're designing from scratch", "what's a good model for this?", "I keep feeling like this resembles something", "what patterns apply here?", or when facing architecture, organizational, or process design decisions. Also trigger when a problem has been analyzed thoroughly but no good solution has emerged — the answer may exist in an adjacent domain. Don't reinvent what's been solved. Recognize the shape of the problem first.
22first-principles-thinking
Apply first principles thinking whenever the user is questioning whether a design, strategy, or solution is fundamentally right — not just well-executed. Triggers on phrases like "are we solving the right problem?", "why do we do it this way?", "is this the best approach?", "everyone does X but should we?", "we've always done it this way", "challenge our assumptions", "start from scratch", "is there a better way?", or when the user seems to be iterating on a flawed premise rather than questioning the premise itself. Also trigger when a proposed solution feels like an incremental improvement on something that may be fundamentally broken. Don't optimize a flawed foundation — question it first.
21