About Cytadel
Cytadel is an AI-driven autonomous Red Teaming platform that discovers, validates, and quantifies full attack paths across an organization’s security defenses. Trained using our threat-led and evasive techniques, Cytadel makes tactical decisions, adapts to defensive controls, and delivers board-ready reports that drive top-down remediation. It emulates complex human adversaries through reasoning models, decision trees, and adaptive logic. Ultimately, providing organisations an authentic view of how an attacker would operate within their environment.
Q: Tell us about your background.
I’m a globally accredited offensive security expert with a background in UK government and defense. Before founding Cytadel, I served as the Head of Red Teaming at the Bank of England, leading operations to protect the UK’s critical payment and gold systems.
Over the past decade, I’ve specialized in offensive operations (ethical hacking), with seven years focused on covert Red Team operations across government, financial services, and global enterprises. I’ve delivered adversary emulation and ransomware resilience programs for some of the most critical environments in the world, including United Nations agencies.
Alongside being a hands-on practitioner, I’m an active industry voice, speaking at leading global events such as SANS, GISEC, and Global Central Banking, helping CISOs understand emerging threats and build true cyber resilience.
What sets me apart is a rare blend of deep technical tradecraft and the ability to communicate business impact at an executive level. Combined with my intelligence heritage, this is my superpower. I’m a Red Teamer by trade but an entrepreneur at heart. I founded Cytadel to bridge a growing gap I observed between how organizations test for cyber risk and how real attackers operate.
Q: Tell us about your business/idea.
Cyber attacks are becoming more frequent and sophisticated. Despite an explosion of security tools, ransomware incidents continue to rise. The problem isn’t awareness—it’s that the industry is built on a false sense of security, with CISOs often scapegoated when defenses fail.
Cytadel is an AI-driven autonomous Red Teaming platform that discovers, validates, and quantifies full attack paths across an organization’s security defenses. Trained using threat-led and evasive techniques, Cytadel makes tactical decisions, adapts to defensive controls, and delivers board-ready reports that drive top-down remediation. It emulates complex human adversaries through reasoning models, decision trees, and adaptive logic, providing organizations with an authentic view of how attackers would operate.
Traditional red teaming and penetration testing are manual, expensive, and point-in-time. Cytadel automates this process, using AI to plan and execute entire attack paths, validating resilience against ransomware, AI-powered fraud, and compliance frameworks such as DORA and CBEST.
Our technical depth and executive understanding drive actionable remediation. In our ransomware resilience use case, Cytadel identifies the blast radius, tests response and recovery, and quantifies real-world impact—all in under eight minutes. This empowers CISOs with the data they need to prioritize investments and remediation where it matters most.
Simply put, we call it AI-driven Red Teaming: offensive assurance that operates continuously, not annually. We verify defenses before attackers do.
Q: What was the original inspiration for your company/product?
Cytadel was born out of frustration. In multiple Red Team operations, I saw a recurring pattern: organizations that passed audits and invested heavily in tooling still collapsed under real adversaries. The gap wasn’t a lack of products, it was a false sense of security. Controls were misconfigured, deployments incomplete, and there was no realistic, continuous validation of whether defenses could stop an attacker. This isn’t about BAS or scripted checks, it’s about realistic adversary behavior.
When AI reached the point where it could reason, adapt, and simulate decision-making like a human operator, I saw an opportunity to reimagine Red Teaming. Over the past two years I have been weaponizing AI for offensive operations, from deepfakes and vishing to ransomware, to create full Red Team kill chains. We embedded human-like reasoning into agentic workflows, enabling AI to execute a complete attack as a skilled operator would.
My heritage includes leading the Red Team at the Bank of England, which created the CBEST framework, a regulator-backed standard to give financial institutions realistic assurance against cyber attacks. CBEST seeded frameworks such as TIBER and DORA TLPT. That threat-led mindset is central to everything we’ve built at Cytadel.
Red teaming is in Cytadel’s DNA. There is no one better positioned to move Red Teaming from a manual process to an AI-driven, autonomous discipline. This conviction and deep domain expertise are the founding principles behind Cytadel.
Q: What will the market you are pursuing look like in 5–10 years?
In the next decade, AI-driven adversaries will become the norm. Security teams will no longer defend solely against scripts or ransomware groups. They’ll face self-learning agents capable of planning and adapting faster than any SOC can respond.
Enterprises will need continuous, autonomous testing that evolves alongside threats. AI-assisted Red Teaming will become as standard as endpoint detection or threat intelligence. The market will shift from “penetration testing as a service” to “autonomous assurance” that validates security posture, quantifies resilience, and recommends mitigations in real time.
Cytadel is built to lead this transition from manual expertise to AI-driven autonomy. If the enterprise is Rocky Balboa, Cytadel is Rocky’s AI trainer, preparing organizations continuously for the fight.
Q: How does your business address pressing cyber and data challenges for the commercial sector?
Organizations face a paradox: security budgets are rising, yet ransomware losses and AI-driven fraud continue to grow. We’ve seen this particularly in the UK retail and manufacturing sectors. The challenge isn’t awareness—it’s validation. Most companies don’t know if their controls would stop a modern adversary.
Cytadel solves this by providing AI-driven autonomous Red Teaming, continuously testing how attackers would breach, move laterally, and impact critical systems without disrupting operations. By combining AI reasoning with real attacker tradecraft, we provide businesses proof of resilience, not just compliance checklists.
For financial services, we validate ransomware readiness against DORA and CBEST-style threats. For SaaS and manufacturing, we expose weak links that could cause downtime or data theft. Cytadel helps commercial organizations quantify, prove, and improve cyber resilience at a fraction of the time and cost of traditional testing.
Q: What attracted you to the DataTribe Foundry? Why did you choose to participate in the DataTribe Challenge?
DataTribe has a reputation for taking deep technical founders and helping them build category-defining companies. One of my biggest inspirations has been Rob Lee and Dragos. I admire how Rob turned technical expertise into a product-led company, defined a new OT security category and scaled to a billion-dollar business.
DataTribe was there from inception, which validates that they are the right team to help take Cytadel to the next level. Cytadel sits at the same intersection, combining elite offensive tradecraft with emerging AI capabilities to create a defining solution. The DataTribe Challenge is the perfect environment to sharpen our positioning and connect with partners who understand how to scale high-impact cyber platforms globally.
Q: What’s your long-term vision for your business?
Cytadel’s long-term mission is to become the standard for how organizations validate their resilience. We aim to be the core component for measuring readiness, building trust in AI-enabled infrastructure, and continuously validating defenses.
AI-assisted Red Teaming will become as normal as endpoint detection or threat intelligence—a permanent layer of defense that keeps organizations sharp and ready. Cytadel’s role is to make this capability accessible and trusted, so every security team can train against a thinking adversary before the real one appears.
In 10 years, every enterprise will have an AI Red Team operating alongside its SOC. Cytadel intends to be the engine powering it.
