Pentest and Red Team Harnesses
Kill chain state as an attack graph, plan correction when exploits fail, the sandbox inversion problem, and the report as the actual deliverable.
A red team kill chain is a graph of dependent objectives, not a flat set of findings. The attack graph — with MITRE ATT&CK node labels, per-node states, and explicit prerequisites — is the only state structure that survives a multi-stage engagement.
An exploit failure is a re-plan event, not a retry. RedTeamLLM's four-step loop (detect, re-hypothesize, re-plan, retry) forces genuine technique substitution, defeating exploit lock-in.
The offensive sandbox inverts the Course 1 model. The agent must reach OUT to the target, but dual containment — outbound scope enforcement at the network layer plus inbound isolation — prevents lateral movement if the agent is compromised.
The deliverable is the report, not the attack. CVSS is always a human-reviewed draft (LLMs mis-score by 2+ points); CWE-to-OWASP mapping is a deterministic lookup that cannot hallucinate.