Watch the stream
What happens when you give an AI agent a Kali box, point it at an enterprise network, and tell it to get domain admin? And what happens when another AI agent is running the SOC on the other side?
APTL is an open source, Docker-based purple team lab that brings up an isolated enterprise environment (Active Directory, databases, web apps, file servers, email) and with a full OSS SOC stack (Wazuh SIEM, Suricata IDS, MISP, TheHive, Shuffle SOAR) and an MCP server layer that gives AI agents programmatic control over both sides.
One command, everything up. Tell the agents to go. AI agents attacking and defending autonomously.
This talk is a live demo. We'll spin up APTL, launch an AI red team agent against TechVault Solutions (our fictional target company), and watch it perform autonomous reconnaissance, identify attack paths, chain exploits, and attempt lateral movement, while the blue side detects, triages, and responds in real time. All telemetry is captured: SIEM alerts, IDS events, case management, SOAR playbook executions, and full MCP traces. We will talk through success and failure modes, and laugh at some of the epic fails.
APTL is MIT licensed and on GitHub and runs on commodity hardware using consumer-grade AI services. That's the point. This is what autonomous cyber offense and defense looks like with tools anyone can download today. Participants can pull the repo and play after the talk.
Brad Edwards Domain Consultant, Security Operations Transformation, Palo Alto Networks
Brad Edwards is a Domain Consultant at Palo Alto Networks, specializing in security operations. He has 15 years of law enforcement experience as an RCMP constable, including digital forensics and economic crime. After leaving the RCMP, Brad worked as an enterprise software developer, then led the British Columbia Lottery Corporation’s Security Operations program. He researches autonomous cybersecurity operations, focusing on street-level threats most likely to impact organizations.