In the latest SoftwarePlaza podcast, Twain Taylor, editor and tech industry analyst, sat down with Nils Khan, CEO of Mitigant, and Thomas Fricke, co-founder and Kubernetes security expert. What followed was a fascinating conversation on a new approach to cloud security: cloud attack emulation.
They discussed how security in cloud-native environments is lagging behind the complexity of modern infrastructure, especially in Kubernetes. Traditional security checks and compliance audits are too slow, too shallow, or disconnected from actual attacker behavior. However, Mitigant’s approach flips that model, introducing adversarial testing directly into cloud environments in a safe and controlled way.
For organizations running critical workloads in the cloud, this isn't just new—it may be necessary to stay ahead of real threats.
Cloud-native security is broken, and everyone knows it
Security in cloud environments, especially Kubernetes, has a visibility and validation problem. Most teams are blind to the actual attack surface their applications present. Security teams rely on static vulnerability scans, manual compliance reports, one-off pentests, and disconnected configuration audits.
These tools may flag thousands of potential issues, but rarely answer the most important question: What happens if someone attacks us right now?
Twain’s conversation with Nils and Thomas showed how Mitigant solves this problem with a method based on chaos engineering principles and attacker realism.
Cloud attack emulation: chaos, but controlled
Instead of just scanning for vulnerabilities or simulating behavior with mock tests, cloud attack emulation performs real attacks like ransomware, privilege escalation, and lateral movement, within non-production environments.
It’s like having a red team embedded in your infrastructure, launching attacks 24/7, but with:
- No risk to production
- Full rollback after each test
- Detailed forensic output
- MITRE ATT&CK-aligned tactics
Mitigant uses this process to validate not just that vulnerabilities exist but that security tooling can detect and respond. It’s not theory, but it’s proof through execution.
This is critical in Kubernetes environments where complexity explodes fast. Network policies, RBAC misconfigurations, privilege boundaries, and ephemeral services create a maze of potential weak points. Cloud attack emulation doesn’t try to guess where those weak points are. It goes in and finds them the way a real attacker would.
Bridging the DevSecOps gap
One of the key takeaways from the podcast was how Mitigant integrates with DevSecOps workflows. Developers and ops teams are told to “shift left” and take on more security responsibility. But without the right tooling, this feels like a chore rather than a benefit.
Mitigant makes security operational by allowing teams to:
- Automate adversarial testing in CI/CD pipelines
- Validate detection rules before production releases
- Test security policies in realistic attack scenarios
- Avoid noisy false positives with precise, real-world feedback
As Thomas said in the interview, manual pentests only uncover a tiny fraction of the vulnerabilities that actually exist. Furthermore, they become outdated as soon as the environment shifts, which in Kubernetes may happen hourly or daily.
Regulatory alignment without the paperwork nightmare
Mitigant’s relevance goes beyond DevOps. Regulatory compliance—especially in the EU under NIS2 and DORA requires companies to prove they are testing their resilience against cyber threats.
In industries like banking or healthcare, this proof typically comes in the form of laborious, spreadsheet-driven compliance reports that take up to 2 weeks to compile per quarter.
Mitigant automates most of this process. By simulating real attacks and logging the entire detection and remediation flow, the platform generates evidence that can be submitted to regulators.
This is already popular in Europe and the Gulf region, where many organizations view European regulatory frameworks as the gold standard. The benefits are especially compelling for regulated industries, where evidence of resilience matters as much as actual resilience.
Beyond detection: how Mitigant improves response and visibility
Detection is only one part of the equation. A key takeaway from Twain’s podcast is that Mitigant allows organizations to see how far an attack would go in their environment.
When an emulation runs, the platform reveals which resources were affected, what vulnerabilities were exploited, whether alerts were triggered, how existing security tools responded, and what changes are needed to prevent similar incidents.
This kind of attack path visibility is critical for security operations. It turns abstract CVEs and risk scores into tangible attack scenarios, so teams can prioritize fixes.
Mitigant also provides Sigma rules, which can be integrated with popular SIEM platforms to fine-tune detection and alerting. Every emulation is a learning opportunity to tune their defense systems with real adversary behavior, not just academic models.
Changing how we think about cloud resilience
Cloud resilience has to change, and that change starts with how we think about it. What really sets Mitigant apart isn't just its technology—it's the way that technology is rooted in a very real philosophy.
That philosophy is simple: cloud environments are just too complex and dynamic to rely on outdated security validation methods. Scanning and auditing just won't cut it. Additionally, it is simply not a practical strategy to wait for an actual attack to test the effectiveness of your defenses.
That's where cloud attack emulation comes in. It lets you safely, repeatedly, and intelligently expose weaknesses before an attacker does. This results in a feedback loop that affects operations, security, and development. One that's built on reality, not theory.
As Twain Taylor’s conversation with Nils and Thomas revealed, this is more than a trend. It’s a paradigm shift in how we approach cloud security. Take a look at the full podcast episode on Software Plaza to hear Nils and Thomas explain how Mitigant is changing the security game with cloud attack emulation.
