AI-Powered Detection Validation, Adversary Emulation, and Automated Security Assessment
PhantomX is an AI-driven cybersecurity platform developed as part of the Adversary Emulation & Automated Detection Engineering (AEADE) project.
The platform combines multi-agent AI reasoning with automated adversary emulation to help organizations validate detections, reduce false positives, assess defensive capabilities, and generate actionable security reports.
By leveraging multiple specialized AI agents and real-world attack simulations, PhantomX provides security teams with a transparent and explainable approach to threat detection and security validation.
Modern security teams face several challenges:
- Large volumes of security alerts
- High false-positive rates
- Alert fatigue among analysts
- Limited visibility into detection effectiveness
- Time-consuming penetration testing and validation processes
PhantomX addresses these challenges through automated analysis, adversarial AI reasoning, and continuous security validation.
PhantomX introduces a courtroom-inspired AI architecture that evaluates security alerts using multiple independent agents.
This agent analyzes incoming events and argues why the alert represents a genuine threat.
Responsibilities:
- Threat analysis
- IOC correlation
- MITRE ATT&CK mapping
- Risk assessment
- Supporting evidence collection
This agent analyzes the same event and argues why the alert may not represent malicious activity.
Responsibilities:
- Environmental context analysis
- Baseline behavior comparison
- Exception identification
- False positive detection
The Judge Agent evaluates both perspectives and delivers a final verdict.
Possible outcomes:
- True Positive
- False Positive
- Requires Further Investigation
The judge also generates:
- Confidence score
- Supporting rationale
- Investigation recommendations
The second major component of PhantomX is its autonomous security validation framework.
Users can select testing scopes such as:
- Standard User
- Administrator
- Domain User
- Domain Administrator
- Custom Assessment Profiles
The platform then:
- Selects appropriate attack techniques.
- Executes Atomic Red Team tests.
- Collects execution results.
- Converts outputs into structured JSON.
- Analyzes findings using AI.
- Generates professional reports.
PhantomX leverages Atomic Red Team techniques to emulate real-world adversary behavior.
Examples include:
- Credential Access
- Discovery
- Privilege Escalation
- Persistence
- Lateral Movement
- Defense Evasion
- Collection
- Exfiltration
This enables organizations to continuously validate security controls against known attack patterns.
After execution, PhantomX automatically generates professional HTML reports.
Generated content includes:
- Overall security posture
- High-level findings
- Risk overview
- Executed TTPs
- Detection results
- Security gaps
- Successful detections
- Missed detections
- Detection coverage assessment
- Remediation guidance
- Detection engineering improvements
- Security hardening recommendations
PhantomX is designed to be AI-provider agnostic.
Supported deployments include:
- OpenAI
- Anthropic Claude
- Google Gemini
- Azure OpenAI
- Ollama
- Llama
- Mistral
- Qwen
- Custom self-hosted models
Organizations can fully operate PhantomX in air-gapped environments using local LLMs.
ββββββββββββββββββββββ
β Incoming Security β
β Events β
ββββββββββββ¬ββββββββββ
β
βΌ
βββββββββββββββββββββββββββββ
β Multi-Agent Analysis Layerβ
βββββββββββββββββββββββββββββ
β β
βΌ βΌ
βββββββββββββββββββ βββββββββββββββββββ
β True Positive β β False Positive β
β Agent β β Agent β
ββββββββββ¬βββββββββ ββββββββββ¬βββββββββ
β β
ββββββββββ¬ββββββββββββ
βΌ
βββββββββββββββββββββ
β Judge Agent β
βββββββββββ¬ββββββββββ
βΌ
βββββββββββββββββββββ
β Final Verdict & β
β Confidence Score β
βββββββββββββββββββββ
Selected Scope
β
βΌ
Atomic Red Team Execution
β
βΌ
Result Collection
β
βΌ
JSON Conversion
β
βΌ
AI Analysis
β
βΌ
HTML Report Generation
- Alert validation
- Threat triage
- Investigation assistance
- Detection validation
- Coverage assessment
- Rule tuning
- Adversary emulation
- Security control testing
- Defensive readiness validation
- Incident response preparation
- Automated assessment support
- Report generation
Every decision includes supporting evidence and reasoning.
Dual-agent analysis improves alert quality.
Automated context gathering and analysis.
Regular adversary emulation against existing controls.
Supports both cloud-hosted and local AI models.
Reduces manual reporting effort.
- Python
- Atomic Red Team
- JSON Processing
- HTML Reporting
- REST APIs
- Large Language Models (LLMs)
- SIEM integrations
- EDR integrations
- Detection rule generation
- Continuous attack simulation
- Multi-stage attack chain emulation
- Automated remediation recommendations
- Threat intelligence integration
- SOC analyst copilot capabilities
| Member |
|---|
| Zaur |
| Nargiz |
| Ali |
| Mahammadali |
| Cavidan |
| Elvin |
PhantomX aims to redefine how organizations validate detections and assess defensive readiness by combining explainable multi-agent AI with autonomous adversary emulation.
Instead of replacing analysts, PhantomX empowers them with transparent reasoning, automated validation, and actionable intelligenceβallowing security teams to focus on what matters most: defending their environment.
AEADE 2026 Hackathon Project