The UK Government has released a research paper that will feel particularly relevant to anyone working in offensive security or red teaming. Titled “Commercial Offensive Cyber Capabilities: Red Team Subsector Focus.” For us at RedHunt Labs, this report is more than just an interesting read. We were also one of the named contributors for this whitepaper. Our Director, Sudhanshu Chauhan, was interviewed during the research phase conducted by Prism Infosec on behalf of the UK Government’s Department for Science, Innovation & Technology (DSIT). In that conversation, Sudhanshu shared insights gathered from years of working at the intersection of offensive security, OSINT, and attack surface management.
This was not a quick questionnaire. The research involved in-depth interviews with 18 commercial red team organisations from across the globe between December 2024 and March 2025. The aim was to capture not just statistics but lived experiences, operational challenges, and real stories about how red team work is adapting to the times. Out of 294 companies approached, only a small fraction participated, which makes our inclusion even more meaningful.
The Core Themes the Report Explores
The paper looks at the red team subsector through several lenses. It talks about technology adoption, market competition, regulation, client demands, and even the role of geopolitics. What makes it stand out is that it captures both optimism and realism. It is not just about where the market could go, but also about what is actually working today and what is not.
If you want to read the official report in full, you can find it here: UK Government: Red Team Subsector Focus.
Five Key Takeaways That Resonated With Us
1. AI is Overhyped Today but Full of Possibilities for Tomorrow
Artificial Intelligence dominates conversations, but most red teamers remain cautious. Public AI models raise concerns around security, privacy, and cost, while many tools fail to deliver operational value. The promise lies in private, tunable models that could meaningfully assist with automated reconnaissance, attack surface monitoring, and vulnerability research. AI may not yet fit seamlessly into red team operations, but its potential as a force multiplier for continuous threat exposure assessment is immense.
2. Cloud is Reshaping the Offensive Landscape
The cloud is no longer an outlier; it is the default environment. Traditional attack chains often don’t translate in cloud-native settings, and knowledge gaps can be costly for both teams and clients. More importantly, cloud adoption massively expands the attack surface. Red teams must adapt tooling, tradecraft, and mindset to continuously test evolving cloud architectures, aligning with the CTEM principle of real-time exposure management.
3. Beyond Windows, Slowly but Surely
Windows still dominates most engagements, but testing requests for macOS, Linux, mobile, and OT systems are steadily increasing. Each requires new skills, bespoke tooling, and introduces greater operational risk. As client environments diversify, red teams must evolve capabilities to ensure continuous coverage of the full digital footprint rather than relying solely on traditional enterprise targets.
4. A Market That is Both Crowded and Fragmented
The subsector is expanding with boutique firms bringing innovation, but the lack of consistent standards makes it hard for clients to assess quality. Larger vendors retain dominance thanks to compliance capabilities and brand trust. The report highlights that professional and ethical norms are still evolving, making transparency, measurement, and defensible reporting crucial, echoing CTEM’s emphasis on repeatability and measurable outcomes.
5. Regulation and Geopolitics are Not Just Background Noise
From export controls to regional laws, external pressures are shaping how and where red teams operate. Many firms are looking toward Latin America and the Asia Pacific, but face challenges of trust, regulation, and market maturity. For clients, this highlights the need for sustained visibility into their external attack surface, as geopolitical shifts can directly impact both the threat landscape and the availability of skilled testing partners.
Why This Report Matters to the Infosec Community
This paper reflects the reality of red teaming today: balancing technical depth with operational, regulatory, and business constraints. It underscores the growing need for continuous, threat-informed security validation, not just point-in-time testing.
What It Means for RedHunt Labs
Contributing to this research gave us a chance to reflect on challenges we share with the wider industry – tooling, automation, regulation, and evolving client expectations. For us, it reinforced why our focus on Attack Surface Management and CTEM-aligned practices matters: to help clients not only test but also continuously understand and reduce their exposure.
Final Thoughts
The report is an important checkpoint for both practitioners and clients. If you are involved in red teaming or rely on it, reading the full publication is essential to see where the field is headed. We’re glad to have been part of this process and hope it sparks more honest dialogue on the future of offensive security in a world of continuous change.
Read the full UK Government report here: Commercial Offensive Cyber Capabilities: Red Team Subsector Focus