For Frontier AI Labs

Security data & RL environments for frontier models.

Frontier models fail at cyber defense. We supply the verified data, environments, and expert validation to close the gap — built on real attack telemetry, modeled at org scale.

Email our research team directly — click to copy the address.

Base model drops in
Holodeck Loop
Observe
briefing + logs
Act
query · submit
Reward
verifiable
Deterministic ground truth. No reward-model drift.
The opportunity

Defense is the frontier that hasn't been solved.

HOLODECK ENVIRONMENT · benign logsATTACK PROPAGATION
RANSOMWARETA0001 · Initial AccessTA0002 · ExecutionTA0003 · PersistenceTA0004 · Privilege EscalationTA0005 · Defense EvasionTA0040 · ImpactDATA EXFILTRATIONTA0001 · Initial AccessTA0006 · Credential AccessTA0007 · DiscoveryTA0008 · Lateral MovementTA0009 · CollectionTA0010 · ExfiltrationCLOUD TAKEOVERTA0001 · Initial AccessTA0003 · PersistenceTA0004 · Privilege EscalationTA0008 · Lateral MovementTA0011 · Command & Control
detected by the modelmodel blind — attack continues
best model detects 44.5% · 0 / 16 pass

A breach is a path hidden in a haystack of benign logs — and models go blind exactly where it matters.

01

Offense is mostly solved

Deductive and recall-heavy — exploits, code, CTFs. There is abundant signal on the web, and models already score well.

02

Defense is different in kind

Abductive: reconstruct an unknown attacker's intent from a haystack of benign-looking logs. Almost none of this reasoning exists in pretraining.

03

It's a data + environment problem

You can't read defensive reasoning off the web, and you can't crowdsource it. It has to be grown with RL against verifiable rewards — which needs an environment that can score an investigation as right or wrong.

We measured it

The category is wide open.

0 of 16

frontier models pass the Cyber Defense Benchmark

44.5%

best model's MITRE ATT&CK coverage — the passing bar is 50%

13

MITRE ATT&CK tactics the benchmark measures, end to end

Tactic-breadth coverage
Loading benchmark radar…

The shape collapses on the tactics that define a breach — lateral movement, credential access, exfiltration.

Per-model coverage vs. the passing bar

Every bar; not one crosses the 50% line.

Unlike offensive benchmarks that saturate in months, this one stays unsolved — every model goes blind on the tactics that define a real breach: lateral movement, credential access, exfiltration.

How we engage

Two ways to work with us.

Data provider

Verified security training data, the Holodeck RL environment, and the Cyber Defense Benchmark. You train on it.

Priced per verified trajectory or per environment.

Human validation

Our network of career SecOps analysts grades your tasks and model outputs — the judgment calls a machine can't verify.

Priced hourly.
The offering

Three ways to make a model defend.

Training data

Verified security trajectories

Real investigations and attack chains, decomposed into gradeable tasks across threat hunting, detection engineering, triage, and offensive security. Every unit ships with verified ground truth — machine-checkable wherever the task allows.

See the task taxonomy
RL environments

Holodeck

A deterministic, Gymnasium-compatible gym where a model learns to hunt and is scored on machine truth — verifiable rewards, no reward-model drift.

How Holodeck works
Evaluations

The Cyber Defense Benchmark

The published eval — designed to resist memorization — that shows where models fail, usable as your north-star security metric.

Read the benchmark
Data taxonomy

Every use case decomposes into gradeable task categories.

The unit we build data and evals around isn't a use case — it's each discrete skill inside it.

ONE USE CASEGRADEABLE TASK CATEGORIESUSE CASEThreat HuntingHypothesis generationgradeableQuery generationgradeableEvidence correlationgradeableLead / pivot expansiongradeableAttack attributiongradeableTimeline reconstructiongradeable

Threat Hunting

  • hypothesis generation
  • query generation
  • evidence correlation
  • lead / pivot expansion
  • attack attribution
  • timeline reconstruction

Detection Engineering

  • detection authoring
  • coverage-gap analysis
  • false-positive tuning
  • rule validation
  • data-source mapping
  • detection-as-code review

Triage & Investigation

  • alert enrichment
  • prioritization
  • root-cause analysis
  • disposition (TP / FP)
  • response actions
  • escalation

Offensive / Pentest

  • recon
  • exploitation
  • privilege escalation
  • lateral movement
  • impact
  • reporting

Each category is scored independently — so we can produce targeted data and measure a model skill by skill. Extends to tool-use / integration trajectories — agents driving security connectors — for agentic data, not just text.

RL environment

Holodeck: a deterministic gym that scores hunting against machine truth.

observe
threat briefing + prior results
act
query · submit · give-up
reward
deterministic · verifiable
same seed → identical run · loop repeats until the model gives up or solves

Any base model drops in

A Gymnasium-compatible interface: observe (threat briefing + prior results) → act (query / submit / give-up) → reward. No bespoke harness to build.

Verifiable reward

In Holodeck, ground truth is deterministic — the reward is exact and unfakeable, with no reward model to drift and no LLM judge to game.

Real attacker behavior, modeled at org scale

Deterministic replay with seeded mutation; same seed → identical run. Reproducible and reusable, like a versioned environment artifact.

How an environment is built
01
02
03
04
Procedure Library
105 procedures · real tool telemetry
Campaign Assembly
Multi-stage kill chain · shared infrastructure
World-Builder
Seed: environment and attacker infrastructure, sequence and timing of attack
SQL Database
Same log data inputs as in real threat hunting, just no hints
Every run is unique. Every run is reproducible.

Compatible with the RLVR toolchain your team already uses — tasks, tools, and reward functions as first-class, verifiable artifacts.

Expert-in-the-loop

Where judgment is required, bring security experts — not crowd labels.

Our network of career SecOps analysts — threat hunters, detection engineers, and incident responders with decades in the field — manually reviews and grades tasks and model outputs.

VERIFIABLE LANEJUDGMENT LANEHolodeck envDeterministic rewardModel outputExpert analystcareer SecOps,decades in fieldgraded · preferenceTraining +eval signalAutomate the verifiable. Bring experts for judgment.

Grade model outputs on real security tasks

Scored by people who do this for a living.

Preference & RLHF data

Expert rankings of competing outputs, for reward modeling.

Judgment-task ground truth

The calls that can't be mechanically verified: severity, escalation, reasoning quality.

Held-out human validation

An independent, human-graded set to catch reward hacking (anti-Goodhart).

Holodeck automates the verifiable reward. Human validation covers what it can't. Priced hourly — deep security expertise, not general crowd work.

Generalist data vendors staff doctors, lawyers, and bankers. We staff the people who actually run security operations.

Why us

You can't crowdsource security data. We build it.

HOW THE DATA IS BUILTReal attacktelemetryModeled at orgscale · HolodeckVerifiedground truthLicensed data— our IPCustomer / production logsnever resoldThe moat is the modeling and the verification — not hoarded data.

Grounded in real operations

Our attack and organization models are built on real attacker telemetry — grounded in operating security through the world's largest MDRs, not fabricated from scratch and not crowd-labeled.

Verified & clean to license

Every trajectory carries verified ground truth; the artifact is our own IP. The moat is the modeling and the verification — not hoarded data.

Built by people who've shipped security and systems

Founders from Fortanix, NVIDIA, and Twitter; authors of the Cyber Defense Benchmark.

ProvenanceReal attacker behavior, modeled at org scale, verified — our own IP. We don't resell customer logs; we build the data.
Integration

Built to slot into post-training.

WHERE SIMBIAN PLUGS INYour basemodelRLVR loopverifiable rewardSIMBIANthe security data layerTraining dataHolodeck environmentExpert validationCyber DefenseBenchmarkMeasured lifton the same evalWhere Simbian plugs into your post-training loop.
JSONL + verifiers / Inspect-compatible task format
train / test / held-out splits (anti-Goodhart)
deterministic + assertion graders → verifiable, RL-usable reward
rubric / human graders for judgment tasks — acceptance & regression signal, not the RL reward
tool-use / MCP-style trajectories
clean licensing, our own IP

Questions from research teams

We build it. Our attack and organization models are built on real attacker telemetry, composed into org-scale campaigns and verified — informed by operating security through the world's largest MDRs, not sourced from their logs. Every trajectory is our own IP with verified ground truth. We do not resell customer or production logs.
Yes — sample-task documentation is available on request through the research call.
Verifiers / Inspect-compatible task formats and JSONL, with train, test, and held-out splits. Deterministic and assertion graders give verifiable rewards; rubric or human graders cover judgment tasks.
Both — Holodeck (the environment) plus the training data and the published Cyber Defense Benchmark (the eval).
Two models: training data and environments are priced per verified trajectory or per environment; human validation is priced hourly. A rate card is available on request.
The data is licensed and remains our IP; commercial terms are set per engagement.
The data, environment, and benchmark are built and published. Training a model on them is the joint experiment we propose: baseline on the Cyber Defense Benchmark, train in Holodeck, and measure the delta together.

Bring a base model. We'll measure the lift together.

A bounded first experiment: baseline on the Cyber Defense Benchmark, train in Holodeck, measure the delta.

Email our research team directly — click to copy the address.

Sign up for Simbian's Newsletter

By submitting this form, you agree to our Privacy Policy.

Ask AI about Simbian