Test your team before the real attack hits.

AI-Powered Cyber Tabletop
Exercises for Security Teams Worldwide

Adversary X delivers AI-driven cyber incident tabletop exercises built around real threat actors, documented attacks, and your region's regulatory context — with performance tracking to measure your team's improvement over time.

Plans from £999/year
adversary-x.com
Turn 2/6
CRITICAL
Situation report — Containment
Forensic analysis confirms the attacker deployed SUNBURST-variant malware via the SolarWinds Orion update pipeline. Lateral movement is confirmed across 4 domain controllers. EDR telemetry shows T1078 (Valid Accounts) and T1021.002 (SMB Remote Services) activity...
A
Isolate affected domain controllers
Forces attacker out but risks service disruption across the estate.
B
Continue passive monitoring
Gathers more intelligence but allows further lateral movement.
C
Notify ICO and engage NCSC
Initiates regulatory process but may alert attacker to detection.
19 APT profiles with MITRE ATT&CK mapping
Region-specific regulatory context built in
Based on documented real-world incidents
Scored debrief with PDF report
Supported regions
🇬🇧 United Kingdom 🇪🇺 European Union 🇺🇸 United States 🇨🇦 Canada 🇦🇺 Australia 🇸🇬 Singapore 🇮🇳 India 🇯🇵 Japan 🇦🇪 UAE 🇸🇦 Saudi Arabia 🇶🇦 Qatar 🇧🇭 Bahrain
How it works

From scenario to debrief
in under an hour

01
Configure your exercise
Choose from 19 APT profiles, set your organisation type, severity level and region. Ready in under 5 minutes — no facilitator or pre-configuration required.
02
Work through the incident
The AI drives the attack in real time, presenting realistic evidence — emails, system logs, comms intercepts — and adapting to every decision your team makes across 6 turns.
03
Receive your scored debrief
Get a full breakdown of every decision, where you excelled, your gaps, and every regulatory obligation your choices triggered — mapped to your region's frameworks.
04
Download your report
Export a professional PDF report — ready to share with leadership, auditors, or to use as evidence of training for compliance and insurance purposes.
adversary-x.com/exercise ADVERSARY X 2/6 LAZARUS GROUP · SUPPLY CHAIN COMPROMISE CRITICAL SITUATION — TURN 2 📧 INTERCEPTED EMAIL — FLAGGED From: it-support@supplier-corp.com Subject: Urgent — patch deployment required YOUR RESPONSE A B C EXERCISE SCORE 74 PROFICIENT Response speed Regulatory compliance Containment decisions OBLIGATIONS TRIGGERED GDPR Art. 33 NIS2 Art. 23 DORA §17 ↓ Download PDF Report
Book a demo

See Adversary X in action

Get a guided walkthrough with a member of our team. We'll show you how the platform works, walk through a live exercise, and answer any questions about fit for your organisation.

Platform features

Everything your team needs
to practise under pressure

From initial detection to post-incident debrief, Adversary X puts your team through a complete incident response cycle with AI-driven consequences at every turn.

AI-driven exercise engine
The AI models real threat actor behaviour across 6 decision turns, responding dynamically to your team's choices. No two exercises play out the same way.
🎯
19 APT profiles
Model attacks from APT29, Lazarus Group, LockBit, and 16 more threat groups — each with full MITRE ATT&CK TTP mapping woven into the scenario narrative.
📰
Real World Attacks library
Play through 9 documented incidents — M&S 2025, NHS Synnovis, British Library, MOVEit, and more — with the actual threat actor and attack chain.
📋
Scored debrief & PDF report
Every exercise ends with a scored debrief covering strengths, improvements, regional regulatory obligations, attribution notes, and a tailored defensive checklist.
📈
Track progress over time
View your exercise history, score trends, and performance metrics across every session. Identify gaps that persist, measure improvement, and demonstrate team readiness to leadership.
🗂️
Realistic evidence artefacts
Exercises surface authentic mock artefacts — phishing emails, system alerts, network logs, and comms intercepts — giving your team real material to analyse and act on at each turn.
Real World Attacks

Train on attacks that already happened

Each scenario is grounded in a documented incident. The threat actor is pre-paired. The attack timeline is real. Your team's decisions are the variable.

Scenarios are based on publicly reported information. Rexon Consulting Ltd has no affiliation with the organisations named and does not claim access to non-public incident details.

M&S Cyber Attack · 2025 Critical
Marks & Spencer Ransomware Incident
Retail
Threat actor: Scattered Spider
NHS Synnovis · 2024 Critical
NHS Blood Services Ransomware Attack
Healthcare
Threat actor: Qilin
British Library · 2023 High
British Library Ransomware Attack
Public Sector
Threat actor: Rhysida
+ 6 more incidents in the library
Why Adversary X

Built differently from the ground up

Most tabletop tools give you a static scenario and a facilitator. Adversary X gives you a living exercise that adapts to every decision your team makes.

Adversary X Typical alternatives
AI-driven scenario engine that adapts to your decisions Limited
Named APT profiles with full MITRE ATT&CK TTP mapping
13-region coverage — UK, EU, US, Canada, APAC, Middle East & more
Region-aware regulatory context per exercise (GDPR, NIST, VARA, NCA ECC…)
Scenarios based on real, documented incidents
Scored debrief with strengths and improvement areas Limited
Downloadable PDF report per exercise
No facilitator or pre-configuration required
Runs in-browser — no software install Limited
Ready to run in under 5 minutes
Flat annual pricing — no per-session or per-seat fees
Pricing

Simple, transparent pricing

Annual billing. No hidden fees. Cancel anytime.

£2,000–£5,000
Typical cost of a single consultant-led tabletop exercise
vs
£999/yr
Adversary X Basic — unlimited exercises, no per-session fees
Basic
£999/year
£83/month equivalent
6 built-in cyber scenarios
All 19 APT profiles
MITRE ATT&CK integration
Exercise scoring & debrief
Standard PDF reports
Real World Attacks
Custom scenario builder
Enhanced PDF reports
Most popular
Pro
£1,499/year
£125/month equivalent
Everything in Basic
Real World Attacks
Mid-exercise injects
Custom scenario builder
Exercise history
Enhanced PDF reports
Stats dashboard
White-label PDF
Enterprise
POA
Contact us for a tailored quote
Everything in Pro
White-label PDF
BYOK API key
Priority support
Dedicated onboarding
SSO / SAML integration Coming soon
Audit logs Coming soon
Multiple roles Coming soon
FAQ

Common questions

Everything you need to know before getting started.

Adversary X is an AI-powered tabletop exercise platform for cybersecurity teams. It simulates realistic cyber incidents — from ransomware to supply chain attacks — and puts your team through a structured, scored decision-making process modelled on real threat actor behaviour. Every exercise ends with a scored debrief and a downloadable PDF report.

Adversary X is built for CISOs, security managers, incident response teams, and compliance leads who want to stress-test their team's decision-making without waiting for a live incident. It works equally well for technical and non-technical participants — the platform provides all the context needed to make meaningful decisions.

Most exercises take between 20 and 45 minutes to complete, including the scored debrief. Setup takes under 5 minutes — you choose your threat actor, scenario, severity level, and organisation type, then you're straight into the exercise. There's no scheduling, no facilitator needed, and no minimum group size.

The platform adapts regulatory context to your region. UK users get ICO breach notification obligations (72-hour rule), NCSC reporting, FCA requirements, and NIS Regulations. UAE and Middle East users get VARA guidance. Additional regions are added as the platform expands. In every case, the debrief explicitly identifies which obligations your decisions triggered and whether they were handled correctly.

Each APT profile is based on documented threat intelligence and MITRE ATT&CK mappings. The library includes nation-state groups (APT28, APT29, Lazarus Group, Volt Typhoon), financially motivated actors (LockBit, Cl0p, BlackCat/ALPHV), and opportunistic groups (Scattered Spider, Rhysida). The AI uses each group's known TTPs to drive the scenario narrative — so the attack chain feels authentic, not generic.

Basic (£999/year) gives you access to 6 APT profiles, 6 built-in scenarios, scoring, and a basic PDF report. Pro (£1,499/year) adds the full library of 19 APT profiles, the Real World Attacks library, mid-exercise injects, a custom scenario builder, exercise history, and enhanced PDF reports.

Exercise responses and scoring data are stored securely and associated with your account only. We do not use your exercise data to train AI models. Data is processed in accordance with our Privacy Policy and applicable data protection obligations. Enterprise customers can discuss data residency and retention requirements during onboarding.

Ready to stress-test your team?

Get started today. Your first exercise takes less than 5 minutes to set up.

Already have an account?
Real World Attacks
Based on documented incidents with threat actors pre-paired and an attack timeline simulated on the real incident.
M&S Cyber Attack · 2025 Critical
Marks & Spencer Ransomware Incident
Retail
Threat actor: Scattered Spider
NHS Synnovis · 2024 Critical
NHS Blood Services Ransomware Attack
Healthcare
Threat actor: Qilin
British Library · 2023 High
British Library Ransomware Attack
Public Sector
Threat actor: Rhysida
Royal Mail · 2023 Critical
Royal Mail International Shipping Attack
Logistics
Threat actor: LockBit
+ 5 more incidents available after sign-in — including MOVEit, SolarWinds, Colonial Pipeline and more
Ready to run your first exercise?
Sign in to access the full library and start a scenario in under 5 minutes.