Structured adversarial review in which a designated, independent group attacks a plan, design, or proposal from the outside in, surfacing weaknesses the builders cannot see.
If a capable adversary, or reality itself, set out to break this, where would it succeed?
Red teaming is structured adversarial review. A group is given an explicit mandate to attack a plan, design, or proposal from the outside in, looking for the weaknesses, blind spots, and unstated assumptionsAssumptionStrategyA belief taken as true that underpins a strategyView reference → that the people who built it cannot see. The point is not to be difficult; it is to simulate a capable opponent before a real one, or reality itself, finds the same gaps at a worse moment.
The practice grew out of cold-war military and intelligence work in the United States, where "red" denoted the adversary and a designated red team would play the opposing side in wargames and strategic analysis. The term and the discipline spread from defence into intelligence assessment, then into cybersecurity, where a red team probes a system's defences while a blue team defends, and more recently into corporate strategy and product decisionDecisionStrategyA recorded decision with context, rationale, and consequencesView reference →-making. Across all of these the core move is the same: assign a group to think like the threatThreatSecurityA specific security threatView reference →, and protect their independence so they can report what they find.
In product and software work, red teaming has converged with security testing on one side and decision-quality practice on the other. A modern red team might attack a launch plan, a system architecture, a market assumption, or, increasingly, the safety of an AI system, but the structural commitment is constant: adversarial stance, outside-in view, honest reporting.
An effective red team is set up deliberately, not improvised in the meeting where the decision is made:
A worked example. Before a fintech launches a new instant-transfer featureFeatureProduct SpecificationA product capability or featureView reference →, a red team is asked to break it. They probe several vectors. On fraud, they map how a stolen card plus instant settlement removes the chargeback window the current system relies on. On load, they note that the launch coincides with payday, when transfer volume triples. On trust, they find the error messagingMessagingGo-To-MarketMessaging framework and key messagesView reference → exposes whether an account exists, a minor enumeration leak. The launch goes ahead, but with a velocity limit on new accounts, a payday-scale load test, and reworded errors, none of which the build team had prioritised because each lived in someone else's blind spot.
Red teaming pays off on high-stakes, hard-to-reverse decisions where the cost of a missed weakness is large: security-sensitive systems, major launches, big strategic bets, safety-critical AI. It is most valuable when a team has been close to its own work for a long time and has stopped being able to see it from the outside.
It is overkill for routine, low-stakes, or easily reversible decisions, where the overhead is not justified. It also fails in two predictable ways: when the red team lacks real independence and pulls its punches, and when its findings are received defensively and explained away rather than addressed. A red team only works if the organisation actually wants to hear that it is wrong.
Red teaming is a reflection framework in the team-process category. Its work maps to three entity types:
initiativeInitiativeStrategyA large coordinated effort to achieve a strategic goalView reference →: the target of the attack.riskRiskComplianceA risk to the product or businessView reference →: a way the target could fail.insightInsightUser ResearchA synthesised finding from researchView reference →.Capturing a red-team review in the graph connects the findings to the initiativeInitiativeStrategyA large coordinated effort to achieve a strategic goalView reference → they assess and to any mitigations that follow. The same target can be red teamed again later and the new findings compared against the old, so the exercise builds a record of how a plan was stress-tested rather than a slide that is shown once and lost.
Attacking a launch before it ships
Ahead of a major pricing-page launch, a lead assigns three people the explicit job of attacking the plan rather than improving it, and protects their independence so they can report freely. The red team finds that the new tier names collide with a competitor's trademarks, that the downgrade path traps annual subscribers, and that the rollout has no kill switch. Because finding fault was their assigned role, these gaps surface as expected contributions rather than awkward objections, and all three are fixed before reality can exploit them.
Stress-testing an AI feature's safety posture
A team shipping an AI assistant convenes a red team to simulate a capable adversary, tasking it with making the model produce unsafe or off-brand output. The team surfaces prompt-injection paths and a data-leak route through the citation feature that the builders, too close to their own work, had not seen. Assigning a group to think like the threat, and keeping their reporting independent, hardens the launch before a real attacker or a public failure finds the same gaps at a worse moment.