← All insights
Perspective June 1, 2026 4 min read

We Kept Quiet for Twenty Years. Here's Why We're Talking Now.

By Bill Terwilliger

Alpha Defense has been finding what others miss since 2006. This is the first thing we have ever published.

That is not an accident, and it is not neglect. In offensive security, the people who are genuinely good at the work tend to be the ones you have never heard of. The serious end of this field runs on discretion. The best operators do not narrate their engagements from conference stages or turn every finding into a thought-leadership post. They do the work, they protect their clients, and they keep quiet. For two decades, that is the posture we chose.

It served us and our clients well. Our growth came entirely from referral and reputation, the kind of trust that gets built slowly over years and broken instantly by oversharing. When you spend your career inside other organizations’ most sensitive systems, restraint is not modesty. It is the job.

So why write now?

Because the landscape changed, in two ways worth saying out loud.

What changed

The first is AI. It has genuinely reshaped how this work gets done and what it should cost. Used well, it makes good testing faster and broader. Used as a substitute for human judgment, it produces confident-looking reports that miss exactly the flaws that cause breaches. Buyers are being told a lot of contradictory things about what AI means for their security, much of it by people selling automated scans dressed up as penetration tests. We have spent twenty years doing the part that does not automate. We have something useful to say about where the line actually is.

The second is noise. The security market has filled up with vendors who are excellent at marketing and less good at the work, and it has gotten genuinely hard for a buyer to tell the difference from the outside. A clean report from a recognizable logo can mean a rigorous test, or it can mean a tool ran and someone formatted the output. Most buyers cannot tell which they bought until something goes wrong. We think the people who actually do this work have an obligation to help with that, plainly, without the jargon and without the sales theater.

What this will be

Not a content-marketing engine. Not a stream of fear and acronyms. Field notes from people who break into things for a living, written for the people responsible for keeping them out.

What a penetration test should actually cost in 2026. Why the second firm in keeps finding what the first one missed. How attackers really chain small problems into large ones. What AI does and does not change. The things we would tell you across a table, under NDA, if you asked.

We will still keep our clients’ confidences absolutely. Nothing here will ever name a name or expose an engagement. Examples will be anonymized and composited, the way they always are when serious people discuss this work in public. Discretion did not stop being the job. We just decided that staying entirely silent, in a market this noisy, was no longer doing buyers any favors.

Twenty years of finding what others miss taught us one thing above all: the gap between looking secure and being secure is where breaches live. Closing that gap has always been our work. Starting now, talking about it is too.

Get started

Find out what others missed.

A penetration test costs a fraction of a breach. Spend a few days finding the flaw, not millions recovering from it.

Book an Assessment Explore Services