This talk introduces NemesisX, an innovative Breach and Attack Simulation (BAS) tool that goes beyond traditional methods. By using Generative AI (Gen AI), the platform not only automates adversary emulation but also creates customized and complex Purple Team scenarios. The tool includes a Red Teaming module that can identify vulnerabilities and build attacks based on industry frameworks like OWASP and MITRE ATLAS. The ultimate goal is to align cybersecurity strategy with business objectives.

The tool's architecture is centered on a web application that orchestrates offensive and defensive exercises, communicating with an agent installed on a Windows virtual machine that acts as the victim. This agent securely executes attack simulations without impacting real systems. After each simulation, an AI module analyzes the results and the behavior of the defenses, generating new scenarios and a strategic dashboard with key performance indicators (KPIs) such as Mean Time To Detect (MTTD) and Mean Time To Respond (MTTR). This data is visually presented to help security and business leaders make informed decisions on investments and control prioritization.