BeyondTrust has announced the formal launch of its dedicated cybersecurity research team, BeyondTrust Phantom Labs. The launch of Phantom Labs represents a strategic milestone in BeyondTrust’s ongoing mission to advance identity security innovation, uncover emerging threats, foster industry collaboration, and help shape industry standards that empower defenders with actionable insights worldwide.
Building on years of real-world threat analysis, vulnerability disclosures, and identity-focused security innovation, Phantom Labs is tasked with “thinking like an attacker” to expose the ways threat actors escalate access and maintain control. With the addition of new research leadership and specialized hires, Phantom Labs is accelerating the company’s ability to help defenders proactively understand, detect, and disrupt identity exploitation in increasingly complex hybrid and cloud environments.
BeyondTrust’s expanding research mission is focused on delivering key contributions to the global cybersecurity community:
- Original threat research and vulnerability discovery
- Guidance for defenders, including mitigation playbooks and hardening recommendations
- Collaboration with product teams to drive innovation across the BeyondTrust portfolio
Phantom Labs formalizes the work of BeyondTrust’s existing security researchers, whose investigations have uncovered critical vulnerabilities and provided threat intelligence used in real-world incident response, including key intelligence that helped Okta investigate and contain a high-profile breach.
Recent contributions include:
- Discovery of stealth privilege escalation risks in Microsoft Entra guest accounts
- Development of data science–driven detection models to identify session hijacking
- Release of the paths to privilege research framework, now integrated into BeyondTrust’s platform
- Ongoing collaboration with the Adventures of Alice & Bob podcast to help educate the market about unknown risks and contribute to the global cybersecurity community.
To further accelerate BeyondTrust’s identity security innovation and research momentum, BeyondTrust has made strategic new hires and elevated key internal experts into critical roles:
- Kinnaird McQuade, an industry leading expert in cloud identity security, has joined BeyondTrust as Chief Security Architect. McQuade’s security research has produced popular open-source tools including Cloudsplaining, which has been downloaded more than 40 million times. This work has helped shape how modern security teams identify and contain attacks like data exfiltration, lateral movement and privilege escalation, particularly in hybrid and cloud environments where identity is the new perimeter.
- Fletcher Davis, a leading offensive security researcher and red team specialist, will lead Phantom Labs. Davis brings extensive experience in simulating advanced threat actor behavior, uncovering cross-domain identity risks, and exposing hidden paths to privilege in complex enterprise environments.
BeyondTrust’s research momentum sits under the overall direction of Marc Maiffret, Chief Technology Officer at BeyondTrust and pioneering force in vulnerability research and cybersecurity innovation. With decades of experience in offensive and defensive security, including discovering some of the first major Microsoft vulnerabilities and co-founding one of the earliest vulnerability management platforms, Maiffret provides a uniquely attacker-informed perspective to the company’s mission.
“‘Think like a hacker.’ That mindset shaped my first security startup over 25 years ago, where we helped define Vulnerability Management and built one of the first commercial security research teams,” says Marc Maiffret, CTO, BeyondTrust. “Great security products require more than customer insight. They need research teams anticipating threats before they emerge. Traditional PAM solutions lag behind in addressing complex, cross-domain attack paths. And Identity Security isn’t a feature you bolt on. It demands a purpose-built platform, led by research. BeyondTrust delivers that with Pathfinder and Phantom Labs—a platform purpose built to secure identities and access, powered by a team uncovering tomorrow’s threats today.”
