SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Security researcher analyzing complex network map with user icons clouds modern office
#
Data Science
#
IAM
#
Cybersecurity

BeyondTrust launches Phantom Labs to boost identity security research

Tue, 5th Aug 2025
Author image
By Melvin Hipolito, Editor

BeyondTrust has established a dedicated cybersecurity research team, called Phantom Labs, as part of its focus on identity security and threat intelligence.

Phantom Labs will draw upon years of security research and will aim to identify new threats related to identity exploitation, particularly in increasingly complex hybrid and cloud computing environments.

The newly formed research team is tasked with investigating the techniques used by threat actors to escalate privileges and maintain unauthorised access, a process described by BeyondTrust as "thinking like an attacker". The intention is to help security professionals gain a deeper understanding of potential vulnerabilities so they can proactively address risks and prevent attacks that target identity systems.

Research focus

The expanded research function is intended to deliver several benefits to the global cybersecurity community. These include carrying out original threat research and vulnerability discovery, producing guidance for defenders in the form of mitigation playbooks and hardening recommendations, and collaborating with BeyondTrust's product teams to support the development of new security features.

BeyondTrust stated that Phantom Labs formalises the work previously undertaken by its security researchers, who have already contributed intelligence and support to high-profile security incidents. Such investigations have included the discovery of critical vulnerabilities and the provision of threat intelligence that aided the response to major security breaches, including one suffered by Okta.

Recent contributions

The company highlighted recent contributions from its research team, which include identifying privilege escalation risks in Microsoft Entra guest accounts, developing detection models for session hijacking using data science, and releasing the Paths to Privilege research framework. The framework is now part of the BeyondTrust platform. Additionally, the team continues to work with initiatives such as the Adventures of Alice & Bob podcast to improve understanding of cybersecurity challenges across the industry.

New leadership roles

Alongside the launch of Phantom Labs, BeyondTrust has announced a series of new appointments to strengthen its research and development efforts.

Kinnaird McQuade has joined BeyondTrust as Chief Security Architect. McQuade is known for his contributions to cloud identity security, notably through the creation of Cloudsplaining, an open-source tool with more than 40 million downloads. This tool has been used widely by security professionals to identify and mitigate risks such as data exfiltration, lateral movement, and privilege escalation, especially in hybrid and cloud environments.

Fletcher Davis, an offensive security researcher and red team specialist, has been appointed to lead Phantom Labs. Davis brings experience in simulating threat actor behaviour, exposing cross-domain identity risks, and revealing complex attack paths in enterprise settings.

The research activities at Phantom Labs will operate under the direction of Marc Maiffret, Chief Technology Officer at BeyondTrust. Maiffret is recognised for decades of work in identifying major software vulnerabilities and co-founding one of the early vulnerability management platforms.

'Think like a hacker.' That mindset shaped my first security startup over 25 years ago, where we helped define Vulnerability Management and built one of the first commercial security research teams," says Marc Maiffret, CTO, BeyondTrust. "Great security products require more than customer insight. They need research teams anticipating threats before they emerge. Traditional PAM solutions lag behind in addressing complex, cross-domain attack paths. And Identity Security isn't a feature you bolt on. It demands a purpose-built platform, led by research. BeyondTrust delivers that with Pathfinder and Phantom Labs - a platform purpose built to secure identities and access, powered by a team uncovering tomorrow's threats today.

BeyondTrust's statement emphasised that these recent investments and changes are intended to support its mission to empower defenders with actionable insights and to foster industry collaboration on identity security standards.

The company's expansion of its research function and leadership reflects what it describes as a strategic milestone as organisations continue to grapple with the challenges posed by hybrid IT and cloud environments, where identity now plays a central role in overall cybersecurity.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
‘BodySnatcher’ flaw lets hackers hijack ServiceNow AI agents
SIOS sets 2026 vision for clustering in hybrid AI IT
Alcatraz Rock X completes live airport facial ID tests
Team Cymru & Filigran integrate Pure Signal with OpenCTI
AI-driven scams & Windows 11 reshape ATM crime risk

Top stories

Nozomi unveils Vantage IQ for OT & IoT cyber defence
Armis unveils flexible global partner scheme for Centrix
Microsoft tops global phishing brand rankings again
Index Engines expands CyberSense reach & OEM alliances
Portnox unveils global channel push with new VP hire