Adversarial Risk Group
Mid-market manufacturing & industrial

We travel to your facility. We find what gets through. Then we keep finding it, automatically, until we come back.

Physical audits. Continuous AI-driven simulation. Point-in-time assessments tell you where you were. We tell you where you are: this week, this department, this technique, this person.

Apply as a founding client How the engagement works
Founding spots
2 remaining
Engagement model
Audit + retainer
Sector
Manufacturing
Delivery
Founder direct
The problem with how security is done

Phishing simulations run quarterly if you’re disciplined. Physical assessments happen annually if you’re well-funded. The attacks happen every day.

What most firms leave behind

A static report.

A firm arrives, runs tests, writes a report, and leaves. The client files the report and waits for next year. People are hired. Vendors change. The report doesn’t.

What we leave running

A living picture.

An adaptive simulation layer that runs continuously between audits. If a technique works, it escalates. If a department is consistently vulnerable, it concentrates there.

The engagement

One program. Two surfaces. Continuous.

The audit informs the simulation. The simulation informs the audit. They are one program, not a project followed by a subscription.

01 On-site

We travel to your facility.

We walk the floor. We observe operations. We test physical access controls and the human surfaces no remote tool can see. We run initial adversarial simulation across every relevant vector and document a baseline: what’s exposed, why it matters, what fixing it would require.

physical access social eng phishing vishing
02 Continuous

The simulation keeps running.

An AI-driven layer runs continuously between engagements. Automated OSINT. Adaptive spear phishing. Vishing using current attack techniques. The system doesn’t run the same test twice; it learns what works against your specific organization and adapts.

osint adaptive phish voice clone iterate
03 Review

We alternate. The cycle compounds.

Digital review years: findings from the automated layer are compiled and presented, first internally, then directly with us. No travel. No ceremonies. Physical audit years: we return on-site. Findings from the automated layer inform where we look.

digital yr physical yr recalibrate
Engagement cycle · 4 years shown
Initial audit on-site 2026
Continuous retainer  
Digital review no travel 2027
Continuous retainer  
Physical audit on-site 2028
Continuous retainer  
Digital review no travel 2029
Continuous retainer  
Physical: on-site Digital: remote Continuous simulation runs underneath both.
What runs against your people

Named techniques. Real tools.
Iterating on real outcomes.

Not “threat simulation.” The specific tradecraft that lands on your employees: on a continuous schedule, adapting to what gets through.

Automated OSINT

T-01

Continuous open-source intelligence on the organization and its people. The same reconnaissance an attacker runs, before the attack lands.

Targets: org · individuals

Adaptive spear phishing

T-02

LLM-personalized to role, recent activity, and prior outcomes. Pretexts iterate on what’s clicked. No two payloads are identical.

Vector: email

Vishing & voice cloning

T-03

Voice-cloned calls modeling internal authority. Tests the path from inbound call to disclosed credential, wire detail, or unlocked door.

Vector: voice

Physical access

T-04

Tailgating, badge cloning, propped-door discovery, vendor pretexting. The audit informs which doors and which people get tested next.

Vector: on-site

Pretext & social

T-05

Multi-channel pretexts that combine OSINT, email, and voice. The system escalates only along the paths that have already shown traction.

Vector: multi-channel

Findings & iteration

T-06

Every result is logged: which technique, which department, which person, which time of day. Next week’s simulation is built from this week’s data.

Output: structured findings
What makes this different

You cannot audit the human element from a dashboard.

01 / 04

Physical and digital are one surface.

The audit informs the simulation. The simulation informs the audit. They are one program.

02 / 04

Continuous, not episodic.

Point-in-time assessments tell you where you were. The automated layer runs every day between your physical engagements.

03 / 04

Adaptive, not scripted.

Most simulations run the same scenarios on a schedule. Ours iterate based on real outcomes. If a technique works, we escalate it.

04 / 04

We are present.

We travel to you. The founder does the work. No delegation to junior staff. This is structural, not a preference.

Operators, not consultants

The systems we audit are the systems we’ve operated.

Two founders from the manufacturing floor. An investor from the same world. The firm is built by and for the operators it serves.

Co-founder
DA

David Ashby

Quality · compliance · automation

Quality, safety, and compliance background at Quality Electrical Systems, a manufacturer of e-houses and PDC buildings for utility-scale electrical infrastructure. Top 3 creator on n8n.io. Builds the continuous simulation layer directly.

Co-founder
JW

James Wall

Quality eng · IT · social eng

Quality Engineer at Quality Electrical Systems. Background in IT infrastructure, hands-on networking implementation, and social engineering. Ex-Amazon, with supply chain experience. Operates across systems-of-systems.

Investor
BP

Brady Parkin

Control panels · UL 508A · NEC

Manufacturing operator. Fabricated and wired control panels for utility substation relay applications and industrial automation systems. Designed custom test equipment to UL 508A and NEC standards. Former foreman.

Founding client program

Two spots open. Locked-in pricing. Direct line.

We are onboarding three founding clients. One spot is already in progress. Two remain: one through a warm referral path, one open to direct application. If you’re reading this and we haven’t spoken yet, this is the spot you can move on.

Spot 01 In progress Relationship · in conversation
Spot 02 Open Referral · warm intro preferred
Spot 03 Open Direct · move first

Founding clients receive

  • Rates locked in for three years, below where new client pricing will land
  • Direct access throughout every engagement, not delegated to junior staff
  • Input into how the service develops as we scale
  • Recognition as a founding client organization, at your discretion

We ask in return

  • Honest feedback throughout the engagement
  • Reference-ability once results are established
  • Case study rights, scope agreed in advance
Apply

If you’re a fit, start with your email.

All I need is your email. Finding the rest is the job.

Founder reads every submission.