BeyondTrust Introduces Phantom Labs to Enhance Identity Security Research

BeyondTrust has launched a dedicated cybersecurity research team, known as Phantom Labs, to enhance its focus on identity security and threat intelligence. This new team will leverage years of security research to identify emerging threats related to identity exploitation, particularly within complex hybrid and cloud computing environments. Phantom Labs is tasked with investigating the techniques employed by threat actors to escalate privileges and maintain unauthorised access, a strategy referred to by BeyondTrust as “thinking like an attacker.” The goal is to equip security professionals with a deeper understanding of potential vulnerabilities, enabling them to proactively address risks and prevent attacks targeting identity systems.

The expanded research function of Phantom Labs aims to deliver significant benefits to the global cybersecurity community. This includes conducting original threat research and vulnerability discovery, producing guidance for defenders through mitigation playbooks and hardening recommendations, and collaborating with BeyondTrust’s product teams to develop new security features. BeyondTrust has formalised the work of its security researchers, who have previously contributed to high-profile security incidents, including the discovery of critical vulnerabilities and the provision of threat intelligence that assisted in responding to major breaches, such as the one experienced by Okta. Recent contributions from the team include identifying privilege escalation risks in Microsoft Entra guest accounts and developing detection models for session hijacking. Additionally, BeyondTrust has appointed Kinnaird McQuade as Chief Security Architect and Fletcher Davis to lead Phantom Labs, further strengthening its research and development efforts.