Have you ever watched a military cyber ops team go to work responding to a cyberattack simulation? It’s like that scene from Die Hard 4.0 when all the screens start flashing red and systems start shutting down; however, unlike the movies, where bumbling government IT workers are caught out and panicking, our military actually moves with practiced precision to understand, contain, and mitigate the threat. Everybody understands their roles and any gaps are quickly highlighted and handled. This is because the military treats cyber as a kinetic threat requiring constant mission rehearsal, while the corporate sector is still treating cyber defense as a compliance checkbox, rather than an operational capability. This is untenable in a world where attackers constantly innovate their tactics and techniques to probe and access systems.Over the past 12 months, we’ve seen just how unprepared different industry sectors have been in the face of major cyber incidents. Early in 2025, retailers and insurance brokers were brought down by the Scattered Spider group, and major manufacturers, including Jaguar Land Rover and Asahi Beer, saw months of downtime following ransomware attacks resulting from supply chain compromises.More recently, researchers at Cisco revealed that frontier models from OpenAI, Anthropic, Google, xAI, and Amazon have significantly worse risk profiles when pressured in multi-turn attacks, a discovery that revealed attack success rates are considerably higher than those benchmarked in simulated single-prompt attacks. This, combined with recent news that the Google Threat Intelligence Group identified what researchers believe to be the first zero-day exploit created using AI, represents an entirely new stage in the technological arms race.Those old-fashioned tabletop exercises where, once a year, you’d get everyone from IT to PR in a room for a couple of days and play out various scenarios and then tick that audit box for another 12 months aren’t going to cut it when attackers are probing on a daily basis. The military is using dynamic cyber ranges to test their real tools, people, and processes, in an exact simulation of their unique environment, against real-world threats like the tactics of Scattered Spider. Without real-world testing of your team’s capabilities, you’re not going to be able to go into an incident scenario confident that everyone’s prepared.So, what can we learn from how the military prepares for cyberattacks in terms of mindset, readiness, and execution?Military cyber doctrine starts with the assumption that you will be attacked and so prepare as though an attack is inevitable and not hypothetical. Businesses need to shift their mindset from “preventing breaches” to “detail, contain, and recover” and treat incidents as operational events rather than reputational crises. This reduces panic and leads to better decisions under pressure. It’s also critical for business leaders to understand their true vulnerabilities. Reputational and financial harm is typical collateral damage following a cyberattack, but was this the intended outcome? If sensitive data is compromised, are there persistent threats beyond the initial attack? Just as the military examines the secondary and tertiary impacts of risk scenarios in threat modeling, business leaders have to consider what else beyond their reputation and stock price may be compromised when they are attacked.The military runs constant exercises; simulations, red team and blue team drills, and scenario planning that reflects real adversary behavior. Businesses can exercise that muscle by running regular live cyber simulations and updating based on real-world attacks. Conventional training still has its place, and companies should continue to invest in professional development programs that provide a strong foundational understanding of the most urgent threats facing their business. But, as the military says, “train like you fight.” There is simply no substitute for practical, hands-on training, especially when it comes to high-pressure, time-sensitive scenarios such as large-scale cyberattacks.This readiness and preparedness training can, and should, extend to AI Agents too. Think about it like an “AI Proving Grounds”. Effectively, a realistic, intelligent environment where organizations can safely train human operators alongside AI agents, test autonomous workflows, and validate how both perform under real adversarial pressure before deployment. Continue to involve all the stakeholders, including executives and comms teams, who are going to be on the front line of customer, investor, and media inquiries should an attack occur. Without realism, readiness is an assumption, not a fact.In a military cyber incident, everyone knows who decides, who communicates, and who executes, reducing any mid-crisis debate and empowering teams to act without permission to faster contain the incident. This principle is just as relevant in a corporate environment. Individual training is crucial, and operators should be confident acting in isolation, but it’s just as important that everyone in a rapid response team can work effectively with others, under often-intense pressure. This simulated teamwork is another advantage offered by AI Proving Grounds. In the same way that everyone in a military chain of command understands their role and that of their unit, businesses can pre-assign decision makers and define escalation paths before an incident to ensure clarity and calm rather than blind panic.Finally, attackers are sharing knowledge all the time. Defenders must adopt the same approach. We know that militaries collaborate extensively across allies, agencies, and domains, recognizing that no unit has the full threat picture. Businesses can benefit from this information sharing by participating in ISACs, CERTs, and industry groups, treating threat intel as a collective defense rather than a competitive weakness.AI Proving Grounds themselves are only part of the solution. Security is cultural, not just procedural. Even the most realistic simulated attack scenario is only useful if structures are in place for stakeholders to learn from it. What didn’t work well? What didn’t go as expected? What are the weakest links in the response chain? These are all questions executives and technical leadership should be comfortable asking themselves, and businesses must adopt cultures of responsibility to identify potential weaknesses beyond technical limitations. Such retrospectives can and should inform rapid-response playbooks to ensure that training is relevant and that weaknesses cannot be exploited in a production environment.Many of the clients we work with are corporations and enterprises, but AI Proving Grounds have other applications. Recent years have seen coordinated attacks on critical infrastructure such as the nation’s power grid, including the prolonged intrusion by the Volt Typhoon persistent threat actor, which maintained unauthorized access to the operational technology networks of Littleton Electric Light and Water Departments in Massachusetts from February 2024 to November 2024. Such threats can also be simulated in AI Proving Grounds and provide crucial hands-on training opportunities for critical infrastructure providers that, until now, have been challenging to realistically model. With geopolitical tensions rising across the globe, operational readiness has never been more critical.“Cyber resilience” has become something of a buzzword in itself and I can almost hear the eye rolls just using the phrase, but it is something the military does actively practice. Cyber resilience isn’t about prevention; it means being able to recover from as well as protect against attacks. With AI-powered adversaries scaling their approach to infiltration, extortion, and espionage, attacks are only going to increase and businesses need to be prepared to deal with them as well as prevent them. Continuous training within highly realistic and dynamic environments against real threat examples is the best way to ensure your teams are prepared at a military grade to secure your organization.This article is published as part of the Foundry Expert Contributor Network.Want to join?