CovertSwarm COO Luke Potter explains why traditional testing no longer reflects how real attackers operate. In this piece, he defines constant cyber attack, a discipline built on continuous, real-world emulation that helps organisations outpace genuine threats.
Offensive security (offsec) has fallen into a pattern that no longer works.
Most organisations still treat offsec like a calendar event, scheduling penetration tests or red team exercises once or twice a year. They patch the issues, report compliance, and move on.
But attackers don’t move on.
They never stop.
That gap between periodic testing and relentless attack is where constant cyber attack begins.
When I talk about constant cyber attack, I’m not describing another service or tool.
It’s a discipline, the emulation and simulation of real adversaries targeting every part of your organisation, constantly.
Attackers don’t operate on schedules. They don’t wait for permission or scope. They’re opportunists who exploit whatever they can:
Each of these represents a door that might open into your organisation. Once inside, adversaries pursue their goals, whether that’s financial gain, political disruption, or simply notoriety.
Constant cyber attack mirrors that reality. It applies the same relentless curiosity and opportunism that real threat actors use, but within a controlled, ethical framework. It’s how we outpace genuine threats.
Traditional penetration testing was created for another era, one of local networks and fixed perimeters. It still plays a role, but the threat landscape has outgrown it.
Today’s attacks are fluid, contextual, and ongoing, yet many organisations still rely on one or two tests a year to prove compliance. It is like checking only one tyre before declaring your car roadworthy.
Even red teaming, whilst more advanced, often runs within narrow constraints. Once the engagement ends, new systems, vulnerabilities, and configurations make the results obsolete.
If your defensive security operates 365 days a year, your offensive security should too.
Security teams defend constantly, patching, monitoring, and responding every day.
So why test offence only occasionally?
It’s like playing football (soccer) with all eleven players permanently defending the goal. Eventually, the opposition will break through. A balanced strategy uses offence to sharpen defence, providing constant pressure that keeps systems and people resilient.
That is the mindset behind constant cyber attack: proactive challenge instead of reactive assurance.
Adversaries rarely work alone. They form groups where each member brings a specific skill. One gains access, another moves laterally, another monetises the breach.
CovertSwarm mirrors that model. Our Swarm is a collective of elite ethical hackers, each contributing unique expertise at different stages of the attack chain.
The result is fluid and unpredictable, reflecting how genuine attackers operate rather than following a playbook.
This collective intelligence grows with every engagement. Insights from one attack plan inform the next, creating a living body of adversarial knowledge. Clients who joined us years ago now benefit from half a decade of accumulated intelligence that simply does not exist in static testing.
Attackers use context: who your suppliers are, which technologies you deploy, and what public information exists about your people.
That context drives their success, and it is the same advantage we bring through constant testing.
The longer we work with an organisation, the more realistic and precise our emulation becomes. We adapt as they evolve, ensuring the threat simulation stays relevant to the present moment, not a past snapshot.
This continuity builds a genuine partnership, where insight compounds over time and security posture improves with every cycle.
Continuous attack means continuous discovery, and that can feel overwhelming.
Some clients tell us, half-jokingly, “You’re finding too much.”
Our role is to focus attention where it matters most.
The goal is to empower teams to make board-level decisions, not drown them in noise. We show how an attacker could chain small weaknesses together to achieve a major objective, the scenarios that really matter.
And it’s not all bad news.
The vast majority of our findings prove that controls are working as intended. Real attackers won’t tell you that. We will, because awareness of what is working is as valuable as knowing what is not.
If the benefits are clear, why isn’t everyone doing this?
Partly because compliance hasn’t caught up. Most frameworks still mandate an annual test, and many organisations simply do the minimum to tick the box.
Those standards were written years ago, long before today’s pace of change. Some, like PCI DSS and ISO 27001, are beginning to move toward continuous assurance, staying secure all the time, not just once a year. Offensive testing should evolve the same way.
The other barrier is awareness. Many leaders simply don’t realise a continuous model exists. Once they experience it, the difference is immediate.
This isn’t just about technology or tick-box exercises.
It is about people, the employees, customers, and communities affected when a breach stops production or freezes operations. Real security protects livelihoods, not just data.
Constant cyber attack isn’t a buzzword or a marketing slogan.
It’s the natural evolution of offensive security, one that reflects how the threat landscape truly works.
By continuously emulating adversaries, organisations can learn faster, adapt sooner, and stay one step ahead of genuine threats.
Because in the end, that’s the only way to win.
Constant cyber attack enables you to outpace your genuine threats.