Kennedy Torkura co-founded cloud security startup Mitigant in 2021 with a clear mission: to help organizations distinguish exploitable threats from theoretical risks more accurately and efficiently. As Chief Technology Officer at the 12-person startup, Kennedy leads the development of security solutions for enterprises running cloud-native infrastructures.

One of the team's core products is the Mitigant Cloud Attack Emulation platform. This platform verifies threats using attack emulations, the process of simulating hackers to assess whether existing defenses can stop them. While Mitigant’s platform excelled at pinpointing alerts, the team recognized that customers needed more support navigating and contextualizing the results.

The challenge: Closing the gap between detection and action

The Mitigant team identified a core challenge for their customers: information overload. “Our detailed technical reports about attack emulations were comprehensive, but sometimes overwhelming,” Kennedy explains. “Security analysts and executives needed clear, actionable overviews they could read and act on without parsing through pages of technical execution details.”

Kennedy and his team also wanted to offer more contextualized assistance. Although Mitigant’s reports mapped every security gap to a globally crowdsourced encyclopedia of cyber adversary tactics, customers struggled to determine which attacks to prioritize.

“Some security teams lack the context to understand which misconfigurations translate into exploitable attacks,” Kennedy says. “They need intelligent guidance to focus their validation efforts on what matters most for their specific environment, not just a wall of findings.”

To make their platform more effective, the Mitigant team set out to build a technical foundation capable of processing large amounts of complex data to provide clear, actionable insights.

The solution: Building an AI-powered, dual-model architecture

The Mitigant team shifted from traditional security analysis to AI-powered decision-making by integrating the Gemini API directly into their cloud security platform via Vertex AI. “We chose Vertex AI for its enterprise-grade security, compliance capabilities, and production reliability that our cybersecurity customers require,” Kennedy explains.

Kennedy and his team built a dual-model architecture using Gemini 2.5 Flash for speed and Gemini 2.5 Pro for reasoning.

• Gemini 2.5 Flash was used for high-volume, real-time tasks. “Using Gemini 2.5 Flash enabled us to transform complex technical reports into clear, actionable, and executive-friendly summaries that are easy to understand,” Kennedy says.

• Gemini 2.5 Pro was used for tasks requiring complex analysis. The team used the Pro model to build the platform’s “Attack Recommendation” feature, which analyzes a customer’s specific cloud security posture to suggest the most relevant attacks to validate.

Solving for accuracy with a RAG framework

Throughout development, the Mitigant team noticed that the models would occasionally hallucinate security techniques. To address this, the team created a custom knowledge base using authoritative frameworks of hacker attacks and techniques. This became the central component of their Retrieval-Augmented Generation (RAG) framework, ensuring the dual-model architecture cross-checked answers against verified industry standards before responding.

“Once we implemented RAG properly, Gemini's contextual understanding of cloud security became exceptional,” Kennedy notes. “It can now synthesize attack patterns, cloud misconfigurations, and remediation strategies with both speed and accuracy.”

To ensure further reliability, Kennedy and his team also invested in systematic testing and monitoring. “We spent significant time refining prompts to ensure the Gemini models strictly referenced our verified knowledge base,” says Kennedy. “This approach dramatically improved accuracy and taught us an important lesson about grounding AI responses in domain-specific truth sources.”

The results: Accelerating security validation and platform adoption

Since building with Gemini, the Mitigant team has significantly improved their platform’s speed. “Our customers have reduced their time-to-insight by over 60%, and we’re seeing 3-5X faster vulnerability triage times compared to manual analysis,” Kennedy shares.

>60% reduction in time-to-insight for customers

~3X increase in adoption of Mitigant’s attack emulation platform

3-5X faster vulnerability triage times compared to manual analysis

Mitigant’s customers are finding the platform’s AI-powered contextualized guidance especially valuable. “Customers are actively requesting downloadable versions of the AI-generated summaries to share with stakeholders and include in further security analysis,” says Kennedy.

Contextual AI recommendations have also driven the ~3X increase in platform adoption. “Teams are running more attack emulations because they know which ones are relevant,” Kennedy explains. “And because they’re testing based on actual exposure and not guesswork, they’re finding and fixing vulnerabilities faster.”

What’s next: Making high-level security more easily attainable

Integrating AI continues to be a priority for Kennedy and his team. “AI handles the heavy lifting of analysis and insight generation, freeing our team to focus on expanding attack coverage and building new capabilities,” Kennedy shares. “Our goal is to actively empower all security teams with capabilities previously accessible only to elite practitioners.”

Mitigant’s upcoming product, Attack Builder, uses Gemini to enable security teams to customize cloud attack scenarios without writing code. The team is also scaling for larger enterprises while exploring new ways to make security validation more intelligent.

Currently, the team is testing how Gemini can identify multi-step attacks that traditional tools miss, as well as helping security teams validate defenses against AI-specific threats such as prompt injection. They’re also exploring how AI can process natural language queries to provide even more context-specific recommendations.

Kennedy’s experience has proven that for startups, AI is essential for growth. “If you're building a product where intelligence, analysis, or content generation is a bottleneck—and you're competing against better-funded players—AI isn't optional. It's how you compete,” Kennedy says. “Start small, but start now. Pick one high-value, well-defined problem where AI can deliver immediate impact and prove the value there first.”