The laboratory for the agentic era

Hack The Box began in 2017 in Folkestone, Kent, as a platform for people to practice offensive security skills in a sandboxed environment. It was founded by Haris Pylarinos, Aris Zikopoulos, and James Hooker, who saw a gap between theoretical security education and the messy, real-world reality of exploitation. Since then, the company has grown into a massive community of over 4 million members. It is used by Fortune 500 companies and government agencies to train security analysts. While it started with human hackers, the company is now betting heavily on what they call the "agentic era."

In early 2024, Hack The Box introduced the "AI Range." This marks a shift in their target user. Most of the cybersecurity market focuses on how human analysts can use AI to write better code or find bugs faster. Hack The Box is taking the opposite approach. They are building environments to test the vulnerability of the AI agents themselves. As companies deploy autonomous agents that have access to APIs, databases, and internal networks, those agents become high-value targets. Hack The Box provides the infrastructure to red-team these systems, identifying risks like prompt injection or insecure output handling before a malicious actor does.

Offense informs defense

The core of the platform is built on the "Pwnbox" experience. This is a cloud-based hacking workstation accessible via a browser, eliminating the need for users to configure their own virtual machines. It contains over 700 labs ranging from simple web vulnerabilities to complex "Pro Labs" that simulate entire corporate networks across AWS, Azure, and GCP. The methodology is rooted in the idea that to defend a network, one must understand how to break it. This "purple team" approach—where offensive and defensive teams share knowledge—is integrated into their enterprise offerings.

For businesses, the platform is more than just a series of puzzles. It includes specialized candidate assessment tools to help companies hire cybersecurity talent based on demonstrated skills rather than certificates alone. It also provides breach and crisis simulations. These allow leadership and technical teams to practice their response to a live ransomware attack or a data breach in a controlled, non-destructive environment. This focus on validated readiness distinguishes them from platforms that rely on passive video learning.

A competitive market for cyber skills

Hack The Box sits in a crowded market alongside rivals like OffSec (Offensive Security) and TryHackMe. OffSec is known for its rigorous certifications like the OSCP, while TryHackMe is often the entry point for students. Hack The Box occupies the middle ground and the high end, combining a gamified, community-driven spirit with the technical depth required by elite red teams. Their acquisition of LetsDefend and partnerships with Google and LinkedIn Learning suggest an aggressive expansion into defensive security and mainstream education. As AI agents gain more agency in corporate environments, Hack The Box is positioning itself as the primary venue for testing whether those agents are actually secure or just new entry points for attackers.