Red Team Stealth Operations

Stealth operations is our most significant offering, providing GitLab an opportunity to practice responding to real-world attacks. We use stealth operations to emulate threats most likely to target GitLab, our platform, and our customers. This focused approach sharpens our defenses and keeps us ahead of potential attacks.

Who is involved?

During a stealth operation, only a small group of GitLab team members are aware of the details. We call these people “trusted participants”, and they help keep operations safe and productive.

How long do stealth operations last?

Stealth operations can vary in format and length. Some follow a more defined cycle with clear start and end dates, typically spanning 3-6 months. These operations often conclude when a significant detection event occurs, allowing us to evaluate the full response process. Other operations are continuous, designed to emulate persistent threats. In these cases, if we’re detected, we regroup, adapt our tactics, and continue pursuing our objectives — just as real adversaries would.

What happens during a stealth operation?

Stealth operations follow special rules. Examples of techniques we might use or those we specifically avoid are available in Stealth Operation Techniques.

What happens after?

We release a report which summarises the entire operation and our recommendations, suitable for a broad audience.