Digital twins are not a new idea—NASA first used them in the 1960s for space simulations
As cyber threats grow more sophisticated, the next big shift in cybersecurity could come from a concept rooted in space exploration: digital twins. Companies like Trellix are now applying this technology—pairing real-world data with simulation models—to create virtual environments where cyberattacks can be detected, analysed, and mitigated without impacting live systems.
Trellix’s approach leverages data from sources such as Microsoft Active Directory and network policies to build a detailed digital replica of a customer’s enterprise environment. Artificial intelligence (AI) agents then operate within this model to triage alerts, reconstruct potential user activities, and assess the possible effects of suspicious behaviour.
“Put together, this means that we can paint a picture of what it would look like if an attacker were in an environment,” said Martin Holste, Chief Technology Officer for Cloud and AI at Trellix. “The advantages for customers are the ability to think in systems and understand not just what is happening, but why it is happening.”
Digital twins are not a new idea—NASA first used them in the 1960s for space simulations. However, their use in cybersecurity marks a significant evolution. Researchers at the University of Michigan, backed by the National Institute of Standards and Technology (NIST), have demonstrated the concept’s value by modelling a 3D printer’s operation to detect cyber anomalies.
According to Holste, digital twins allow AI systems to experiment within a safe, simulated space, improving accuracy without risking production environments.
Startups like Backslash Security are also tapping into the potential of digital twins. Instead of instrumenting live applications, they model application data flows and interactions, enabling safer testing of code updates and user behaviours. “The digital twin approach provides a happy middle ground, providing near-runtime-level precision, but without intruding on production environments,” said Yossi Pik, Co-founder and CTO at Backslash Security.
Furthermore, linking digital twins with large language models (LLMs) can strengthen cybersecurity analysis, making AI-driven ‘copilots’ more accurate and context-aware.
As Holste notes, “Generative AI is extremely good at understanding systems and environments,” and the benefits of combining it with digital twins are expected to “increase geometrically” in the future.
Digital twins, once confined to engineering, now stand poised to become an essential tool in the battle to secure digital frontiers.
