Missionloops · research seat (open) · strategic reasoning under an adversary
How a white-hat hacker actually thinks.
And whether that mind can be trained, not just found. This is a research seat for the scientist who studies how hackers, reverse engineers, and red-teamers reason. It comes with a substrate no laboratory can assemble: a real population of operators doing the actual work under genuine stakes.
A way of reasoning these fields share
The same way of reasoning shows up across hacking, reverse engineering, red-teaming, competitive intelligence, and the kind of institutional troubleshooting that gets a stuck file moving again. The practitioner is handed a system that will not explain itself, and refuses to take it at its word. Instead of following the rules it advertises, they work out the rules it actually runs on, and look for the requirement its designers never thought to question. The procedure a system publishes and the logic it runs on are not the same thing, and this is the reasoning that tells them apart.
What is that reasoning? How much of it is one capacity, not several? And can it be taught to someone who does not already have it? Those are the questions this seat is open to study.
What the literature already shows
A research literature studies this move directly, by watching skilled practitioners do it and writing down how. Much of it comes from the usable-security line built by Daniel Votipka and colleagues. The findings below are specific, they recur across studies, and each links to the paper it comes from.
- The expert does not trust the system's account of itself. They probe it, watch how it responds, and build a working model from the traces it leaves, the way a reverse engineer reconstructs a program's logic from its behaviour rather than its documentation.
- The target that matters is rarely a careless slip. It is the unintuitive requirement the builder's own mental model never represented. The decisive gap is conceptual: something the designer could not see, because they were standing inside their own assumptions.
- Inside access can blind you. The person holding the full internal picture inherits the builder's blind spots, while the outsider, forced to reconstruct the system from outside, is the one who notices the assumption the insider cannot.
- Real experience on real targets beats formal training. The skill is built case by case, from a stock of prior encounters the practitioner reasons from by analogy, not from a syllabus.
- Two ingredients make it teachable rather than tacit: metacognition (predict what the system will do, then check against what it did) and transfer (being taught when and why a technique applies, not only how to run it). Solo practice supplies neither reliably.
That last finding is the hinge. The second person is the part Missionloops is built around: every operator is paired with a guide whose whole job is to force the predict-then-check and to name the principle behind the move. That is the exact mechanism the literature says converts this skill from tacit to transferable.
The open questions
The sharpest open question is whether rule-discovery is a skill the platform trains or just a trait it reveals. Our proposal leans hard on the first reading: its whole innovation and dual-use case assumes ordinary operators can be taught to find a hidden ruleset and redesign their position against it. That is exactly the claim we cannot judge for ourselves. If the wins come instead from people who would have solved it anyway, the case studies are survivorship stories, and the claim has to soften from "trains" to "selects for and showcases." A trained, untrained, and placebo design on a held-out problem tells the two apart, and settles it against us if that is where the evidence goes.
Your field has a strong claim on this question, for one reason: hacking and troubleshooting give a hard binary outcome. The exploit lands or it does not, and the rule yields or it does not. That clean criterion is rare in the study of cognition, where a result is usually read against a standard someone can contest, and it is what makes rule-discovery unusually well posed to measure.
Three more questions follow from the same construct:
- When the feedback channel itself lies. The white-hat literature assumes a system that answers honestly. Remove that, and the loop deforms into the threat model: a defender that can deceive, exploitation as a standing phase, stealth as a continuous constraint. Does trained judgment hold when the AI assisting the operator is denied or turned against them, where AI-reliant judgment collapses or gets steered?
- Counter-deception inside the network. The same reasoning that finds a flaw in a system can spot an attempt to work one on a person: elicitation the target does not notice, manipulation that reads as ordinary persuasion, an imposter probing a pairing. Does a network seeded with people who carry that pattern recognition resist intrusion better than one without them?
- Getting inside the adversary's model. The offensive skill of reconstructing how the other side reasons has a cooperative twin: modelling what a counterpart actually values, to find the move that is cheap for you and worth a lot to them. Does real-stakes practice train that, and does it show up symmetrically in negotiation?
Why the platform is the instrument
The evidence base for how adversarial reasoners think is built almost entirely on small samples, observed through think-aloud and interview, because the people doing genuine adversarial reasoning under genuine stakes are few, busy, and hard to instrument. The foundational results were mapped that way, a dozen experts observed deeply, because a dozen is what the method could reach.
Missionloops is a real-stakes, population-scale operator network reverse-engineering real systems: a regulator's classification logic, a procurement rule that contradicts itself, a hard negotiation, a Northern build-out stuck on a rule no one in the field controls. It records the shape of the reasoning, the loop depth, the revisions, where the operator got stuck and how they got unstuck, without ever reading the content of the problem. It runs at population scale, on the operator's real problems under genuine stakes, and the outcome is unambiguous, a combination no managed cohort can supply. You could run the think-aloud study the field ran on twelve people here, on a whole population, against problems where the rule genuinely yields or genuinely does not.
The studies this seat can run
A menu, not a programme. Recast any toward your own published line, or bring a question we did not anticipate.
- Rule-Discovery as Innovation Is rule-discovery trained or only revealed. The clean-ground-truth instrument.
- Trained Judgment Under AI Denial and Compromise Judgment when the feedback channel itself is adversarial.
- Symmetric Adoption in Negotiation Modelling the adversary's frame: the cooperative twin of the offensive skill.
- Veteran Integration and Network Hardening Counter-deception as a network property.
The seat, and the terms
The seat is open, and the ask is a conversation, not a commitment. The terms are a free option: tell us the question you would bring, and commit only if it is funded.
We are looking for the researcher in Canada whose work already is this: usable security and human factors in cybersecurity, the cognitive science of expertise and reverse engineering, red-team and threat-model reasoning, the psychology of how a person finds the flaw. If that describes your work, the platform is being built as the substrate this question needs, and the question you would bring is the one the seat is open for.
scott (at) missionloops (dot) ca
See also: All research seats · Defence · Member · Investor