I have been doing tabletop exercises for the past decade. The traditional model is filled with structural issues that most practitioners know about but don’t talk about. Reflex actually fixes them.
The scenario engine is a core improvement. Based on as little or as much information as you want to feed it, Reflex builds the attack vector, the threat actor and the organizational context. What usually took weeks of scenario development and stakeholder coordination can be done in under a few hours. That time compression, and quality of the output, significantly changes what I can do for an organization.
Participant engagement is where most exercises fall apart. You know the look. Technical teams being asked to suspend disbelief because of unrealistic assumptions, or exec teams on their phones, half-checked out. Reflex solves that too. Everyone gets their own console tuned to their role. AI agents participate as attackers and as colleagues who aren’t part of the formal exercise. They’ll ask questions, make noise, put on a lot of pressure. A facilitator doesn’t provide every inject. Each participant has to bring what they are finding to the team which is so much more realistic.
The reporting is very good. You get an all-encompassing transcript showing how people found information, how they communicated with others when they were under pressure, and what decisions they took and when. And that’s a whole different level of insight than a quick hot wash at the end of a traditional session.
One thing I didn’t expect to see going in: I started using Reflex for cyber tabletops and quickly realized it handles BCP/DR, crisis communications, and enterprise risk scenarios just as well. That’s opened conversations well beyond the security team. Review collected by and hosted on G2.com.
Fully in-person sessions with one shared screen lose some of what makes it effective. Everybody, or at least every team, needs their own console. But I have come to understand that Reflex’s model is actually more realistic anyway. Real incidents aren’t worked in a single conference room around a u-shaped table. You have parallel bridges running simultaneously. The platform is similar to the way incidents actually play out.
The format of the after-action report is still evolving. The depth of what the platform captures is impressive. The bigger problem is that the industry has yet to figure out what an after-action report should look like for this kind of exercise. The mistake would be to try to rebuild the old reports with this platform. Reflex is not revamping an old model, they are building a new one. Their team is engaged and the process feels very collaborative. Review collected by and hosted on G2.com.
