Reopening the Bat Cave: Duo Labs Is Back
Duo Labs is back!
Well, not exactly in the same form — but the sentiment, heart, and function of Duo Labs is back. For the curious, the original Duo Labs was a team of amazing security researchers, tinkerers, and thinkers that published their findings, experiments, and explorations on the Duo Labs site.
Perhaps most famously, the team sent a phone equipped with Duo mobile into space — attempting to complete a Duo push from 90,000 feet. There are still many other examples of cool security research or contributions to the security community live on the Duo Labs site.
Over the last few years, the official labs team was disbanded, moving on to new projects, teams, and gigs — and the Duo Labs site was left to face the digital sands of internet time without much attention or thought. There hasn’t been a Duo Labs post since 2021. Not every project continues forever, and it’s okay to be at peace with an effort ending — conclusions and closure are a part of any story.
However, internally at Duo, we realized that by disbanding the Labs team and discontinuing writing for the Labs site, we lost something special about Duo itself. That special thing was a forum for Duonauts to be nerdy, expansive, and inquisitive about all things at the intersection of access management and security. It’s one thing to have the company blog (look, I’m writing here right now!). But it’s another to have a place to post that doesn’t need a product tie-in or an ask to contact sales.
The truth is, there are still a bunch of security scientists lurking within Duo. Folks thinking about the future of authentication, from passkeys to decentralized identity. Folks researching the identity threat landscape and which parts of the identity infrastructure attackers will strike next. Folks using the massive Duo dataset of authentications to uncover new attack patterns and techniques. And, folks thinking deeply about the next generation of security protocols and frameworks.
This type of work doesn’t necessarily coincide with the scope of Duo’s mainline blog. There often won’t be a clear right answer, and certainly won’t always be a product demo of a solution. Therefore, to showcase the work of Duonauts thinking about the big problems of authentication, access, identity, and security, we're re-opening Duo Labs. The first piece will be a “nigh-comprehensive” overview of identity threats with a look at their prevention and detection. From there, we’ll produce new content monthly, diving deep into the brains of Duo’s engineers, product leaders, and data scientists.
If this effort sounds interesting to you, meet us over at Duo Labs or follow the back online @DuoLabs on Twitter. We’re excited to tinker again