External ethical hackers (legitimate, licenced, deliberately-hired) brought in to test the effectiveness of a security programme by emulating a real attack. Red teams are normally external because the less they know about a company’s cyber security defences, the more able they are to act like authentic hackers. They are (of course) contractually bound to share all their discoveries with their customer, and gain no advantage from their activities beyond their fee.