This paper considers the offering made to threat actors by the deployment of digital twins around Operational Technology (OT), IoT and Smart City environments. In the context of a model for threat actor types it explores misuse cases that may be possible given an available or compromised digital twin. We present a proposed methodology for red teaming a digital twin’s deployment that reduces risk whilst preserving utility. The common consultancy recommendation that security equivalence must be established is challenged given that a digital twin often represents a physical or cyber-physical system, with wider physical security and societal threats being identified.