What is the AGI in Offensive Security ?
Youngwoong Cho
TL;DR
This paper explores the potential of large language models to perform symbolic reasoning in offensive security by modeling hacking interactions as finite strings within a formal state machine framework.
Contribution
It introduces a formal model of offensive security tasks as symbolic language manipulation and demonstrates how LLMs could theoretically handle these tasks.
Findings
Offensive security tasks can be reduced to symbolic language manipulation.
Interactions in offensive security can be encoded as finite strings.
The paper provides formal definitions and lemmas for this modeling approach.
Abstract
What is the AGI in Offensive Security? One can break it down into two questions : (1) any offensive security tasks could be reduced into symbolic language manipulation (language representation + reasoning), (2) powerful language model (LLM) are enough to "deal with" any symbolic language manipulation. This paper can formally model a target system as a state machine and a hacker as an interactive symbolic agent. And it shows that every interaction in an offensive engagement can be encoded as a finite string. This paper provides definitions, short lemmas, and open discussion.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsWeb Application Security Vulnerabilities · Security and Verification in Computing · Spam and Phishing Detection