LiaisonAgent: An Multi-Agent Framework for Autonomous Risk Investigation and Governance

TL;DR

LiaisonAgent is an autonomous multi-agent system that enhances cyber risk investigation and governance by integrating advanced reasoning, specialized agents, and hybrid planning to improve detection accuracy and reduce manual effort.

Contribution

The paper introduces LiaisonAgent, a novel multi-agent framework utilizing large reasoning models and hybrid planning for autonomous cyber risk management.

Findings

97.8% success rate in end-to-end tool calling

95% accuracy in risk judgment

92.7% reduction in manual investigation effort

Abstract

The rapid evolution of sophisticated cyberattacks has strained modern Security Operations Centers (SOC), which traditionally rely on rule-based or signature-driven detection systems. These legacy frameworks often generate high volumes of technical alerts that lack organizational context, leading to analyst fatigue and delayed incident responses. This paper presents LiaisonAgent, an autonomous multi-agent system designed to bridge the gap between technical risk detection and business-level risk governance. Built upon the QWQ-32B large reasoning model, LiaisonAgent integrates specialized sub-agents, including human-computer interaction agents, comprehensive judgment agents, and automated disposal agents-to execute end-to-end investigation workflows. The system leverages a hybrid planning architecture that combines deterministic workflows for compliance with autonomous reasoning based on the ReAct paradigm to handle ambiguous operational scenarios. Experimental evaluations across diverse security contexts, such as large-scale data exfiltration and unauthorized account borrowing, achieve an end-to-end tool-calling success rate of 97.8% and a risk judgment accuracy of 95%. Furthermore, the system exhibits significant resilience against out-of-distribution noise and adversarial prompt injections, while achieving a 92.7% reduction in manual investigation overhead.