Evaluating Generalization Mechanisms in Autonomous Cyber Attack Agents

TL;DR

This paper evaluates how different autonomous cyber attack agents generalize to unseen network configurations, revealing that address-space changes can significantly impair policy transfer, with LLM-based agents performing best but at higher computational and transparency costs.

Contribution

It introduces a minimal shift in network scenarios to test agent generalization and compares traditional, adaptation, and LLM-based agents under this setting.

Findings

Adaptation methods show partial transfer but degrade under unseen IP reassignments.

Prompt-driven LLM agents achieve highest success on unseen scenarios.

LLM agents have higher inference costs and lower transparency.

Abstract

Autonomous offensive agents often fail to transfer beyond the networks on which they are trained. We isolate a minimal but fundamental shift -- unseen host/subnet IP reassignment in an otherwise fixed enterprise scenario -- and evaluate attacker generalization in the NetSecGame environment. Agents are trained on five IP-range variants and tested on a sixth unseen variant; only the meta-learning agent may adapt at test time. We compare three agent families (traditional RL, adaptation agents, and LLM-based agents) and use action-distribution-based behavioral/XAI analyses to localize failure modes. Some adaptation methods show partial transfer but significant degradation under unseen reassignment, indicating that even address-space changes can break long-horizon attack policies. Under our evaluation protocol and agent-specific assumptions, prompt-driven pretrained LLM agents achieve the highest success on the held-out reassignment, but at the cost of increased inference-time compute, reduced transparency, and practical failure modes such as repetition/invalid-action loops.