Environment-Grounded Multi-Agent Workflow for Autonomous Penetration Testing

TL;DR

This paper presents an environment-grounded multi-agent system utilizing large language models for automated penetration testing of robotic cyber-physical systems, achieving reliable success in complex security scenarios.

Contribution

It introduces a novel multi-agent architecture with dynamic graph-based memory for structured, traceable penetration testing in robotic environments, enhancing automation and reliability.

Findings

Achieved 100% success rate in robotics Capture-the-Flag tests

Outperformed existing benchmarks in reliability and traceability

Demonstrated effective context management in complex scenarios

Abstract

The increasing complexity and interconnectivity of digital infrastructures make scalable and reliable security assessment methods essential. Robotic systems represent a particularly important class of operational technology, as modern robots are highly networked cyber-physical systems deployed in domains such as industrial automation, logistics, and autonomous services. This paper explores the use of large language models for automated penetration testing in robotic environments. We propose an environment-grounded multi-agent architecture tailored to Robotics-based systems. The approach dynamically constructs a shared graph-based memory during execution that captures the observable system state, including network topology, communication channels, vulnerabilities, and attempted exploits. This enables structured automation while maintaining traceability and effective context management throughout the testing process. Evaluated across multiple iterations within a specialized robotics Capture-the-Flag scenario (ROS/ROS2), the system demonstrated high reliability, successfully completing the challenge in 100\% of test runs (n=5). This performance significantly exceeds literature benchmarks while maintaining the traceability and human oversight required by frameworks like the EU AI Act.