Dynamic Cyber Ranges
V\'ictor Mayoral-Vilches, Mar\'ia Sanz-G\'omez, Francesco Balassone, Maite Del Mundo De Torres, George Nicolaou, Samuel Rodriguez Borines, Almerindo Graziano, Paul Zabalegui, Endika Gil-Uriarte
TL;DR
This paper introduces Dynamic Cyber Ranges with LLM-driven defender agents that adaptively harden infrastructure and respond to threats, significantly improving cybersecurity evaluation realism and effectiveness.
Contribution
It proposes a novel dynamic cyber range framework with AI-powered defenders, demonstrating improved attack prevention and faster detection compared to static environments.
Findings
Defender agents reduced attacker success to 0-55%.
A smaller on-premise model matched large model defenses.
Defenders detected attackers 10x faster in complex scenarios.
Abstract
As LLM-driven agents advance in cybersecurity, Jeopardy CTF benchmarks are approaching saturation and cyber ranges, the natural next evaluation frontier, offer diminishing resistance under their current static design. We validate this observation by deploying an LLM-driven Advanced Persistent Threat (APT) agent across three tiers of increasingly realistic infrastructure (PRO Labs, MHBench, military-grade CYBER RANGES). To counteract this trend, we propose Dynamic Cyber Ranges: cyber range environments augmented with LLM-driven Defender agents that harden infrastructure, monitor for intrusions, and respond in real time. Across evaluated scenarios, Defender agents reduce attacker success to 0-55%, achieving complete prevention on multiple configurations. Since attacker and defender agents draw from the same underlying model capabilities, Dynamic Cyber Ranges preserve evaluation headroom…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.