PocketAgents: A Manifest-Driven Library of Autonomous Defense Agents

TL;DR

PocketAgents introduces a manifest-driven library of autonomous defense agents that leverage large language models to detect and respond to cyber threats within a controlled, measurable framework.

Contribution

It presents a novel manifest-driven approach for deploying LLM-based defense agents with bounded telemetry and typed report validation.

Findings

13 out of 18 trials successfully contained the attack

Typed boundaries improve measurability and attribution of LLM-driven defenses

The system effectively validates and executes network-block actions

Abstract

Connecting large language models (LLMs) to defensive enforcement requires more than asking a model whether an attack is happening. A defender must decide which model outputs may change the system state, which outputs must be rejected, and how failures should be recorded. We present PocketAgents, a manifest-driven library of autonomous defense agents. Each agent is installed as three data files: a manifest, a prompt, and a runtime context. The shared runtime gives the agent bounded telemetry access and accepts only typed reports whose requested action appears in the manifest. We implemented PocketAgents on top of a cyber arena (Perry), a cyber-deception testbed, and evaluated two agents, Command and Control and Exfiltration, in 18 closed-loop trials of a DarkSide-inspired attack on a small enterprise topology. Thirteen trials produced validated network-block actions and contained the attack; four failed schema validation; one produced a valid no-action decision. The experiments show that a typed boundary makes LLM-driven defense measurable, extensible, and attributable.