Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

AgentCyTE: Leveraging Agentic AI to Generate Cybersecurity Training & Experimentation Scenarios

Ana M. Rodriguez, Jaime Acosta, Anantaa Kotal, Aritran Piplai

TL;DR

AgentCyTE tackles the challenge of creating realistic, adaptable cybersecurity threat scenarios by marrying flexible LLM-driven generation with deterministic, schema-constrained CORE network emulation through an agentic feedback loop. The approach constrains topology, routing, services, and traffic via a machine-verifiable schema, while an iterative loop of proposing, validating, hypothesizing, diversifying fixes, selecting, and learning progressively yields executable and coherent environments. Key contributions include a schema-constrained generator, a CORE-backed execution and validation pipeline, and an autonomous agentic controller that learns to fix schema and execution errors, significantly improving over naive single-shot generation. This framework enables scalable, data-driven threat modeling and adaptive cybersecurity training with reliable, reproducible scenarios, and it is extended via a Vulhub-integrated case study for CTF-style evaluation.

Abstract

Designing realistic and adaptive networked threat scenarios remains a core challenge in cybersecurity research and training, still requiring substantial manual effort. While large language models (LLMs) show promise for automated synthesis, unconstrained generation often yields configurations that fail validation or execution. We present AgentCyTE, a framework integrating LLM-based reasoning with deterministic, schema-constrained network emulation to generate and refine executable threat environments. Through an agentic feedback loop, AgentCyTE observes scenario outcomes, validates correctness, and iteratively enhances realism and consistency. This hybrid approach preserves LLM flexibility while enforcing structural validity, enabling scalable, data-driven experimentation and reliable scenario generation for threat modeling and adaptive cybersecurity training. Our framework can be accessed at: https://github.com/AnantaaKotal/AgentCyTE

AgentCyTE: Leveraging Agentic AI to Generate Cybersecurity Training & Experimentation Scenarios

TL;DR

AgentCyTE tackles the challenge of creating realistic, adaptable cybersecurity threat scenarios by marrying flexible LLM-driven generation with deterministic, schema-constrained CORE network emulation through an agentic feedback loop. The approach constrains topology, routing, services, and traffic via a machine-verifiable schema, while an iterative loop of proposing, validating, hypothesizing, diversifying fixes, selecting, and learning progressively yields executable and coherent environments. Key contributions include a schema-constrained generator, a CORE-backed execution and validation pipeline, and an autonomous agentic controller that learns to fix schema and execution errors, significantly improving over naive single-shot generation. This framework enables scalable, data-driven threat modeling and adaptive cybersecurity training with reliable, reproducible scenarios, and it is extended via a Vulhub-integrated case study for CTF-style evaluation.

Abstract

Designing realistic and adaptive networked threat scenarios remains a core challenge in cybersecurity research and training, still requiring substantial manual effort. While large language models (LLMs) show promise for automated synthesis, unconstrained generation often yields configurations that fail validation or execution. We present AgentCyTE, a framework integrating LLM-based reasoning with deterministic, schema-constrained network emulation to generate and refine executable threat environments. Through an agentic feedback loop, AgentCyTE observes scenario outcomes, validates correctness, and iteratively enhances realism and consistency. This hybrid approach preserves LLM flexibility while enforcing structural validity, enabling scalable, data-driven experimentation and reliable scenario generation for threat modeling and adaptive cybersecurity training. Our framework can be accessed at: https://github.com/AnantaaKotal/AgentCyTE

Paper Structure

This paper contains 11 sections, 6 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. System Design
  4. System Overview
  5. Scenario Specification Elements
  6. Agentic Feedback Controller
  7. Evaluation
  8. Conclusion and Future Work
  9. Case Study
  10. With Manual Integration:
  11. With Agentic Integration:

Figures (6)

  • Figure 1: AgentCyTE Workflow
  • Figure 2: Topology. Orange:Rtr, Green:SW, Yellow:H
  • Figure 3: Average rounds taken to fix an XML by change type for GPT, OSS, and Claude.
  • Figure 4: Average errors fixed per XML for each change type for GPT, OSS, and Claude.
  • Figure 5: A generated scenario showing the node graph with routers (large/red), switches (medium blue), and hosts (yellow/small). Vulnerable hosts are green/stars.
  • ...and 1 more figures