Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

AgentBnB: A Browser-Based Cybersecurity Tabletop Exercise with Large Language Model Support and Retrieval-Aligned Scaffolding

Arman Anwar, Zefang Liu

TL;DR

This paper tackles the rigidity and scalability challenges of traditional cybersecurity tabletop exercises by introducing AgentBnB, a browser-based platform that blends large language model teammates with a retrieval-augmented instructional copilot (C2D2) to provide Bloom-aligned, just-in-time scaffolding. Building on Backdoors & Breaches, AgentBnB preserves procedural fidelity while enabling human-in-the-loop collaboration and data-driven pedagogy, grounded in a structured RAG architecture. The system delivers a lightweight, repeatable training experience with an emphasis on adaptive guidance, persistent state, and telemetry for learning analytics. Initial pilot results with four graduate students indicate favorable perceptions of scalability and usefulness, though limitations such as sample size and corpus breadth call for broader studies and multi-player extensions to validate learning gains at scale.

Abstract

Traditional cybersecurity tabletop exercises (TTXs) provide valuable training but are often scripted, resource-intensive, and difficult to scale. We introduce AgentBnB, a browser-based re-imagining of the Backdoors & Breaches game that integrates large language model teammates with a Bloom-aligned, retrieval-augmented copilot (C2D2). The system expands a curated corpus into factual, conceptual, procedural, and metacognitive snippets, delivering on-demand, cognitively targeted hints. Prompt-engineered agents employ a scaffolding ladder that gradually fades as learner confidence grows. In a solo-player pilot with four graduate students, participants reported greater intention to use the agent-based version compared to the physical card deck and viewed it as more scalable, though a ceiling effect emerged on a simple knowledge quiz. Despite limitations of small sample size, single-player focus, and narrow corpus, these early findings suggest that large language model augmented TTXs can provide lightweight, repeatable practice without the logistical burden of traditional exercises. Planned extensions include multi-player modes, telemetry-driven coaching, and comparative studies with larger cohorts.

AgentBnB: A Browser-Based Cybersecurity Tabletop Exercise with Large Language Model Support and Retrieval-Aligned Scaffolding

TL;DR

This paper tackles the rigidity and scalability challenges of traditional cybersecurity tabletop exercises by introducing AgentBnB, a browser-based platform that blends large language model teammates with a retrieval-augmented instructional copilot (C2D2) to provide Bloom-aligned, just-in-time scaffolding. Building on Backdoors & Breaches, AgentBnB preserves procedural fidelity while enabling human-in-the-loop collaboration and data-driven pedagogy, grounded in a structured RAG architecture. The system delivers a lightweight, repeatable training experience with an emphasis on adaptive guidance, persistent state, and telemetry for learning analytics. Initial pilot results with four graduate students indicate favorable perceptions of scalability and usefulness, though limitations such as sample size and corpus breadth call for broader studies and multi-player extensions to validate learning gains at scale.

Abstract

Traditional cybersecurity tabletop exercises (TTXs) provide valuable training but are often scripted, resource-intensive, and difficult to scale. We introduce AgentBnB, a browser-based re-imagining of the Backdoors & Breaches game that integrates large language model teammates with a Bloom-aligned, retrieval-augmented copilot (C2D2). The system expands a curated corpus into factual, conceptual, procedural, and metacognitive snippets, delivering on-demand, cognitively targeted hints. Prompt-engineered agents employ a scaffolding ladder that gradually fades as learner confidence grows. In a solo-player pilot with four graduate students, participants reported greater intention to use the agent-based version compared to the physical card deck and viewed it as more scalable, though a ceiling effect emerged on a simple knowledge quiz. Despite limitations of small sample size, single-player focus, and narrow corpus, these early findings suggest that large language model augmented TTXs can provide lightweight, repeatable practice without the logistical burden of traditional exercises. Planned extensions include multi-player modes, telemetry-driven coaching, and comparative studies with larger cohorts.

Paper Structure

This paper contains 42 sections, 5 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Problem Statement
  3. Background and Related Work
  4. Traditional Tabletop Exercises
  5. Backdoors & Breaches as a Training Framework
  6. Autonomous LLM Agents in Backdoors & Breaches
  7. Bloom's Taxonomy as a Lens for Cybersecurity Skill Development
  8. Instructional Scaffolding via Prompt Design
  9. Design Objectives & Requirements
  10. Pedagogical Objectives
  11. User‑Experience Goals
  12. System Overview
  13. Design Goals & Architecture Principles
  14. Key Components
  15. Graphical User Interface (GUI)
  16. ...and 27 more sections

Figures (5)

  • Figure 1: AgentBnB system architecture, showing the user interface, game engine, agent layer, C2D2 RAG module, and telemetry paths.
  • Figure 2: Social architecture of AgentBnB, including the human defender, Incident Captain, SOC Analyst, Red-Team Narrator, and their chat pathways.
  • Figure 3: C2D2 two-stage flow, consisting of offline knowledge expansion and online retrieval and generation.
  • Figure 4: Group Chat view of the AgentBnB user interface, showing the main gameplay channel where the learner, AI teammates, and the Incident Master conduct in-game dialogue.
  • Figure 5: C2D2 Chat view of the AgentBnB user interface, showing the retrieval-augmented copilot channel that provides Bloom-aligned hints and citations separately from in-game dialogue.