What is the AGI in Offensive Security ?
Youngwoong Cho
TL;DR
This paper presents a formal framework reframing offensive security as symbolic language manipulation by modeling target systems as state machines and attackers as interactive symbolic agents. It shows that all interactions and attacker strategies can be encoded as finite strings and that these can be tokenized for processing by large language models, enabling approximation or synthesis of attacker policies. An informal theorem posits hacking as symbolic sequential computation, with automated exploit generation treated as symbolic constraint solving and LLM-based policy approximation. The work provides a unifying language-theoretic perspective on hacking and discusses implications for security analysis, defense, and future multimodal, AI-driven security tools.
Abstract
What is the AGI in Offensive Security? One can break it down into two questions : (1) any offensive security tasks could be reduced into symbolic language manipulation (language representation + reasoning), (2) powerful language model (LLM) are enough to "deal with" any symbolic language manipulation. This paper can formally model a target system as a state machine and a hacker as an interactive symbolic agent. And it shows that every interaction in an offensive engagement can be encoded as a finite string. This paper provides definitions, short lemmas, and open discussion.
