AI Agent Learns to Autonomously Respond to Cyberattacks Using Existing Knowledge

Researchers are tackling the growing challenge of rapidly evolving cyberattacks with a novel approach to autonomous network incident response. Yiran Gao from the Department of Systems Engineering, City University of Hong Kong, Kim Hammar from the Department of Electrical and Computer Engineering, University of Melbourne, and Tao Li, working in collaboration between these institutions, present an end-to-end system leveraging large language models. This research is significant because it moves beyond traditional reinforcement learning methods, which require complex simulators and lose valuable information from system logs. Instead, the team’s agent integrates perception, reasoning, planning and action within a single language model, enabling it to interpret network state, infer attacks, simulate responses and ultimately adapt to threats in real-time, achieving up to 23% faster recovery times compared to existing large language models.

Scientists have developed a new artificial intelligence agent capable of autonomously responding to cyberattacks with significantly improved speed and accuracy. This agent, built around a large language model (LLM) with 14 billion parameters, represents a departure from traditional incident response systems that rely heavily on manual intervention or complex, handcrafted simulations.

The research addresses a critical need for adaptable cybersecurity, as attacks are evolving at an unprecedented rate and overwhelming existing defences. Unlike prior approaches using reinforcement learning, which demands detailed modelling of network environments, this work leverages the pre-trained security knowledge embedded within LLMs and a technique called in-context learning to create a streamlined, end-to-end solution.

The agent functions by integrating four key capabilities: perception, reasoning, planning, and action. It processes system logs and security alerts to understand the network’s current state (perception), infers the nature of the attack (reasoning), simulates the consequences of different responses (planning), and then executes the most effective strategy (action).

A crucial innovation lies in the agent’s ability to refine its understanding of the attack and its response through continuous comparison of simulated outcomes with real-world observations, demonstrating a form of in-context adaptation. The system’s architecture combines offline fine-tuning of the LLM with an online planning stage, addressing common issues such as generating inappropriate responses (hallucinations) and losing context during prolonged incidents.

Initially, the LLM undergoes offline fine-tuning using a dataset of incident logs paired with corresponding response plans and detailed chain-of-thought reasoning traces, equipping the model with a foundational understanding of incident response strategies and the ability to articulate its decision-making process. Subsequently, during online response planning, the fine-tuned LLM processes incoming system logs and threat intelligence to generate candidate response actions.

A novel planning agent then evaluates these candidates through a lookahead tree-search, simulating the consequences of each action sequence. This simulation, inspired by Partially Observable Markov Decision Process (POMDP) methods, constructs a “world model” of the network environment to forecast future alerts and recovery states. The predicted recovery trajectories are scrutinised to filter out potentially inappropriate or hallucinated actions, and the system incorporates in-context adaptation, where the LLM recalibrates its world model based on discrepancies between predicted and actual observations, ensuring self-consistency during long-horizon planning.

This iterative refinement process allows the agent to learn and adapt to evolving threats without requiring explicit retraining or handcrafted simulators. Evaluations using publicly available incident logs demonstrate a substantial performance improvement, with the new agent achieving recovery times up to 23% faster than those of existing, state-of-the-art LLMs, including DeepSeek-R1, Gemini 2.5 Pro, and OpenAI O3.

This improvement in recovery speed was observed across a range of incident logs, demonstrating the agent’s ability to formulate effective responses more quickly. Despite similar failure rates between all tested models, the LLM agent consistently achieved the shortest recovery times, indicating a superior planning capability. Alert generation, assessed using the F1 score across the top five most frequent tactics, revealed the model’s strength in handling attacks rather than normal activity, evidenced by a reduced rate of false alarms.

Precision and recall scores were used to evaluate action generation, requiring a precision threshold of 0.6 to ensure consistency between generated tactics and log data. This calibration step ensures that multi-step planning proceeds only with reliable and relevant actions. Ablation studies, removing fine-tuning, planning, or in-context adaptation, highlighted the critical roles of these functionalities.

Removing fine-tuning or planning resulted in the most significant performance degradation, while the in-context adaptation mechanism provided a more modest improvement. These results suggest that the initial learning and strategic planning stages are paramount to effective incident response. The study utilised four evaluation datasets, CTU-Malware-2014, CIC-IDS-2017, AIT-IDS-V2-2022, and CSLE-IDS-2024, encompassing diverse attacks, logs, and system configurations to ensure robust evaluation.

The agent, with 14 billion parameters, maintains a lightweight profile comparable to baseline models while delivering substantial performance gains. The relentless escalation of cyber warfare demands a shift from reactive defence to genuinely adaptive security systems. For too long, incident response has relied on painstakingly crafted simulations, valuable as they are, but ultimately limited by their inability to fully capture the chaotic reality of a live attack.

This work represents a compelling step towards bridging that gap by harnessing the power of large language models, not as static knowledge bases, but as dynamic reasoning engines. The ability to ingest raw system logs, infer the attacker’s intent, and then simulate the consequences of different responses before committing to a course of action is a significant advance.

However, the reliance on pre-trained security knowledge within the LLM also introduces potential biases and blind spots, as the system’s effectiveness is fundamentally tied to the quality and completeness of that initial training data. While the agent demonstrates in-context learning, the extent to which it can generalise to truly novel attack vectors remains an open question. Looking ahead, the most exciting prospect isn’t simply refining this specific agent, but exploring how LLMs can orchestrate a broader ecosystem of security tools, potentially acting as central nervous systems coordinating firewalls, intrusion detection systems, and threat intelligence feeds in real-time, creating a truly self-defending network.