LLM Agents for Offensive Security
"What could go wrong?"
Profile picture for user andreas.happe
Andreas Happe

LLM Agents for Offensive Security

Förderjahr 2025 / Stipendium Call #20 / Stipendien ID: 7733

In today's interconnected digital world, ensuring software and systems are secure has never been more critical. A primary defense against malicious actors is performing offensive security assessments, known as penetration tests (pen-tests), which identify vulnerabilities before they can be exploited.

Alas, this vital practice is severely hampered by a pervasive challenge: a chronic and increasing global shortage of skilled cybersecurity personnel, often referred to as white-hat hackers or pen-testers. My research is focused on tackling this problem by leveraging the power of Large Language Models (LLMs) --- the technology behind modern AI --- to automate security testing with the goal of improving the efficiency and coverage of security checks.

I've started my PhD by investigating how hackers' work to better understand the problems and constraints that they are facing. In 2023, I've started to analyze the potential of using LLMs for automating hacking work, with empirical prototypes in Linux and Windows Enterprise networks. Now that I've seen that LLMs are capable of autonomously performing security tasks, I will both investigate how to improve the consistency and reliability of autonomous LLM-driven pen-testing as well as the application of LLM-techniques to interactively augment professional penetration-testers.

Uni | FH [Universität]

Technische Universität Wien

Themengebiet

Artificial Intelligence
,
Network Security

Zielgruppe

Labore
,
Techniker:innen

Gesamtklassifikation

Dissertation | PhD
,
Proof of Concept

Technologie

AI | KI

Lizenz

MIT
,
CC-BY

Projektergebnisse

Code MIT

HackingBuddyGPT helps security researchers use LLMs to discover new attack vectors and save the world (or earn bug bounties) in 50 lines of code or less. In the long run, we hope to make the world a safer place by empowering security professionals to get more hacking done by using AI. The more testing they can do, the safer all of us will get.

https://github.com/ipa-lab/hackingBuddyGPT
hackingBuddyGPT
Code MIT

Cochise: Can LLMs Hack Enterprise Networks?

Autonomous Assumed Breach Penetration-Testing Active Directory Networks. So basically, I use LLMs to hack Microsoft Active Directory networks.. what could possibly go wrong?

This is a prototype that I wrote to evaluate the capabilities of LLMs for performing Assumed Breach penetration-testing against Active Directory networks. I am using the GOAD testbed to provide my target environment, place a Kali Linux VM into the testbed, and then direct my Prototype cochise to hack it.

https://github.com/andreashappe/cochise/
Cochise: Hack AD Networks

Blogbeiträge

Netidee Blog Bild
Why did I start my research into using LLMs for Offensive Security (Pen-Testing/Hacking)?

( )
LLM Agents for Offensive Security: Why?

Ähnliche Stipendien

Advancing Privacy in Federated Learning

group of IoT devices
Research into the security of IoT devices and analysis of their vulnerabilities in order to better understand the “Internet of Insecure Things” and make it more secure.

Analyzing and Understanding the Internet of Insecure Things

Stiftbild

Intellectual Property Protection in Open Data Sharing

Dynamic analysis of mobile apps
Large-scale mobile app analysis to find security and privacy issues

Hidden Dangers: Uncovering Security and Privacy Risks through Large-scale Mobile App Analysis

Stiftbild
The project develops hardware for post-quantum cryptography to ensure secure key establishment, and also investigates homomorphic encryption for enabling privacy-preserving computation in the future.

Hardware Design for Post-Quantum Cryptography and Homomorphic Encryption