In the rapidly evolving landscape of cyber defence, the ability to simulate realistic attack scenarios is crucial for training and preparedness. A new system called AEGIS is poised to revolutionise this process by automating the generation of attack paths, significantly reducing the time and effort required by experts. Developed by researchers Ivan K. Tung, Yu Xiang Shi, Alex Chien, Wenkai Liu, and Lawrence Zheng, AEGIS leverages large language models (LLMs), white-box access, and Monte Carlo Tree Search to dynamically discover and validate exploit chains without relying on pre-existing vulnerability graphs.
Traditional methods of creating attack paths for cyber defence exercises are labour-intensive and time-consuming, often requiring curated vulnerability graphs or exploit sets. AEGIS addresses these limitations by using LLMs to dynamically identify potential exploits during the exercise, making the process more flexible and adaptable. The system’s white-box access allows it to validate exploits in isolation before committing to an attack path, ensuring that only viable exploits are used. This approach not only enhances the realism of the training scenarios but also shifts the focus of expert effort from technical validation to strategic scenario design.
The effectiveness of AEGIS was demonstrated at CIDeX 2025, a large-scale cyber defence exercise involving 46 IT hosts. The attack paths generated by AEGIS were evaluated across four key dimensions of training experience: perceived learning, engagement, believability, and challenge. The results showed that AEGIS-generated paths were comparable to those created by human experts. This evaluation was conducted using a validated questionnaire, which is also extensible to other simulation-based training scenarios.
By automating the discovery and validation of exploit chains, AEGIS drastically reduces the time required to develop training scenarios from months to days. This innovation allows cyber defence experts to focus more on designing effective training scenarios rather than getting bogged down in technical details. The system’s ability to dynamically adapt to new information and validate exploits in real-time makes it a valuable tool for enhancing the readiness of cyber defence teams.
The implications of AEGIS extend beyond just efficiency gains. The system’s ability to generate realistic and engaging training scenarios can significantly improve the quality of cyber defence exercises. By providing a more dynamic and adaptable training environment, AEGIS helps ensure that cyber defence teams are better prepared to face real-world threats. As cyber attacks become more sophisticated, tools like AEGIS will be essential in maintaining the readiness and effectiveness of defence strategies.
In conclusion, AEGIS represents a significant advancement in the field of cyber defence training. Its innovative use of LLMs, white-box access, and Monte Carlo Tree Search offers a more efficient and effective way to generate attack paths for training exercises. The successful evaluation of AEGIS at CIDeX 2025 highlights its potential to transform cyber defence training, making it a crucial tool for enhancing the preparedness of cyber defence teams in the face of evolving threats. Read the original research paper here.