❌

Normal view

Received yesterday β€” 10 July 2026 ⏭ /r/netsec - Information Security News & Discussion

Can AI-generated adversaries break TTP-based attribution? (arXiv 2026)

Cyber Threat Intelligence (CTI) has traditionally attributed attacks through Tactics, Techniques and Procedures (TTPs).

In this paper we evaluate whether that assumption still holds when AI agents are explicitly configured to emulate known threat groups.

We configured AI agents to reproduce the behavior of APT28, APT29, APT41, APT44 and Lazarus inside enterprise and military cyber ranges.

Our results suggest that sufficiently capable AI agents can reproduce TTP patterns closely enough to make attribution based solely on behavioral evidence significantly more difficult.

We'd be interested in feedback from practitioners working on CTI, attribution or adversary emulation.

submitted by /u/Obvious-Language4462
[link] [comments]

Towards CSI: What's the best harness? (arXiv 2026)

We studied a question that receives surprisingly little attention:

Does the agent harness matter as much as the underlying LLM?

We benchmarked five different cybersecurity scaffolds while keeping the model fixed (alias2-mini) across all 33 CyBench challenges.

Key findings:

  • No single scaffold performs best across every challenge.
  • Combining heterogeneous scaffolds consistently improves coverage.
  • A shared blackboard architecture solves 19/33 challenges (57.6%), outperforming every individual harness while reducing execution time.

Paper: https://arxiv.org/pdf/2605.28334

Happy to answer technical questions or discuss the benchmarking methodology.

submitted by /u/Obvious-Language4462
[link] [comments]
❌