Pioneering Autonomous Penetration Testing with Large Language Models through Prompt Engineering and Agentic System Design
Loading...
Authors
Antar, Siam Shibly
Date
2025-01-31
Type
thesis
Language
eng
Keyword
Penetration Testing , Cybersecurity
Alternative Title
Abstract
Autonomous Cyber Operations(ACO) aims to solve the ongoing cyber defense challenges caused by the prevalent cybersecurity talent shortage. Designing structured prompts with agentic systems can effectively direct Large Language Models(LLMs) behavior to navigate the attack through complex, multiphase operations without human oversight, leading to a fully autonomous cyber penetration testing and continuous cybersecurity posture monitoring.
Current approaches to automated cyber-attacks lack the flexibility and adaptability to navigate the complex attack phases. Research in ACO has explored Artificial Intelligence(AI)-driven solutions, but integration of LLMs and prompt engineering strategies into these systems do not exist to date. This thesis introduces a novel phase-driven prompting methodology, called PromptPilot, paired with techniques such as Chain of Thought(CoT), Tree of Thought(ToT), and ReAct, to guide LLMs through the Cyber Kill Chain. Real-time trials in the simulated environment Emulated Cybernetic Hostile Operations(E.C.H.O) confirmed the viability of these prompt-driven autonomous penetration testing through exploitation. These results highlight that this emerging approach is viable, efficient, and precise in task execution across the attack phases, toward developing ACO agents. This research establishes the first framework for AI-driven autonomous penetration testing, emphasizing prompt and agentic system design as a cornerstone in advancing automated offensive and defensive cybersecurity capabilities.
Description
Citation
Publisher
License
Queen's University's Thesis/Dissertation Non-Exclusive License for Deposit to QSpace and Library and Archives Canada
ProQuest PhD and Master's Theses International Dissemination Agreement
Intellectual Property Guidelines at Queen's University
Copying and Preserving Your Thesis
This publication is made available by the authority of the copyright owner solely for the purpose of private study and research and may not be copied or reproduced except as permitted by the copyright laws without written authority from the copyright owner.
Attribution 4.0 International
ProQuest PhD and Master's Theses International Dissemination Agreement
Intellectual Property Guidelines at Queen's University
Copying and Preserving Your Thesis
This publication is made available by the authority of the copyright owner solely for the purpose of private study and research and may not be copied or reproduced except as permitted by the copyright laws without written authority from the copyright owner.
Attribution 4.0 International