en.Wedoany.com Reported - A research team from the Chinese Academy of Sciences has proposed the concept of a "Cybersecurity AI Scientist" and designed a modular multi-agent system named Hephaestus, aiming to automate the entire workflow of cybersecurity research. In a recently published paper, the team described this research system capable of autonomously completing tasks from problem formulation to experiment design, tool construction, controlled execution, evaluation, and generating written results.
Autonomous AI agents have already begun performing real security tasks, such as probing software vulnerabilities, running penetration tests, and chaining attack steps. However, cybersecurity research progresses slowly and is highly labor-intensive, constrained by expert scarcity and manually designed experiments. The team aims to bridge this gap.

Hephaestus is a modular multi-agent system comprising specialized role-customized agents responsible for problem framework construction, threat modeling, tool generation, and reporting. Its name is derived from the god of craftsmanship in Homeric epics who forged spears and shields, symbolizing the system's aim to produce both offensive and defensive work.
The authors argue that existing automated research systems, such as the AI Scientist and its subsequent versions for machine learning, as well as "Co-Scientist" and "Robin" for biology and biomedicine, cannot be directly transferred to cybersecurity. This is because the research objects in cybersecurity adaptively change when studied, model platforms, guardrails, and tool access update faster than a single research cycle, and trust relies on methods such as digital twins, cyber ranges, and chains of evidence.
The team proposed a "four-zeros frame," clarifying four types of failures the system should focus on: risk, trust, incident, and energy. Risk refers to hidden defects in software; trust refers to the need for auxiliary behaviors to remain calibrated, ensuring human operators maintain control; incident refers to operational errors and testing environment requirements; energy refers to long-term accumulated organizational and ethical consequences. The system must study and reduce each type of failure.
On the risk axis, the paper mentions the capability leap of frontier models. For example, Anthropic's Claude Mythos preview (part of Project Glasswing) had restricted public access due to excessive cyberattack capabilities, available only through a strictly audited partner program; reports indicate the model has been used to discover vulnerabilities in widely used software on a large scale, including some long-standing defects. The benchmark CyberGym cited in the paper tests agents against over a thousand real-world vulnerabilities (from numerous open-source projects), with frontier models achieving single-attempt success rates in the tens of percent range and autonomously discovering novel zero-day vulnerabilities.
The paper also introduces the concept of "resilient agent legions," overturning traditional defense models. It envisions a large number of redundant defensive agents scattered across the network edge, monitoring layers, coordinating channels, and recovery tasks, with each agent carrying an "incident and defense capsule"—a compact bundle linking a class of security incidents with their response routines. Traditional endpoint security concepts thus transform into agent security, where the task becomes managing agent populations, relying on collective behavior for protection.
Co-author Lidong Zhai elaborated on the evaluation method for the system. He views long-term benchmarking as a longitudinal protocol, fixing targets while perturbing the model stack, tools, guardrails, and threat environment over time. The output is a profiling matrix reporting research output, evidence quality, calibration burden, robustness to model and tool turnover, governance compliance, and consequence handling. He emphasized that benchmarking should be consequence-weighted, with highly transmissible, high-loss events receiving higher weights, as prioritization itself is part of scientific capability.
Zhai stated that containment mechanisms control at four levels: capability, role, environment, and artifact. Offensive exploration, defensive analysis, evaluation, and publication decisions follow independent authorization paths, with sensitive work isolated in separate digital twins and cyber ranges. The paper has not yet constructed a complete system, facing open challenges such as heterogeneous defense targets and difficulty distinguishing offensive from defensive uses at the code level. Zhai believes the ultimate criterion for a cybersecurity AI scientist lies not only in accelerating research but also in enhancing strategic composure, more precise prioritization, and more enduring defense design.










