| Abstract | Modern enterprise networks are continuously expanding in both scale and complexity. Alongside this, cyber threats have become more dangerous and dynamic. Consequently, automating cyber tasks by creating AI agents is essential for effectively countering these evolving threats. Reinforcement learning (RL) and Deep Learning (DL) models have shown promise in this area, but suffer from a high false-positive rate, slow convergence, and a lack of context-aware strategies. Incorporation of cyber domain knowledge (threat reports, attack behavior descriptions, LLMs trained on cyber data, etc.) might enable these agents to make informed decisions. In this work, we propose a novel multiagent architecture to enhance RL-based autonomous agents using a hierarchy of large language models (LLMs). Our proposed approach enables real-time adaptation to new attack patterns, potentially without retraining the LLMs. We discuss the use of prompt engineering (to encode organizational policies and shape agent behavior) and retrieval augmented generation to facilitate communication between LLMs and ensure actions are aligned with organizational policies. Our approach aims to bridge semantic understanding with strategic RL-agentic control, offering a scalable and modular solution for autonomous multiagent cyber defense. |
|---|
