This project develops reinforcement learning methods for autonomous penetration testing. The central question is how a learning agent can make useful security decisions when the network state is partially observed, the action space is structured, and the environment changes across scenarios.
Recent work focuses on generalization and behavior diversity. SetTron studies representation learning for better transfer across penetration testing environments, while the behaviour-diverse automatic penetration testing work uses coverage-driven reinforcement learning to encourage broader exploration.
The long-term aim is to build autonomous cyber agents that are not only effective in one benchmark environment, but robust enough to assist real security assessment workflows.