Practical Automation of Penetration Testing with Agentic AI
DAY 1
11:40-
12:20
Existing LLM-based penetration testing research has achieved some success by designing multi-agent systems that combine autonomous thinking and behavior. However, most of this research has been limited to testing in virtual lab environments, and quantitative evaluation of their application to real-world environments and the automation of all phases from reconnaissance to report generation is insufficient.
This research aims to achieve practical-level penetration testing automation, including reconnaissance, vulnerability analysis, exploitation, and report generation. Based on findings gained from last year’s collaborative research with the Takagi Laboratory at Meiji University (arXiv:2502.15506v1), we developed a multi-agent system using modern Agent AI. For the evaluation system, we collaborated with penetration testers with extensive field experience to create a practical environment.
This presentation will present the latest trends in AI-based penetration testing automation and the specific benefits of its implementation. First, we will outline the research trends since 2023, when LLM was introduced, and in the main part, we will report on a performance evaluation of the constructed system compared with conventional tools and manual diagnosis. In addition to HackTheBox, the evaluation will use an environment simulating a real-world situation to quantitatively compare the degree of reproducibility, coverage, and efficiency. The presentation will also touch on the potential for automation using local LLM.
Through this presentation, participants will gain a deeper understanding of the benefits and challenges of introducing AI agents and gain concrete guidelines for applying them to their own company’s security assessments.
-
Location :
-
Track 1(HALL B)
-
-
Category :
-
Technical
-
-
Share :
Speakers
-
Hiroaki Toyota
豊⽥ 宏明
Hiroaki Toyoda is a member of the AI Technology Department at LAC Corporation, where he is engaged in research and development for AI automation and ensuring the safety of AI systems in the field of cybersecurity. He previously worked on the research and development of machine learning and deep learning algorithms at an AI startup, and has extensive knowledge of how AI works. He actively participates in CTFs and community events to hone his practical security skills.