Closing the Sim-To-Real Gap: An Evaluation Framework for Autonomous Cyber Defense Configuration of Commercial EDR

Leading commercial endpoint detection and response EDR products have shifted from operator-configured rule sets to multi-component systems where autonomous AI components operate alongside, and increasingly in place of, operator-deployed policies. Autonomous defense agents using commercial EDR as...

Stable Agentic Control: Tool-Mediated LLM Architecture for Autonomous Cyber Defense

Agentic systems involved in high-stake decision-making under adversarial pressure need formal guarantees not offered by existing approaches. Motivated by the operational needs of security operations centers SOCs that must configure endpoint detection and response EDR policies under adversarial...

The agentic SOC—Rethinking SecOps for the next decade

Every major shift in cyberattacker behavior over the past decade has followed a meaningful shift in how defenders operate. When security operation centers SOCs deployed endpoint detection and response EDR—and later extended detection and response XDR—security teams raised the bar, pushing...

Explainable Autonomous Cyber Defense Using Adversarial Multi-Agent Reinforcement Learning

Autonomous agents are increasingly deployed in both offensive and defensive cyber operations, creating high-speed, closed-loop interactions in critical infrastructure environments. Advanced Persistent Threat APT actors exploit "Living off the Land" techniques and targeted telemetry perturbations ...

Scaling security operations with Microsoft Defender autonomous defense and expert-led services

Today’s security leaders are operating in an environment of truncated cyberattack timelines with aging defenses built for slower, linear cyberthreats that can no longer keep pace with advanced cyberthreats. AI-powered threat actors now use social engineering and malware that adapt in real time,...

Autonomous Threat Detection and Response in Cloud Security: A Comprehensive Survey of AI-Driven Strategies

Cloud computing has changed online communities in three dimensions, which are scalability, adaptability and reduced overhead. But there are serious security concerns which are brought about by its distributed and multi-tenant characteristics. The old methods of detecting and reacting to threats...

Web Technologies Security in the AI Era: A Survey of CDN-Enhanced Defenses

The modern web stack, which is dominated by browser-based applications and API-first backends, now operates under an adversarial equilibrium where automated, AI-assisted attacks evolve continuously. Content Delivery Networks CDNs and edge computing place programmable defenses closest to users and...

IRSDA: An Agent-Orchestrated Framework for Enterprise Intrusion Response

Modern enterprise systems face escalating cyber threats that are increasingly dynamic, distributed, and multi-stage in nature. Traditional intrusion detection and response systems often rely on static rules and manual workflows, which limit their ability to respond with the speed and precision...