A New Framework for Cybersecurity Refusals in AI Agents

Agentic scaffolds have dramatically improved LLM performance on complex, long-horizon tasks, yielding both broad benefits and amplified risks in domains like cybersecurity. Existing benchmarks for AI agents in cybersecurity focus mainly on measuring proficiency--how effectively agents can complet...

Cybersecurity AI (CAI) Dataset

We present CAI Dataset, a fourteen-month corpus of cybersecurity LLM trajectories collected through the open-source CAI agent framework, built in response to PentestGPT's finding that expert operator trajectories, not base-model capability, are the bottleneck for cybersecurity LLM performance. CA...

Detecting Offensive Cyber Agents: A Detection-In-Depth Approach

Artificial Intelligence AI agents can now orchestrate cyberattacks. This development is already increasing the speed and scale of cyber attacks, decreasing attack costs, and improving the operational autonomy of cyber capabilities. To defend against these emerging threats, actors must first devel...

offensive-claude

Offensive Security Research Config for Claude Code A comprehe...

portofolio_DWForSec

DwF — Cybersecurity Portfolio A professional cybersecurity po...

web-app-pentest-playbook

Web Application Pentest Playbook A structured methodology and...

01-Pentesting-and-Offensive-Security

No d...

Introducing Penetration Test Findings: Unified Offensive Security in Wiz

Streamline pen-testing by unifying findings from bug bounties, manual audits, and Wiz Red Agent into a single, context-rich view...

offensive-Sqli

No d...

The Industrialization of Exploitation: Why Defensive AI Must Outpace Offensive AI

Today, vulnerabilities can be discovered, connected, and operationalized at a speed that traditional security processes were never designed to match. Learn more...

Automation-Exploit: A Multi-Agent LLM Framework for Adaptive Offensive Security with Digital Twin-Based Risk-Mitigated Exploitation

The offensive security landscape is highly fragmented: enterprise platforms avoid memory-corruption vulnerabilities due to Denial of Service DoS risks, Automatic Exploit Generation AEG systems suffer from semantic blindness, and Large Language Model LLM agents face safety alignment filters and...

ctf-writeups

ctf-writeups Retos de HTB, TryHackMe y DFIR — documentado...

vantix

Vantix Vantix is a Codex-native offensive-security control pl...

Decepticon

⚡ Decepticon — Autonomous Multi-Agent Offensive Security !L...

redhound-arsenal

Red Hound Arsenal Agent-consumable security skill library for...

Is “Hackback” Official US Cybersecurity Strategy?

The 2026 US "Cyber Strategy for America" document is mostly the same thing we've seen out of the White House for over a decade, but with a more aggressive tone. But one sentence stood out: "We will unleash the private sector by creating incentives to identify and disrupt adversary networks and...

Wa3r-OffSec-Kit

🔐 Wa3r-OffSec-Kit - Practical Security Tools and Notes !Dow...

cyberops-security-suite

CyberOps Security Suite A comprehensive cybersecurity operati...

PT-2026-25586

Summary Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated report. This allowed JavaScript...

Offensive-Security-KnowledgeBase

Offensive-Security-KnowledgeBase Str...