|国家预印本平台
首页|Towards Effective Offensive Security LLM Agents: Hyperparameter Tuning, LLM as a Judge, and a Lightweight CTF Benchmark

Towards Effective Offensive Security LLM Agents: Hyperparameter Tuning, LLM as a Judge, and a Lightweight CTF Benchmark

Towards Effective Offensive Security LLM Agents: Hyperparameter Tuning, LLM as a Judge, and a Lightweight CTF Benchmark

来源:Arxiv_logoArxiv
英文摘要

Recent advances in LLM agentic systems have improved the automation of offensive security tasks, particularly for Capture the Flag (CTF) challenges. We systematically investigate the key factors that drive agent success and provide a detailed recipe for building effective LLM-based offensive security agents. First, we present CTFJudge, a framework leveraging LLM as a judge to analyze agent trajectories and provide granular evaluation across CTF solving steps. Second, we propose a novel metric, CTF Competency Index (CCI) for partial correctness, revealing how closely agent solutions align with human-crafted gold standards. Third, we examine how LLM hyperparameters, namely temperature, top-p, and maximum token length, influence agent performance and automated cybersecurity task planning. For rapid evaluation, we present CTFTiny, a curated benchmark of 50 representative CTF challenges across binary exploitation, web, reverse engineering, forensics, and cryptography. Our findings identify optimal multi-agent coordination settings and lay the groundwork for future LLM agent research in cybersecurity. We make CTFTiny open source to public https://github.com/NYU-LLM-CTF/CTFTiny along with CTFJudge on https://github.com/NYU-LLM-CTF/CTFJudge.

Minghao Shao、Nanda Rani、Kimberly Milner、Haoran Xi、Meet Udeshi、Saksham Aggarwal、Venkata Sai Charan Putrevu、Sandeep Kumar Shukla、Prashanth Krishnamurthy、Farshad Khorrami、Ramesh Karri、Muhammad Shafique

计算技术、计算机技术自动化技术、自动化技术设备

Minghao Shao,Nanda Rani,Kimberly Milner,Haoran Xi,Meet Udeshi,Saksham Aggarwal,Venkata Sai Charan Putrevu,Sandeep Kumar Shukla,Prashanth Krishnamurthy,Farshad Khorrami,Ramesh Karri,Muhammad Shafique.Towards Effective Offensive Security LLM Agents: Hyperparameter Tuning, LLM as a Judge, and a Lightweight CTF Benchmark[EB/OL].(2025-08-05)[2025-08-24].https://arxiv.org/abs/2508.05674.点此复制

评论