{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,25]],"date-time":"2026-03-25T01:39:07Z","timestamp":1774402747795,"version":"3.50.1"},"publisher-location":"Cham","reference-count":29,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032027245","type":"print"},{"value":"9783032027252","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T00:00:00Z","timestamp":1759276800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T00:00:00Z","timestamp":1759276800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-02725-2_5","type":"book-chapter","created":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T00:35:56Z","timestamp":1759278956000},"page":"55-65","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Penetration Testing with\u00a0AI: Case Studies on\u00a0LLM and\u00a0RL-Based Attack Agents"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-1365-0208","authenticated-orcid":false,"given":"Rui","family":"Fernandes","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8897-5061","authenticated-orcid":false,"given":"Nuno","family":"Lopes","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7596-9735","authenticated-orcid":false,"given":"Paulo","family":"Teixeira","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2219-1816","authenticated-orcid":false,"given":"Joaquim","family":"Gon\u00e7alves","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,10,1]]},"reference":[{"key":"5_CR1","unstructured":"Al-Sinani, H.S., Mitchell, C.J.: Pentest++: Elevating ethical hacking with AI and automation (2025). https:\/\/arxiv.org\/abs\/2502.09484"},{"key":"5_CR2","doi-asserted-by":"publisher","unstructured":"Almazrouei, O.S.M.B.H., Magalingam, P., Hasan, M.K., Shanmugam, M.: A review on attack graph analysis for IOT vulnerability assessment: challenges, open issues, and future directions. IEEE Access 11, 44350\u201344376 (2023). https:\/\/doi.org\/10.1109\/ACCESS.2023.3272053","DOI":"10.1109\/ACCESS.2023.3272053"},{"key":"5_CR3","unstructured":"Baillie, C., Standen, M., Schwartz, J., Docking, M., Bowman, D., Kim, J.: Cyborg: an autonomous cyber operations research gym. arXiv preprint arXiv:2002.10667 (2020)"},{"key":"5_CR4","doi-asserted-by":"publisher","unstructured":"Casola, V., De\u00a0Benedictis, A., Rak, M., Villano, U.: Towards automated penetration testing for cloud applications. In: 2018 IEEE 27th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), pp. 24\u201329 (2018). https:\/\/doi.org\/10.1109\/WETICE.2018.00012","DOI":"10.1109\/WETICE.2018.00012"},{"key":"5_CR5","doi-asserted-by":"publisher","unstructured":"Culot, G., Fattori, F., Podrecca, M., Sartor, M.: Addressing industry 4.0 cybersecurity challenges. IEEE Eng. Manag. Rev. 47(3), 79\u201386 (2019). https:\/\/doi.org\/10.1109\/EMR.2019.2927559","DOI":"10.1109\/EMR.2019.2927559"},{"key":"5_CR6","unstructured":"for Cybersecurity\u00a0(ENISA), E.U.A.: 2024 report on the state of the cybersecurity in the union (2024), https:\/\/www.enisa.europa.eu\/publications\/2024-report-on-the-state-of-the-cybersecurity-in-the-union. Accessed 22 Mar 2025"},{"key":"5_CR7","unstructured":"Devlin, J., Chang, M.W., Lee, K., Toutanova, K.: BERT: pre-training of deep bidirectional transformers for language understanding (2019). https:\/\/arxiv.org\/abs\/1810.04805"},{"key":"5_CR8","volume-title":"Cybersecurity-Attack and Defense Strategies: Infrastructure Security with Red Team and Blue Team Tactics","author":"Y Diogenes","year":"2018","unstructured":"Diogenes, Y., Ozkaya, E.: Cybersecurity-Attack and Defense Strategies: Infrastructure Security with Red Team and Blue Team Tactics. Packt Publishing Ltd, Birmingham (2018)"},{"key":"5_CR9","doi-asserted-by":"publisher","unstructured":"Fernandes, R., Lopes, N., Gon\u00e7alves, J., Cosgrove, J.: Comparing traditional hacking tools and AI-driven alternatives. In: 2025 13th International Symposium on Digital Forensics and Security (ISDFS), pp.\u00a01\u20135 (2025). https:\/\/doi.org\/10.1109\/ISDFS65363.2025.11012027","DOI":"10.1109\/ISDFS65363.2025.11012027"},{"key":"5_CR10","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1007\/s10844-022-00738-0","volume":"60","author":"M Ghanem","year":"2023","unstructured":"Ghanem, M., Chen, T., Nepomuceno, E.: Hierarchical reinforcement learning for efficient and effective automated penetration testing of large networks. J. Intell. Inf. Syst. 60, 281\u2013303 (2023). https:\/\/doi.org\/10.1007\/s10844-022-00738-0","journal-title":"J. Intell. Inf. Syst."},{"key":"5_CR11","doi-asserted-by":"crossref","unstructured":"Janisch, J., Pevn\u00fd, T., Lis\u00fd, V.: Nasimemu: Network attack simulator & emulator for training agents generalizing to novel scenarios (2023). https:\/\/arxiv.org\/abs\/2305.17246","DOI":"10.1007\/978-3-031-54129-2_35"},{"key":"5_CR12","doi-asserted-by":"crossref","unstructured":"Kaur, R., Gabrijel\u010di\u010d, D., Klobu\u010dar, T.: Artificial intelligence for cybersecurity: literature review and future research directions. Inf. Fusion 97, 101804 (2023)","DOI":"10.1016\/j.inffus.2023.101804"},{"key":"5_CR13","doi-asserted-by":"publisher","unstructured":"Lezzi, M., Lazoi, M., Corallo, A.: Cybersecurity for industry 4.0 in the current literature: a reference framework. Comput. Ind. 103, 97\u2013110 (2018). https:\/\/doi.org\/10.1016\/j.compind.2018.09.004. https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0166361518303658","DOI":"10.1016\/j.compind.2018.09.004"},{"key":"5_CR14","unstructured":"Manoharan, A., Sarker, M.: Revolutionizing cybersecurity: Unleashing the power of artificial intelligence and machine learning for next- generation threat detection. Int. Res. J. Modernization Eng. Technol. Sci. 4, 2151\u20132164 (12 2022)"},{"key":"5_CR15","doi-asserted-by":"publisher","unstructured":"Mo, K., Ye, P., Ren, X., Wang, S., Li, W., Li, J.: Security and privacy issues in deep reinforcement learning: Threats and countermeasures. ACM Comput. Surv. 56(6) (2024). https:\/\/doi.org\/10.1145\/3640312","DOI":"10.1145\/3640312"},{"key":"5_CR16","unstructured":"Motlagh, F.N., Hajizadeh, M., Majd, M., Najafi, P., Cheng, F., Meinel, C.: Large language models in cybersecurity: State-of-the-art (2024). https:\/\/arxiv.org\/abs\/2402.00891"},{"key":"5_CR17","unstructured":"Muzsai, L., Imolai, D., Luk\u00e1cs, A.: Hacksynth: LLM agent and evaluation framework for autonomous penetration testing (2024). https:\/\/arxiv.org\/abs\/2412.01778"},{"key":"5_CR18","unstructured":"Muzsai, L., Imolai, D., Luk\u00e1cs, A.: Hacksynth: LLM agent and evaluation framework for autonomous penetration testing (2024). https:\/\/arxiv.org\/abs\/2412.01778"},{"key":"5_CR19","unstructured":"Nakatani, S.: Rapidpen: Fully automated IP-to-shell penetration testing with LLM-based agents (2025). https:\/\/arxiv.org\/abs\/2502.16730"},{"key":"5_CR20","doi-asserted-by":"publisher","unstructured":"Oesch, S., et al.: Towards a high fidelity training environment for autonomous cyber defense agents. In: Proceedings of the 17th Cyber Security Experimentation and Test Workshop, CSET 2024, pp. 91\u201399. Association for Computing Machinery, New York (2024). https:\/\/doi.org\/10.1145\/3675741.3675752","DOI":"10.1145\/3675741.3675752"},{"key":"5_CR21","unstructured":"OpenAI: Gpt-4 technical report (2024). https:\/\/arxiv.org\/abs\/2303.08774"},{"key":"5_CR22","doi-asserted-by":"publisher","unstructured":"Ozkan-Okay, M., et al.: A comprehensive survey: evaluating the efficiency of artificial intelligence and machine learning techniques on cyber security solutions. IEEE Access 12, 12229\u201312256 (2024). https:\/\/doi.org\/10.1109\/ACCESS.2024.3355547","DOI":"10.1109\/ACCESS.2024.3355547"},{"key":"5_CR23","doi-asserted-by":"publisher","unstructured":"Pillai, S.E.V.S., Poddar, S.S., Nagendar, Y., Kumar\u00a0Pareek, P., Zanke, P.: Automated cybersecurity attack detection using prairie dog optimization and multilayer perceptron in healthcare system. In: 2024 Third International Conference on Distributed Computing and Electrical Circuits and Electronics (ICDCECE), pp.\u00a01\u20136 (2024). https:\/\/doi.org\/10.1109\/ICDCECE60827.2024.10549746","DOI":"10.1109\/ICDCECE60827.2024.10549746"},{"key":"5_CR24","unstructured":"Schwartz, J., Kurniawati, H.: Autonomous penetration testing using reinforcement learning (2019). https:\/\/arxiv.org\/abs\/1905.05965"},{"key":"5_CR25","unstructured":"Shen, X., et al.: Pentestagent: Incorporating LLM agents to automated penetration testing (2024). https:\/\/arxiv.org\/abs\/2411.05185"},{"key":"5_CR26","unstructured":"Touvron, H., et al.: Llama: open and efficient foundation language models (2023). https:\/\/arxiv.org\/abs\/2302.13971"},{"key":"5_CR27","unstructured":"Xu, H., et al.: Large language models for cyber security: a systematic literature review (2024). https:\/\/arxiv.org\/abs\/2405.04760"},{"key":"5_CR28","unstructured":"Xu, J., et al.: Autoattacker: a large language model guided system to implement automatic cyber-attacks (2024). https:\/\/arxiv.org\/abs\/2403.01038"},{"key":"5_CR29","doi-asserted-by":"crossref","unstructured":"Zhang, J., et al.: When LLMs meet cybersecurity: a systematic literature review. Cybersecurity 8(1), 55 (2025)","DOI":"10.1186\/s42400-025-00361-w"}],"container-title":["Lecture Notes in Computer Science","Advances in Computational Intelligence"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-02725-2_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T00:36:06Z","timestamp":1759278966000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-02725-2_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,1]]},"ISBN":["9783032027245","9783032027252"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-02725-2_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,1]]},"assertion":[{"value":"1 October 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"The authors have no competing interests to declare that are relevant to the content of this article.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Disclosure of Interests"}},{"value":"IWANN","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Work-Conference on Artificial Neural Networks","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"A Coru\u00f1a","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Spain","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 June 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 June 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iwann2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/iwann.uma.es\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}