{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,3]],"date-time":"2026-04-03T11:01:52Z","timestamp":1775214112922,"version":"3.50.1"},"reference-count":52,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2026,4,3]],"date-time":"2026-04-03T00:00:00Z","timestamp":1775174400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2026,4,3]],"date-time":"2026-04-03T00:00:00Z","timestamp":1775174400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100001790","name":"Central Queensland University","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100001790","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Supercomput"],"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>Manual penetration testing is increasingly inadequate against rapidly evolving cyber threats, as it is time-consuming, difficult to scale, and heavily reliant on human expertise. Whilst Artificial Intelligence (AI), particularly Large Language Models (LLMs), offers automation potential, current tools suffer from poor reasoning, limited context retention, low scalability, and safety and misuse concerns. This paper introduces AutoSecAgent, an AI-powered platform designed to address these limitations. Built on the adaptive Agent Zero orchestration framework and powered by the cybersecurity-focused DeepSeek LLM, AutoSecAgent supports semi-automated end-to-end penetration testing under human oversight, covering vulnerability discovery, exploitation, and reporting with remediation guidance for follow-up. It features recursive memory embedding to maintain context across complex multi-step attack chains, supporting strategic planning and situational awareness. Additionally, real-time Retrieval-Augmented Generation (RAG) allows AutoSecAgent to source up-to-date vulnerability data from repositories such as NVD and CVE, ensuring attack strategies incorporate current information. Its modular, agent-based architecture supports scalability across diverse network environments and integrates with tools such as Metasploit and Nmap. To avoid scattered claims across multiple design elements, this study focuses its core contributions on two tightly coupled points: (i) a memory-centric orchestration mechanism (Recursive Memory Embedding, RME) with an explicit operationalisation of context-loss errors for penetration testing trajectories and (ii) a reproducible, tool-grounded, semi-automated workflow that combines RME with real-time retrieval and a bounded online optimisation loop under human oversight. Multi-agent decomposition and DeepSeek domain tuning are treated as supporting design choices that enable these two contributions rather than separate innovations. Experimental results indicate that this design improves end-to-end performance over representative LLM-based baselines across vulnerability detection, exploitation, multi-step attack completion, and scalability in controlled evaluation settings. The empirical study is positioned as a proof-of-concept validation in controlled and semi-realistic settings. Broader operational generalisation and comparison against additional non-LLM baseline classes (e.g. scanner-only pipelines) are treated as future work.<\/jats:p>","DOI":"10.1007\/s11227-026-08439-z","type":"journal-article","created":{"date-parts":[[2026,4,3]],"date-time":"2026-04-03T10:33:49Z","timestamp":1775212429000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Autosecagent: a semi-automated AI-driven penetration testing framework through recursive memory and real-time RAG"],"prefix":"10.1007","volume":"82","author":[{"given":"Abdallah","family":"Al-Sabbagh","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Eddy","family":"Abdo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Khouloud","family":"Samrouth","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ahmad A. A.","family":"Alkhatib","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9904-7551","authenticated-orcid":false,"given":"Mahmoud","family":"Elkhodr","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,4,3]]},"reference":[{"key":"8439_CR1","doi-asserted-by":"publisher","unstructured":"Malatji M (2023) Management of enterprise cyber security: a review of iso\/iec 27001:2022. In: 2023 International Conference On Cyber Management And Engineering (CyMaEn), pp. 117\u2013 122 . https:\/\/doi.org\/10.1109\/CyMaEn57228.2023.10051114","DOI":"10.1109\/CyMaEn57228.2023.10051114"},{"key":"8439_CR2","doi-asserted-by":"publisher","unstructured":"Shanley A, Johnstone MN (2015) Selection of penetration testing methodologies: a comparison and evaluation. In: 13th Australian Information Security Management Conference. SRI Security Research Institute, Edith Cowan University Joondalup Campus, Perth, Western Australia . https:\/\/doi.org\/10.4225\/75\/57b69c4ed938d","DOI":"10.4225\/75\/57b69c4ed938d"},{"key":"8439_CR3","unstructured":"Hassanin M, Moustafa NA (2024) Comprehensive overview of large language models (LLMs) for cyber defences: opportunities and directions. arxiv:2405.14487"},{"key":"8439_CR4","doi-asserted-by":"publisher","unstructured":"Akuthota V, Kasula R, Sumona ST, Mohiuddin M, Reza MT, Rahman MM (2023) Vulnerability detection and monitoring using llm. In: 2023 IEEE 9th International Women in Engineering (WIE) Conference on Electrical and Computer Engineering (WIECON-ECE), pp. 309\u2013 314. https:\/\/doi.org\/10.1109\/WIECON-ECE60392.2023.10456393","DOI":"10.1109\/WIECON-ECE60392.2023.10456393"},{"key":"8439_CR5","unstructured":"Laney SP (2024) Llm-directed agent models in cyberspace. PhD thesis, Massachusetts Institute of Technology"},{"key":"8439_CR6","unstructured":"Vaswani A (2017) Attention is all you need. Advances in Neural Information Processing Systems"},{"key":"8439_CR7","doi-asserted-by":"publisher","DOI":"10.3390\/info16020115","author":"A Al-Sabbagh","year":"2025","unstructured":"Al-Sabbagh A, El-Bokhary A, El-Koussa S, Jaber A, Elkhodr M (2025) Enhancing UAV security against GPS spoofing attacks through a genetic algorithm-driven deep learning framework. Information. https:\/\/doi.org\/10.3390\/info16020115","journal-title":"Information"},{"key":"8439_CR8","doi-asserted-by":"crossref","unstructured":"Isozaki I, Shrestha M, Console R, Kim E (2024) Towards automated penetration testing: introducing LLM benchmark, analysis, and improvements . arxiv:2410.17141","DOI":"10.1145\/3708319.3733804"},{"key":"8439_CR9","first-page":"1877","volume":"33","author":"T Brown","year":"2020","unstructured":"Brown T, Mann B, Ryder N, Subbiah M, Kaplan JD, Dhariwal P, Neelakantan A, Shyam P, Sastry G, Askell A et al (2020) Language models are few-shot learners. Adv Neural Inf Process Syst 33:1877\u20131901","journal-title":"Adv Neural Inf Process Syst"},{"key":"8439_CR10","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.iotcps.2025.01.001","volume":"5","author":"MA Ferrag","year":"2025","unstructured":"Ferrag MA, Alwahedi F, Battah A, Cherif B, Mechri A, Tihanyi N, Bisztray T, Debbah M (2025) Generative ai in cybersecurity: a comprehensive review of LLM applications and vulnerabilities. Internet Things Cyber-Phys Syst 5:1\u201346. https:\/\/doi.org\/10.1016\/j.iotcps.2025.01.001","journal-title":"Internet Things Cyber-Phys Syst"},{"issue":"2","key":"8439_CR11","first-page":"14","volume":"14","author":"R Mumtaz","year":"2022","unstructured":"Mumtaz R, Samawi V, Alhroob A, Alzyadat W, Almukahel I (2022) LPDIS: a service layer for privacy and detecting intrusions in cloud computing. Int J Adv Soft Comput Appl IJASCA 14(2):14\u201335","journal-title":"Int J Adv Soft Comput Appl IJASCA"},{"issue":"1","key":"8439_CR12","doi-asserted-by":"publisher","first-page":"103205","DOI":"10.1016\/j.asej.2024.103205","volume":"16","author":"ME Farfoura","year":"2025","unstructured":"Farfoura ME, Mashal I, Alkhatib A, Batyha RM, Rosiyadi D (2025) A novel lightweight machine learning framework for IOT malware classification based on matrix block mean downsampling. Ain Shams Eng J 16(1):103205. https:\/\/doi.org\/10.1016\/j.asej.2024.103205","journal-title":"Ain Shams Eng J"},{"issue":"1","key":"8439_CR13","doi-asserted-by":"publisher","first-page":"13","DOI":"10.24138\/jcomss-2023-0128","volume":"20","author":"S Fayyad","year":"2024","unstructured":"Fayyad S, Alkhatib A, Abdel-Fattah F, Almimi H (2024) A methodology for dynamic security risks assessment in interconnected it systems. J Commun Softw Syst 20(1):13\u201322","journal-title":"J Commun Softw Syst"},{"issue":"1","key":"8439_CR14","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1186\/s42400-025-00361-w","volume":"8","author":"J Zhang","year":"2025","unstructured":"Zhang J, Bu H, Wen H, Liu Y, Fei H, Xi R, Li L, Yang Y, Zhu H, Meng D (2025) When LLMs meet cybersecurity: a systematic literature review. Cybersecurity 8(1):55. https:\/\/doi.org\/10.1186\/s42400-025-00361-w","journal-title":"Cybersecurity"},{"issue":"5","key":"8439_CR15","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3769082","volume":"58","author":"Z Sheng","year":"2025","unstructured":"Sheng Z, Chen Z, Gu S, Huang H, Gu G, Huang J (2025) LLMs in software security: a survey of vulnerability detection techniques and insights. ACM Comput Surv 58(5):1\u201335","journal-title":"ACM Comput Surv"},{"key":"8439_CR16","unstructured":"Phuong M, Aitchison M, Catt E, Cogan S, Kaskasoli A, Krakovna V, Lindner D, Rahtz M, Assael Y, Hodkinson S, Howard H, Lieberum T, Kumar R, Raad MA, Webson A, Ho L, Lin S, Farquhar S, Hutter M, Deletang G, Ruoss A, El-Sayed S, Brown S, Dragan A, Shah R, Dafoe A, Shevlane T (2024) Evaluating Frontier models for dangerous capabilities . arxiv:2403.13793"},{"issue":"3","key":"8439_CR17","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1007\/s10922-024-09831-x","volume":"32","author":"E Karlsen","year":"2024","unstructured":"Karlsen E, Luo X, Zincir-Heywood N, Heywood M (2024) Benchmarking large language models for log analysis, security, and interpretation. J Netw Syst Manage 32(3):59. https:\/\/doi.org\/10.1007\/s10922-024-09831-x","journal-title":"J Netw Syst Manage"},{"key":"8439_CR18","doi-asserted-by":"publisher","unstructured":"Afane K, Wei W, Mao Y, Farooq J, Chen J (2024) Next-generation phishing: how LLM agents empower cyber attackers. In: 2024 IEEE International Conference on Big Data (BigData), pp. 2558\u2013 2567 . https:\/\/doi.org\/10.1109\/BigData62323.2024.10825018","DOI":"10.1109\/BigData62323.2024.10825018"},{"key":"8439_CR19","doi-asserted-by":"publisher","DOI":"10.3390\/electronics13183677","author":"A Al-Sabbagh","year":"2024","unstructured":"Al-Sabbagh A, Hamze K, Khan S, Elkhodr M (2024) An enhanced k-means clustering algorithm for phishing attack detections. Electronics. https:\/\/doi.org\/10.3390\/electronics13183677","journal-title":"Electronics"},{"key":"8439_CR20","unstructured":"Hays S, White J (2024) Employing LLMs for incident response planning and review. arxiv:2403.01271"},{"key":"8439_CR21","unstructured":"Shen Z (2024) LLM with tools: a survey. arXiv preprint arXiv:2409.18807"},{"key":"8439_CR22","doi-asserted-by":"crossref","unstructured":"Westenfelder F, Hemberg E, Tulla M, Moskal S, O\u2019Reilly U-M, Chiricescu S (2025) LLM-supported natural language to bash translation . arxiv:2502.06858","DOI":"10.18653\/v1\/2025.naacl-long.555"},{"key":"8439_CR23","unstructured":"Rani S, Nagpal R (2019) Penetration testing using metasploit framework: an ethical approach. Int Res J Eng Technol (IRJET) 6(08): 538\u2013542"},{"issue":"1","key":"8439_CR24","first-page":"56","volume":"16","author":"M Alia","year":"2024","unstructured":"Alia M, Jaradat Y, Masoud M, Manasrah KSA, Jebril I, Almanasra S (2024) Low-cost iot-based charging management system for electric vehicles: design guidelines. Int J Adv Soft Comput Appl IJASCA 16(1):56\u201367","journal-title":"Int J Adv Soft Comput Appl IJASCA"},{"key":"8439_CR25","doi-asserted-by":"publisher","first-page":"103903","DOI":"10.1016\/j.cose.2024.103903","volume":"143","author":"S Bamohabbat Chafjiri","year":"2024","unstructured":"Bamohabbat Chafjiri S, Legg P, Hong J, Tsompanas MA (2024) Vulnerability detection through machine learning-based fuzzing: a systematic review. Comput Secur 143:103903. https:\/\/doi.org\/10.1016\/j.cose.2024.103903","journal-title":"Comput Secur"},{"key":"8439_CR26","unstructured":"Gopinath D, Wang K, Zhang M, Pasareanu CS, Khurshid S (2018) Symbolic execution for deep neural networks. arXiv preprint arXiv:1807.10439"},{"issue":"2","key":"8439_CR27","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1145\/2560217.2560219","volume":"57","author":"T Avgerinos","year":"2014","unstructured":"Avgerinos T, Cha SK, Rebert A, Schwartz EJ, Woo M, Brumley D (2014) Automatic exploit generation. Commun ACM 57(2):74\u201384. https:\/\/doi.org\/10.1145\/2560217.2560219","journal-title":"Commun ACM"},{"issue":"8","key":"8439_CR28","doi-asserted-by":"publisher","first-page":"3779","DOI":"10.1109\/TNNLS.2021.3121870","volume":"34","author":"TT Nguyen","year":"2023","unstructured":"Nguyen TT, Reddi VJ (2023) Deep reinforcement learning for cyber security. IEEE Trans Neural Netw Learn Syst 34(8):3779\u20133795. https:\/\/doi.org\/10.1109\/TNNLS.2021.3121870","journal-title":"IEEE Trans Neural Netw Learn Syst"},{"key":"8439_CR29","unstructured":"Tran K, Akella A, Standen M, Kim J, Bowman D, Richer T, Lin C.-T (2021) Deep hierarchical reinforcement agents for automated penetration testing . arxiv:2109.06449"},{"key":"8439_CR30","doi-asserted-by":"publisher","DOI":"10.3390\/s24216878","author":"D Pratama","year":"2024","unstructured":"Pratama D, Suryanto N, Adiputra AA, Le T-T-H, Kadiptya AY, Iqbal M, Kim H (2024) Cipher: cybersecurity intelligent penetration-testing helper for ethical researcher. Sensors. https:\/\/doi.org\/10.3390\/s24216878","journal-title":"Sensors"},{"key":"8439_CR31","unstructured":"Shen X, Wang L, Li Z, Chen Y, Zhao W, Sun D, Wang J, Ruan W (2024) PentestAgent: incorporating LLM agents to automated penetration testing. arxiv:2411.05185"},{"key":"8439_CR32","doi-asserted-by":"crossref","unstructured":"Huang J, Zhu Q (2024) Penhealnet: an agent-based LLM framework for automated pentesting and optimal remediation. Available at SSRN 4941478","DOI":"10.2139\/ssrn.4941478"},{"key":"8439_CR33","unstructured":"Gioacchini L, Mellia M, Drago I, Delsanto A, Siracusano G, Bifulco R (2024) AutoPenBench: benchmarking generative agents for penetration testing . arxiv:2410.03225"},{"key":"8439_CR34","unstructured":"Deng G, Liu Y, Mayoral-Vilches V, Liu P, Li Y, Xu Y, Zhang T, Liu Y, Pinzger M, Rass S (2024) PentestGPT: an LLM-empowered automatic penetration testing tool. arxiv:2308.06782"},{"key":"8439_CR35","unstructured":"Xu J, Stokes JW, McDonald G, Bai X, Marshall D, Wang S, Swaminathan A, Li Z (2024) AutoAttacker: a large language model guided system to implement automatic cyber-attacks. arxiv:2403.01038"},{"key":"8439_CR36","unstructured":"Al-Sinani HS, Mitchell CJ (2025) PenTest++: elevating ethical hacking with AI and automation. arxiv:2502.09484"},{"key":"8439_CR37","unstructured":"Kong H, Hu D, Ge J, Li L, Li T, Wu B (2025) VulnBot: autonomous penetration testing for a multi-agent collaborative framework. arxiv:2501.13411"},{"key":"8439_CR38","unstructured":"Matherly J (2015) Complete guide to shodan. Shodan, LLC"},{"key":"8439_CR39","unstructured":"Liu X, et al (2023) AgentBench: evaluating LLMs as agents. arXiv preprint arXiv:2308.03688. Accessed 10 Feb 2026"},{"key":"8439_CR40","unstructured":"Caldwell S, Harley M, Kouremetis M, Abruzzo V, Pearce W (2025) PentestJudge: judging agent behavior against operational requirements. arXiv preprint arXiv:2508.02921. Accessed Accessed 10 Feb 2026"},{"key":"8439_CR41","doi-asserted-by":"crossref","unstructured":"Imambi S, Prakash KB, Kanagachidambaresan GR (2021) PyTorch. In: Prakash KB, Kanagachidambaresan GR (eds) Programming with TensorFlow. EAI\/Springer Innovations in Communication and Computing. Springer, Cham, pp 87\u2013104. https:\/\/doi.org\/10.1007\/978-3-030-57077-4_10","DOI":"10.1007\/978-3-030-57077-4_10"},{"issue":"2","key":"8439_CR42","doi-asserted-by":"publisher","first-page":"227","DOI":"10.3102\/1076998619872761","volume":"45","author":"B Pang","year":"2020","unstructured":"Pang B, Nijkamp E, Wu YN (2020) Deep learning with tensorflow: a review. J Educ Behav Stat 45(2):227\u2013248. https:\/\/doi.org\/10.3102\/1076998619872761","journal-title":"J Educ Behav Stat"},{"key":"8439_CR43","doi-asserted-by":"crossref","unstructured":"Mohammadi M, Li Y, Lo J, Yip W (2025) Evaluation and benchmarking of LLM agents: a survey. In: Proceedings of the 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining, vol. 2, pp. 6129\u2013 6139","DOI":"10.1145\/3711896.3736570"},{"key":"8439_CR44","unstructured":"Digininja: Damn Vulnerable Web Application (DVWA). GitHub repository. Accessed 28 Feb 2026. https:\/\/github.com\/digininja\/DVWA"},{"key":"8439_CR45","unstructured":"OWASP Foundation: OWASP Juice Shop. Project page. Accessed Accessed 28 Feb 2026. https:\/\/owasp.org\/www-project-juice-shop\/"},{"key":"8439_CR46","unstructured":"OWASP Foundation: OWASP Mutillidae II. Project page. Accessed 28 Feb 2026. https:\/\/owasp.org\/www-project-mutillidae-ii\/"},{"key":"8439_CR47","unstructured":"Rapid7: Metasploitable 2. Documentation. Accessed 28 Feb 2026. https:\/\/docs.rapid7.com\/metasploit\/metasploitable-2\/"},{"key":"8439_CR48","unstructured":"Microsoft: Active Directory Domain Services overview (2025) Microsoft Learn. Accessed 28 Feb 2026. https:\/\/learn.microsoft.com\/en-us\/windows-server\/identity\/ad-ds\/get-started\/virtual-dc\/active-directory-domain-services-overview"},{"key":"8439_CR49","unstructured":"Microsoft: Microsoft Security Bulletin MS17-010: Critical (2017) Microsoft Learn. Published: 2017-03-14. Accessed 28 Feb 2026. https:\/\/learn.microsoft.com\/en-us\/security-updates\/securitybulletins\/2017\/ms17-010"},{"key":"8439_CR50","unstructured":"OWASP Foundation: OWASP Top 10:2021. Standard awareness document. Accessed 28 Feb 2026 (2021). https:\/\/owasp.org\/Top10\/2021\/"},{"key":"8439_CR51","unstructured":"HashiCorp: Terraform Documentation. Developer documentation. Accessed 28 Feb 2026. https:\/\/developer.hashicorp.com\/terraform\/docs"},{"key":"8439_CR52","doi-asserted-by":"publisher","DOI":"10.1145\/3766895","author":"A Happe","year":"2025","unstructured":"Happe A, Cito J (2025) Can LLMs hack enterprise networks? Autonomous assumed breach penetration-testing active directory networks. ACM Trans Softw Eng Methodol. https:\/\/doi.org\/10.1145\/3766895","journal-title":"ACM Trans Softw Eng Methodol"}],"container-title":["The Journal of Supercomputing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11227-026-08439-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11227-026-08439-z","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11227-026-08439-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,3]],"date-time":"2026-04-03T10:33:56Z","timestamp":1775212436000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11227-026-08439-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4,3]]},"references-count":52,"journal-issue":{"issue":"5","published-online":{"date-parts":[[2026,4]]}},"alternative-id":["8439"],"URL":"https:\/\/doi.org\/10.1007\/s11227-026-08439-z","relation":{},"ISSN":["1573-0484"],"issn-type":[{"value":"1573-0484","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,4,3]]},"assertion":[{"value":"10 August 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"7 March 2026","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"3 April 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"318"}}