{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T02:05:51Z","timestamp":1773194751667,"version":"3.50.1"},"reference-count":53,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T00:00:00Z","timestamp":1765152000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T00:00:00Z","timestamp":1765152000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100004040","name":"KU Leuven","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100004040","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,12,8]]},"DOI":"10.1109\/acsacw69556.2025.00052","type":"proceedings-article","created":{"date-parts":[[2026,3,9]],"date-time":"2026-03-09T19:56:13Z","timestamp":1773086173000},"page":"420-427","source":"Crossref","is-referenced-by-count":0,"title":["On the Potential of LLMs for Offensive Security: Benchmarks vs. Operational Reality"],"prefix":"10.1109","author":[{"given":"Ruben","family":"Missotten","sequence":"first","affiliation":[{"name":"KU Leuven,Distrinet,Leuven,Belgium"}]},{"given":"Vera","family":"Rimmer","sequence":"additional","affiliation":[{"name":"KU Leuven,Distrinet,Leuven,Belgium"}]},{"given":"Wim","family":"Mees","sequence":"additional","affiliation":[{"name":"Royal Military Academy,Cylab,Brussels,Belgium"}]},{"given":"Lieven","family":"Desmet","sequence":"additional","affiliation":[{"name":"KU Leuven,Distrinet,Leuven,Belgium"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/acit58888.2023.10453752"},{"key":"ref2","first-page":"4693","article-title":"Malla: Demystifying real-world large language model integrated malicious services","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Lin"},{"key":"ref3","article-title":"XBOW-XBOW on HackerOne: What\u2019s next","author":"Waisman","year":"2025"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2024.24556"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3639121"},{"key":"ref6","article-title":"MITRE ATT&CK\u00ae"},{"key":"ref7","article-title":"Historical analysis of exploit availability timelines","volume-title":"13th USENIX Workshop on Cyber Security Experimentation and Test (CSET 20)","author":"Householder"},{"key":"ref8","article-title":"Desktop operating system market share worldwide","volume-title":"StatCounter Global Stats"},{"key":"ref9","article-title":"Teams of LLM agents can exploit zero-day vulnerabilities","author":"Zhu","year":"2025"},{"key":"ref10","article-title":"IBM X-Force 2025 threat intelligence index","volume-title":"IBM Security","year":"2025"},{"key":"ref11","article-title":"M-Trends 2025 report","volume-title":"Google Cloud Security","year":"2025"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/3611643.3613900"},{"key":"ref13","article-title":"How low can you go? An analysis of 2023 time-to-exploit trends","volume-title":"Google Cloud Blog","author":"Charrier","year":"2024"},{"key":"ref14","article-title":"Top lateral movement techniques: The red team edition","author":"Kumbhar","year":"2016","journal-title":"Smokescreen Technologies, Tech. Rep."},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/sp40001.2021.00047"},{"key":"ref16","article-title":"Non-determinism of\u201ddeterministic\" LLM settings","author":"Atil","year":"2025"},{"key":"ref17","article-title":"xOffense: An AI-driven autonomous penetration testing framework with offensive knowledge-enhanced LLMs and multi agent systems","author":"Luong","year":"2025"},{"key":"ref18","article-title":"CRAKEN: Cybersecurity LLM agent with knowledge-based execution","author":"Shao","year":"2025"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/3708821.3733882"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/acsacw65225.2024.00036"},{"key":"ref21","article-title":"On the surprising efficacy of LLMs for penetration-testing","author":"Happe","year":"2025"},{"key":"ref22","article-title":"On the feasibility of using LLMs to autonomously execute multi-host network attacks","author":"Singer","year":"2025"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/sin63213.2024.10871324"},{"key":"ref24","article-title":"XBOW-XBOW unleashes GPT-5\u2019s hidden hacking power, doubling performance","author":"de Moor","year":"2025"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/3769676"},{"key":"ref26","article-title":"MMLU-CF: A contamination-free multi-task language understanding benchmark","author":"Zhao","year":"2024"},{"key":"ref27","doi-asserted-by":"crossref","DOI":"10.70777\/si.v2i1.13973","article-title":"Humanity\u2019s last exam","author":"Phan","year":"2025"},{"key":"ref28","article-title":"SecQA: A concise question-answering dataset for evaluating large language models in computer security","author":"Liu","year":"2023"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/csr61664.2024.10679494"},{"key":"ref30","first-page":"28 525","article-title":"The WMDP benchmark: Measuring and reducing malicious use with unlearning","volume-title":"Proceedings of the 41st International Conference on Machine Learning, ser. Proceedings of Machine Learning Research","volume":"235","author":"Li"},{"key":"ref31","article-title":"Cyberbench: A multi-task benchmark for evaluating large language models in cybersecurity","volume-title":"AAAI-24 Workshop on Artificial Intelligence for Cyber Security (AICS)","author":"Liu","year":"2024"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v39i23.34618"},{"key":"ref33","article-title":"Cybench: A framework for evaluating cybersecurity capabilities and risks of language models","volume-title":"The Thirteenth International Conference on Learning Representations","author":"Zhang","year":"2025"},{"key":"ref34","article-title":"HackSynth: LLM agent and evaluation framework for autonomous penetration testing","author":"Muzsai","year":"2024"},{"key":"ref35","first-page":"847","article-title":"PentestGPT: Evaluating and harnessing large language models for automated penetration testing","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Deng"},{"key":"ref36","article-title":"Construction and evaluation of LLM-based agents for semi-autonomous penetration testing","author":"Kobayashi","year":"2025"},{"key":"ref37","first-page":"57 472","article-title":"NYU CTF Bench: A scalable open-source benchmark dataset for evaluating LLMs in offensive security","volume-title":"Advances in Neural Information Processing Systems","volume":"37","author":"Shao","year":"2024"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/3708319.3733804"},{"key":"ref39","article-title":"A framework for evaluating emerging cyberattack capabilities of AI","author":"Rodriguez","year":"2025"},{"key":"ref40","article-title":"Catastrophic cyber capabilities benchmark (3CB): Robustly evaluating LLM agent cyber offense capabilities","author":"Anurin","year":"2024"},{"key":"ref41","article-title":"AutoPenBench: Benchmarking generative agents for penetration testing","author":"Gioacchini","year":"2024"},{"key":"ref42","article-title":"CYBERSECEVAL 3: Advancing the evaluation of cybersecurity risks and capabilities in large language models","author":"Wan","year":"2024"},{"key":"ref43","article-title":"Hack The Box: The #1 cybersecurity performance center"},{"key":"ref44","article-title":"Vulnerable by design ~ VulnHub"},{"key":"ref45","first-page":"3971","article-title":"Dos and don\u2019ts of machine learning in computer security","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Arp"},{"key":"ref46","article-title":"Hacking CTFs with plain agents","author":"Turtayev","year":"2024"},{"key":"ref47","article-title":"OCCULT: Evaluating large language models for offensive cyber operation capabilities","author":"Kouremetis","year":"2025"},{"key":"ref48","article-title":"Benchmarking practices in LLM-driven offensive security: Testbeds, metrics, and experiment design","author":"Happe","year":"2025"},{"key":"ref49","article-title":"LLM cyber evaluations don\u2019t capture real-world risk","author":"Luko\u0161i\u016bt\u0117","year":"2025"},{"key":"ref50","article-title":"Game Of Active Directory"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/3766895"},{"key":"ref52","article-title":"AutoAttacker: A large language model guided system to implement automatic cyber-attacks","author":"Xu","year":"2024"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/3458723"}],"event":{"name":"2025 Annual Computer Security Applications Conference Workshops (ACSAC Workshops)","location":"Honolulu, HI, USA","start":{"date-parts":[[2025,12,8]]},"end":{"date-parts":[[2025,12,9]]}},"container-title":["2025 Annual Computer Security Applications Conference Workshops (ACSAC Workshops)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11417955\/11417996\/11418021.pdf?arnumber=11418021","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T05:28:35Z","timestamp":1773120515000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11418021\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,8]]},"references-count":53,"URL":"https:\/\/doi.org\/10.1109\/acsacw69556.2025.00052","relation":{},"subject":[],"published":{"date-parts":[[2025,12,8]]}}}