@Article{jcs.2026.075976,
AUTHOR = {Haitian Du},
TITLE = {GenAI-Powered Autonomous Cyber Offense-Defense: An Explainable LLM Red-vs-Blue Simulation and Self-Defense Framework},
JOURNAL = {Journal of Cyber Security},
VOLUME = {8},
YEAR = {2026},
NUMBER = {1},
PAGES = {241--279},
URL = {http://www.techscience.com/JCS/v8n1/67431},
ISSN = {2579-0064},
ABSTRACT = {Modern cyberattacks evolve rapidly, overwhelming static and rule-based defenses. This paper proposes GenAI-Powered Autonomous Cyber Offense-Defense, a closed-loop framework in which large language models (LLMs) control both a red-team attacker and a blue-team defender. The agents operate in a simulated enterprise network, generate natural-language rationales for every action, and update defensive policies through a self-adaptive learning loop. We instantiate the framework with LLM-based agents that plan multi-stage attacks, detect anomalies, and autonomously execute containment and hardening actions. In experiments on a three-host virtualized testbed and a scalable multi-node emulation, the adaptive blue agent reduces the attacker’s success rate from 72% to 5% over six iterations and cuts mean detection latency from 5.4 to 1.2 s compared with a non-learning baseline. Explainability experiments with security analysts show that increasing explanation completeness from 0.75 to 0.95 raises subjective trust scores by roughly 46% and improves decision alignment with experts to about 90%. These results demonstrate that GenAI can orchestrate realistic attack–defense exercises and produce self-improving cyber defenses that remain transparent to humans. The proposed framework offers a reusable platform for evaluating LLM-based security agents and studying AI-on-AI red–blue co-evolution in cybersecurity.},
DOI = {10.32604/jcs.2026.075976}
}