TY  - EJOU
AU  - Du, Haitian 

TI  - GenAI-Powered Autonomous Cyber Offense-Defense: An Explainable LLM Red-vs-Blue Simulation and Self-Defense Framework
T2  - Journal of Cyber Security

PY  - 2026
VL  - 8
IS  - 1
SN  - 2579-0064

AB  - Modern cyberattacks evolve rapidly, overwhelming static and rule-based defenses. This paper proposes GenAI-Powered Autonomous Cyber Offense-Defense, a closed-loop framework in which large language models (LLMs) control both a red-team attacker and a blue-team defender. The agents operate in a simulated enterprise network, generate natural-language rationales for every action, and update defensive policies through a self-adaptive learning loop. We instantiate the framework with LLM-based agents that plan multi-stage attacks, detect anomalies, and autonomously execute containment and hardening actions. In experiments on a three-host virtualized testbed and a scalable multi-node emulation, the adaptive blue agent reduces the attacker’s success rate from 72% to 5% over six iterations and cuts mean detection latency from 5.4 to 1.2 s compared with a non-learning baseline. Explainability experiments with security analysts show that increasing explanation completeness from 0.75 to 0.95 raises subjective trust scores by roughly 46% and improves decision alignment with experts to about 90%. These results demonstrate that GenAI can orchestrate realistic attack–defense exercises and produce self-improving cyber defenses that remain transparent to humans. The proposed framework offers a reusable platform for evaluating LLM-based security agents and studying AI-on-AI red–blue co-evolution in cybersecurity.
KW  - Generative artificial intelligence; large language models; autonomous red teaming; autonomous cyber defense; explainable AI; attack-defense simulation

DO  - 10.32604/jcs.2026.075976