Advancing Cyber Defense: Stable Agentic AI with Tool-Mediated LLM Architecture

      In an era where cyber threats are not just evolving but rapidly accelerating due to artificial intelligence, the need for equally sophisticated and reliable defense systems has become paramount. Recent reports indicate a significant rise in attacks perpetrated by AI-enabled adversaries, drastically reducing the time available for human defenders to detect and respond to breaches. This escalating challenge highlights a critical demand for autonomous, agentic defense systems that can maintain stability and effectiveness against intelligent, adaptive threats.

The Evolving Threat Landscape and Agentic AI

      Agentic AI systems, characterized by their ability to act autonomously to achieve specific goals, are transforming both offensive and defensive cybersecurity strategies. While offering immense potential for proactive defense, integrating Large Language Models (LLMs) into high-stakes decision-making processes, such as configuring Endpoint Detection and Response (EDR) policies, presents inherent challenges. LLMs, by their nature, can be non-deterministic; identical inputs may lead to varied outputs across different runs. This variability, sometimes with accuracy variance up to 15% even under strict conditions, introduces unpredictability, making it difficult to guarantee their behavior in critical operational environments. Unconstrained LLM agents could potentially initiate destructive actions, posing significant risks if not properly managed.

      Cybersecurity operations centers (SOCs) face the constant pressure of configuring defense policies against sophisticated, often AI-driven, attacks. The core issue is how to leverage the creative problem-solving capabilities of LLMs for defense without sacrificing the reliability and predictability crucial for enterprise security. This demands a new approach to architecture that can provide formal guarantees for safety and stability in autonomous cyber defense systems.

A Novel Tool-Mediated LLM Architecture for Cyber Defense

      To address the challenges posed by LLM non-determinism in critical defense scenarios, a groundbreaking tool-mediated architecture has been developed. This architecture integrates LLM agents with a suite of deterministic tools, ensuring that while the LLM can explore and compose defense strategies, the actual execution and specific actions are governed by predictable and formally verifiable processes. The key insight is to make stability a property of the loop rather than solely dependent on the agent.

      Within this architecture, LLM defense agents analyze complex attack graphs, strategize hardening actions, and invoke simulation tools. However, they do not compute the final deterministic outputs. Instead, they interact with tools like Stackelberg best-response calculations (for game-theoretic optimal responses), Bayesian observer updates (for refined situational awareness), and predefined attack-graph primitives. Crucially, the system enforces finite action catalogs at the tool-output interface, meaning both the LLM controller and the adversary are confined to a limited, pre-approved set of actions. This architectural pattern transforms passive infrastructure into intelligent decision engines, a capability that ARSA Technology specializes in providing through AI Video Analytics and custom AI solutions.

Formal Verification for Unwavering Stability

      A cornerstone of this innovative approach is the rigorous formal verification of its stability properties. Using a composite Lyapunov function, which mathematically guarantees system stability, proofs were machine-checked in Lean 4 with zero "sorry" (Lean's term for an unproven statement). This verification provides critical assurances for three closed-loop stability properties that are vital for any robust cyber defense system:

• Controllability: This ensures that each deployed defense policy demonstrably improves the security posture, making the defense strictly better over time.
• Robustness (Input-to-State Stability - ISS): The system maintains its stability and performance even when faced with intelligent, adaptive adversaries or novel attack techniques. This guarantees that new threats cause quantifiable, limited damage.
• Observability: The defense team's understanding of its current security posture is accurate and reliably converges, even when relying on asymmetric sensor data.

      These formal guarantees are further extended by two corollaries, certifying that stability holds for any controller or adversary whose actions are drawn from the defined catalogs. This separation of architectural stability from the inherent non-determinism or specific capabilities of the LLM agent is a significant advancement in reliable agentic AI (Source: Prinos, K., et al. (2026). Stable Agentic Control: Tool-Mediated LLM Architecture for Autonomous Cyber Defense. arXiv preprint arXiv:2605.03034).

Real-World Validation and Performance Metrics

      The practical efficacy of this tool-mediated architecture has been rigorously tested and validated on real-world security data, demonstrating its tangible benefits for enterprise cyber defense. The architecture was deployed against 282 actual enterprise attack graphs derived from production penetration tests across 161 organizations and 25 industries. The claims of controllability, robustness, and observability were confirmed with ample margin, showcasing the system's ability to perform in diverse and demanding environments.

      When pitted against paired offensive and defensive telemetry data (specifically, Horizon3.ai NodeZero offensive telemetry and Microsoft Defender XDR defensive telemetry), the results were compelling. A tool-mediated Claude Sonnet 4 controller significantly reduced the attacker’s expected payoff (the "game value") by 59% compared to a deterministic greedy baseline. Crucially, this performance exhibited zero variance across 40 runs at four different temperatures, highlighting the architecture's capacity to deliver stable and predictable outcomes despite the underlying LLM's non-determinism.

      Furthermore, even a less capable LLM, a Claude Haiku 4.5 controller, while converging to suboptimal game values, consistently remained within the catalog-bounded actions over an additional 40 runs. This critical finding underscores that the architectural stability is fundamentally independent of the specific LLM's advanced capabilities, proving the robustness of the design. This principle aligns with ARSA Technology's focus on practical, production-ready systems, leveraging technologies like the AI Box Series for robust edge AI deployments in challenging environments. ARSA has been experienced since 2018 in developing such reliable AI and IoT solutions.

Implications for Enterprise Cybersecurity

      This stable agentic control architecture represents a significant leap forward for enterprises facing advanced cyber threats.

• Reduced Risk: By formalizing stability, organizations can deploy autonomous defense systems with confidence, knowing their behavior is predictable and resilient against adversarial pressure. This reduces the risk of unintended consequences often associated with unconstrained AI.
• Operational Efficiency: Automating EDR policy optimization allows SOC teams to reallocate human resources from routine tasks to more complex threat intelligence and strategic planning. The rapid, real-time response capability outpaces manual processes.
• Enhanced Compliance: The verifiable nature of the defense strategies can aid in demonstrating compliance with stringent regulatory frameworks, as the system's behavior is formally guaranteed to operate within defined parameters.
• Scalability and Adaptability: The architecture's design allows for scalability across vast enterprise networks and adaptability to new attack techniques, as the LLM can dynamically compose strategies while the deterministic tools ensure safe execution.

      The combination of LLM creativity with deterministic, formally verified tools offers a powerful blueprint for the next generation of autonomous cyber defense. It allows for the exploration of novel defense strategies while ensuring that critical systems remain controllable, robust, and observable.

      Ready to explore how advanced AI and IoT solutions can fortify your enterprise's cyber defenses? Discover ARSA Technology's expertise in delivering practical, proven, and profitable AI systems for security and operations. We offer custom AI solutions designed to meet the demands of mission-critical environments. To discuss your organization's specific needs and learn more about implementing stable agentic control principles, contact ARSA for a free consultation.