Search papers, labs, and topics across Lattice.
This paper introduces the concept of the Cybersecurity AI Scientist, a modular multi-agent research system designed to address the unique challenges of cybersecurity research, which operates in a dynamic and non-stationary environment. By emphasizing the need for specialized roles in problem framing, threat modeling, and evaluation, the authors argue that traditional AI scientist frameworks are insufficient for the rapidly evolving nature of cyber threats. The proposed architecture and agenda aim to facilitate AI-native defense strategies, moving beyond static security measures to resilient, agent-based approaches that adapt to ongoing threats.
Cybersecurity research needs a dedicated AI framework that evolves with the threat landscape, rather than relying on static models that can't keep pace with machine-speed attacks.
Cyber offense is moving to machine speed; cyber research itself is not. Existing AI scientist systems make end-to-end research automation increasingly plausible, but they target relatively stable scientific domains. We argue that AI-native cybersecurity is a different kind of scientific object. Its recurring units of study are security events and interaction traces, not static assets; its model and tool substrate is non-stationary, not steady-state; and credible evaluation depends on digital twins, cyber ranges, and auditable evidence rather than on a single benchmark score. We call this object the Cybersecurity AI Scientist. A practical realization is a modular, role-specialized multi-agent research system that coordinates problem framing, threat modeling, tool generation, controlled experimentation, evaluation, governance, and scientific reporting, and that anchors its concrete objectives in a four-zeros frame spanning risk, trust, incident, and energy dimensions. As a representative agenda we focus on AI-native defense, where steady-state perimeters give way to resilient agent legions and the classical category of terminal security is itself being deconstructed into agent security. This paper defines the object, separates it from any single organizational realization, and offers an architecture and an agenda on which later systems, benchmarks, and empirical programs can be built.