Architecture
CAI focuses on making cybersecurity agent coordination and execution lightweight, highly controllable, and useful for humans. To do so it builds upon 7 pillars: Agents, Tools, Handoffs, Patterns, Turns, Tracing and HITL.
βββββββββββββββββ βββββββββββββ
β HITL ββββββββββββΆβ Turns β
βββββββββ¬ββββββββ βββββββββββββ
β
βΌ
βββββββββββββ βββββββββββββ βββββββββββββ βββββββββββββ
β Patterns ββββββββΆβ Handoffs βββββββΆ β Agents βββββββΆβ LLMs β
βββββββββββββ βββββββ¬ββββββ βββββββββββββ βββββββββββββ
β β
β βΌ
ββββββββββββββ ββββββ΄βββββββ βββββββββββββ
β Extensions ββββββββΆβ Tracing β β Tools β
ββββββββββββββ βββββββββββββ βββββββββββββ
β
βββββββββββββββ¬ββββββ΄βββββ¬ββββββββββββββ
βΌ βΌ βΌ βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββ
β LinuxCmd ββ WebSearch ββ Code ββ SSHTunnel β
βββββββββββββββββββββββββββββββββββββββββββββββββββββ
If you want to dive deeper into the code, check the following files as a start point for using CAI:
cai
βββ benchmarks
βββ ci
βββ docs
βββ examples # Basic use of CAI for start building on your own
βββ src
β βββ cai
β βββ __init__.py
β βββ agents
β β βββ one_tool.py # Agent definitions, one agent per file
β β βββ patterns
β βββ cli.py # Entrypoint for CLI
β βββ prompts
β βββ repl # CLI aesthetics and commands
β β βββ commands
β β βββ ui
β βββ sdk # Necessary class for chat completions
β β βββ agents
β β βββ model
β βββ tools # Agent tools
β β βββcommon.py
β βββ util.py # Utility functions
βββ tests
βββ tools # Usable tools
πΉ Agent
At its core, CAI abstracts its cybersecurity behavior via Agents and agentic Patterns. An Agent in an intelligent system that interacts with some environment. More technically, within CAI we embrace a robotics-centric definition wherein an agent is anything that can be viewed as a system perceiving its environment through sensors, reasoning about its goals and and acting accordingly upon that environment through actuators (adapted from Russel & Norvig, AI: A Modern Approach). In cybersecurity, an Agent interacts with systems and networks, using peripherals and network interfaces as sensors, reasons accordingly and then executes network actions as if actuators. Correspondingly, in CAI, Agents implement the ReACT (Reasoning and Action) agent model[3].
For more details, including examples and implementation guidance, see the Agents documentation.
πΉ Tools
Tools let cybersecurity agents take actions by providing interfaces to execute system commands, run security scans, analyze vulnerabilities, and interact with target systems and APIs - they are the core capabilities that enable CAI agents to perform security tasks effectively; in CAI, tools include built-in cybersecurity utilities (like LinuxCmd for command execution, WebSearch for OSINT gathering, Code for dynamic script execution, and SSHTunnel for secure remote access), function calling mechanisms that allow integration of any Python function as a security tool, and agent-as-tool functionality that enables specialized security agents (such as reconnaissance or exploit agents) to be used by other agents, creating powerful collaborative security workflows without requiring formal handoffs between agents.
You may find different tools. They are grouped in 6 major categories inspired by the security kill chain[2]:
- Reconnaissance and weaponization - reconnaissance (crypto, listing, etc)
- Exploitation - exploitation
- Privilege escalation - escalation
- Lateral movement - lateral
- Data exfiltration - exfiltration
- Command and control - control
For more information, examples, and implementation details, please refer to the Tools documentation.
πΉ Patterns
An agentic Pattern is a structured design paradigm in artificial intelligence systems where autonomous or semi-autonomous agents operate within a defined interaction framework (the pattern) to achieve a goal. These Patterns specify the organization, coordination, and communication
methods among agents, guiding decision-making, task execution, and delegation.
An agentic pattern (AP) can be formally defined as a tuple:
\[ AP = (A, H, D, C, E) \]
wherein:
- \(A\) (Agents): A set of autonomous entities, \( A = \{a_1, a_2, ..., a_n\} \), each with defined roles, capabilities, and internal states.
- \(H\) (Handoffs): A function \( H: A \times T \to A \) that governs how tasks \( T \) are transferred between agents based on predefined logic (e.g., rules, negotiation, bidding).
- \(D\) (Decision Mechanism): A decision function \( D: S \to A \) where \( S \) represents system states, and \( D \) determines which agent takes action at any given time.
- \(C\) (Communication Protocol): A messaging function \( C: A \times A \to M \), where \( M \) is a message space, defining how agents share information.
- \(E\) (Execution Model): A function \( E: A \times I \to O \) where \( I \) is the input space and \( O \) is the output space, defining how agents perform tasks.
When building Patterns, we generall y classify them among one of the following categories, though others exist:
Agentic Pattern categories |
Description |
|---|---|
Swarm (Decentralized) |
Agents share tasks and self-assign responsibilities without a central orchestrator. Handoffs occur dynamically. An example of a peer-to-peer agentic pattern is the CTF Agentic Pattern, which involves a team of agents working together to solve a CTF challenge with dynamic handoffs. |
Hierarchical |
A top-level agent (e.g., "PlannerAgent") assigns tasks via structured handoffs to specialized sub-agents. Alternatively, the structure of the agents is harcoded into the agentic pattern with pre-defined handoffs. |
Chain-of-Thought (Sequential Workflow) |
A structured pipeline where Agent A produces an output, hands it to Agent B for reuse or refinement, and so on. Handoffs follow a linear sequence. An example of a chain-of-thought agentic pattern is the ReasonerAgent, which involves a Reasoning-type LLM that provides context to the main agent to solve a CTF challenge with a linear sequence.[1] |
Auction-Based (Competitive Allocation) |
Agents "bid" on tasks based on priority, capability, or cost. A decision agent evaluates bids and hands off tasks to the best-fit agent. |
Recursive |
A single agent continuously refines its own output, treating itself as both executor and evaluator, with handoffs (internal or external) to itself. An example of a recursive agentic pattern is the CodeAgent (when used as a recursive agent), which continuously refines its own output by executing code and updating its own instructions. |
Parallelization |
Multiple agents run in parallel, each handling different subtasks or independent inputs simultaneously. This approach speeds up processing when tasks do not depend on each other. For example, you can launch several agents to analyze different log files or scan multiple IP addresses at the same time, leveraging concurrency to improve efficiency. |
Moreover in this new version we could orchestrate agents and add decision mechanism in several ways. See Orchestrating multiple agents
πΉ Turns
During the agentic flow (conversation), we distinguish between interactions and turns.
- Interactions are sequential exchanges between one or multiple agents. Each agent executing its logic corresponds with one interaction. Since an
Agentin CAI generally implements theReACTagent model[3], each interaction consists of 1) a reasoning step via an LLM inference and 2) act by calling zero-to-nTools. - Turns: A turn represents a cycle of one ore more interactions which finishes when the
Agent(orPattern) executing returnsNone, judging there're no further actions to undertake.
CAI Agents are not related to Assistants in the Assistants API. They are named similarly for convenience, but are otherwise completely unrelated. CAI is entirely powered by the Chat Completions API and is hence stateless between calls.
πΉ Tracing
β οΈ TRACING IS STILL IN PROGRESS
πΉ Human-In-The-Loop (HITL)
βββββββββββββββββββββββββββββββββββ
β β
β Cybersecurity AI (CAI) β
β β
β βββββββββββββββββββ β
β β Autonomous AI β β
β ββββββββββ¬βββββββββ β
β β β
β β β
β ββββββββββΌββββββββββ β
β β HITL Interaction β β
β ββββββββββ¬ββββββββββ β
β β β
ββββββββββββββββββΌβββββββββββββββββ
β
β Ctrl+C (cli.py)
β
βββββββββββββΌββββββββββββ
β Human Operator(s) β
β Expertise | Judgment β
β Teleoperation β
βββββββββββββββββββββββββ
CAI delivers a framework for building Cybersecurity AIs with a strong emphasis on semi-autonomous operation, as the reality is that fully-autonomous cybersecurity systems remain premature and face significant challenges when tackling complex tasks. While CAI explores autonomous capabilities, we recognize that effective security operations still require human teleoperation providing expertise, judgment, and oversight in the security process.
Accordingly, the Human-In-The-Loop (HITL) module is a core design principle of CAI, acknowledging that human intervention and teleoperation are essential components of responsible security testing. Through the cli.py interface, users can seamlessly interact with agents at any point during execution by simply pressing Ctrl+C.
[1] Arguably, the Chain-of-Thought agentic pattern is a special case of the Hierarchical agentic pattern. [2] Kamhoua, C. A., Leslie, N. O., & Weisman, M. J. (2018). Game theoretic modeling of advanced persistent threat in internet of things. Journal of Cyber Security and Information Systems. [3] Yao, S., Zhao, J., Yu, D., Du, N., Shafran, I., Narasimhan, K., & Cao, Y. (2023, January). React: Synergizing reasoning and acting in language models. In International Conference on Learning Representations (ICLR).