The distributed, open, and heterogeneous nature of 6G Zero-Touch Networks (ZTNs) significantly expands the attack surface, necessitating security automation capable of operating in dynamic adversarial environments—yet existing approaches suffer from limited policy lifecycle automation and weak environmental/threat adaptability. Method: This paper proposes SecLoop, an LLM-driven fully automated security closed-loop system, and introduces SA-GRPO—the first security-aware group-relative policy optimization algorithm. SecLoop integrates large language models, MITRE ATT&CK knowledge, and multi-scenario parallel adversarial simulation to enable end-to-end policy generation, orchestration, response, and feedback; SA-GRPO employs intra-group comparative feedback to drive iterative policy reinforcement and dynamic evolution. Contribution/Results: Evaluated across five real-world benchmarks covering 11 ATT&CK tactics and 20+ attack types, SecLoop achieves a 37% improvement in policy accuracy and sub-second response latency. The platform will be open-sourced to advance automated security for 6G.

Zero-Touch Networks (ZTNs) represent a transformative paradigm toward fully automated and intelligent network management, providing the scalability and adaptability required for the complexity of sixth-generation (6G) networks. However, the distributed architecture, high openness, and deep heterogeneity of 6G networks expand the attack surface and pose unprecedented security challenges. To address this, security automation aims to enable intelligent security management across dynamic and complex environments, serving as a key capability for securing 6G ZTNs. Despite its promise, implementing security automation in 6G ZTNs presents two primary challenges: 1) automating the lifecycle from security strategy generation to validation and update under real-world, parallel, and adversarial conditions, and 2) adapting security strategies to evolving threats and dynamic environments. This motivates us to propose SecLoop and SA-GRPO. SecLoop constitutes the first fully automated framework that integrates large language models (LLMs) across the entire lifecycle of security strategy generation, orchestration, response, and feedback, enabling intelligent and adaptive defenses in dynamic network environments, thus tackling the first challenge. Furthermore, we propose SA-GRPO, a novel security-aware group relative policy optimization algorithm that iteratively refines security strategies by contrasting group feedback collected from parallel SecLoop executions, thereby addressing the second challenge. Extensive real-world experiments on five benchmarks, including 11 MITRE ATT&CK processes and over 20 types of attacks, demonstrate the superiority of the proposed SecLoop and SA-GRPO. We will release our platform to the community, facilitating the advancement of security automation towards next generation communications.