SHIELDS: Automating OS Hardening with Iterative Multi-Agent Remediation

📅 2026-06-03
📈 Citations: 0
Influential: 0
📄 PDF

career value

204K/year
🤖 AI Summary
This work addresses the challenge of maintaining continuous compliance with security configuration standards such as DISA STIG, which is often hindered by the limitations of manual processes and static analysis tools. The authors propose a large language model (LLM)-driven multi-agent system that models operating system hardening as a dynamic, closed-loop, iterative feedback process. By executing remediation actions on target systems and validating outcomes through compliance scans, the system continuously refines security configurations. This approach departs from traditional static remediation paradigms and represents the first implementation of LLM-coordinated multi-agent collaboration for OS hardening. Experimental results demonstrate that even with a lightweight, locally deployed 20B-parameter model, the system successfully remediates 73% of identified vulnerabilities across diverse virtual machine environments, confirming its effectiveness and practicality in resource-constrained settings.
📝 Abstract
Security misconfigurations remain a leading cause of OS-level compromise, and manually keeping systems compliant with standards like Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) is a tedious and expensive process. Existing compliance automation tools can reduce some of this burden, but they depend on static, pre-written corrective actions. In this paper, we introduce SHIELDS, a multi-agent system that uses large language models (LLMs) to approach OS hardening as an iterative, feedback-driven process. Instead of applying fixed remediations, SHIELDS continuously proposes fixes and refines them based on feedback from target system execution and validation scans. We evaluate the system across multiple virtual machine configurations using six contemporary LLMs ranging from 20B to 400B parameters, and find that SHIELDS successfully remediates up to 73% of scan findings. Our results also suggest that success in this setting depends less on model size (parameter count) than on effective tool use and information gathering, paving a practical path toward reducing the burden of security compliance in environments where compute is limited or security and privacy needs drive local model use.
Problem

Research questions and friction points this paper is trying to address.

security misconfigurations
OS hardening
compliance automation
DISA STIGs
system compromise
Innovation

Methods, ideas, or system contributions that make the work stand out.

multi-agent system
large language models
OS hardening
iterative remediation
security compliance automation
🔎 Similar Papers
No similar papers found.