Manually constructing cyber ranges is labor-intensive, and natural-language range specifications are difficult to parse and deploy automatically. Method: This paper introduces ARCeR, the first end-to-end cyber range auto-generation framework that deeply integrates agentic architecture with retrieval-augmented generation (RAG). ARCeR employs task decomposition planning, dynamic knowledge retrieval, and domain-specific knowledge injection to overcome limitations of conventional LLMs and baseline RAG systems in complex semantic understanding and cross-framework generalization. Contribution/Results: Experiments demonstrate that ARCeR accurately parses multi-constraint range descriptions inaccessible to standard LLMs or RAG, seamlessly adapts to heterogeneous range frameworks—including CyberRangeKit and CRATE—and achieves significantly higher deployment accuracy. ARCeR thus provides a scalable, high-fidelity automation foundation for operational cybersecurity training and evaluation.

The growing and evolving landscape of cybersecurity threats necessitates the development of supporting tools and platforms that allow for the creation of realistic IT environments operating within virtual, controlled settings as Cyber Ranges (CRs). CRs can be exploited for analyzing vulnerabilities and experimenting with the effectiveness of devised countermeasures, as well as serving as training environments for building cyber security skills and abilities for IT operators. This paper proposes ARCeR as an innovative solution for the automatic generation and deployment of CRs, starting from user-provided descriptions in a natural language. ARCeR relies on the Agentic RAG paradigm, which allows it to fully exploit state-of-art AI technologies. Experimental results show that ARCeR is able to successfully process prompts even in cases that LLMs or basic RAG systems are not able to cope with. Furthermore, ARCeR is able to target any CR framework provided that specific knowledge is made available to it.