Existing simulation environments for Autonomous Cyber Operations (ACO), such as CybORG, inadequately model real-world network attack-defense dynamics—particularly critical defensive actions—hindering effective reinforcement learning (RL) training. Method: We extend CybORG by introducing three essential defensive actions—Patch, Isolate, and Unisolate—and redesign the reward function and state representation to enhance semantic expressiveness and policy learnability. Contribution/Results: The extended environment maintains stable training signals under both DQN and PPO. Empirical evaluation shows a 37% faster policy convergence and a 29% higher success rate in multi-stage adversarial tasks compared to the baseline. This work significantly bridges the modeling gap between simulation and operational reality, providing a scalable, high-fidelity simulation foundation for production-grade autonomous network defense systems.

Simulated environments have proven invaluable in Autonomous Cyber Operations (ACO) where Reinforcement Learning (RL) agents can be trained without the computational overhead of emulation. These environments must accurately represent cybersecurity scenarios while producing the necessary signals to support RL training. In this study, we present a framework where we first extend CybORG's Cage Challenge 2 environment by implementing three new actions: Patch, Isolate, and Unisolate, to better represent the capabilities available to human operators in real-world settings. We then propose a design for agent development where we modify the reward signals and the agent's feature space to enhance training performance. To validate these modifications, we train DQN and PPO agents in the updated environment. Our study demonstrates that CybORG can be extended with additional realistic functionality, while maintaining its ability to generate informative training signals for RL agents.