Determinants and Limits of LLM Security-Tool Orchestration: A Study with HexStrike-AI

📅 2026-07-02
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
This study systematically investigates the capability boundaries of large language models (LLMs) in security tool orchestration, with a focus on the relative impact of model choice, client implementation, toolset composition, and reasoning mechanisms on system performance. Leveraging the open-source orchestration framework HexStrike-AI, the authors conduct multi-configuration comparative experiments across 86 picoCTF challenges, complemented by failure diagnosis and targeted refinements—including tool corrections, behavioral adjustments, and capability extensions—to quantitatively demonstrate, for the first time, the critical role of the client component in determining the performance of a fixed LLM. Results indicate that performance bottlenecks primarily stem from reasoning or environmental constraints rather than missing tools, enabling an increase in overall solve rate from 55.4% to 72.0% (p < 0.001) with high reproducibility (17 out of 20 trials consistent). The work introduces a reproducible evaluate-and-improve feedback loop, establishing a new paradigm for intelligent security agent systems.
📝 Abstract
Large language model agents driving security tool suites over the Model Context Protocol are increasingly common. Yet the factors that bound their capability remain poorly characterized: how much depends on the model versus the client that drives it, whether constraining the agent to the orchestrator's own tools helps, and where capability is limited by reasoning rather than by missing tools. Using HexStrikeAI, an open-source orchestrator that exposes 150+ tools, as a testbed, we follow a methodology that evaluates the system, diagnoses its failures, and applies targeted improvements. We run 86 picoCTF challenges across seven categories and three difficulty tiers, under three tool-access regimes and three model/client configurations (774 trials). We then apply corrections to existing tools, agent-behavior changes, and eleven new capability tools, and re-run the previously-unsuccessful trials. The diagnosis isolates the driving client as a first-order factor for a fixed model (a 2.1 * gap between two DeepSeek clients) and a monotonic difficulty gradient, with the largest gains in the mid tier. The overall solve rate rises from 55.4% to 72.0%, and every configuration improves significantly (paired McNemar p < 0.001, non-overlapping 95% confidence intervals). The residual failures are reasoning- or environment-bound rather than missing-tool. A 60-run stability sub-study finds single-run verdicts reproducible (17/20 unanimous). We discuss what the results imply for how such orchestrators should be evaluated, and we are explicit about the limits: the study uses a single benchmark, the fixes were tuned on the same challenges they were evaluated on, and the client effect is demonstrated for one model only, so its generality to other models remains a hypothesis.
Problem

Research questions and friction points this paper is trying to address.

LLM security-tool orchestration
capability limits
model vs client
reasoning bottleneck
tool dependency
Innovation

Methods, ideas, or system contributions that make the work stand out.

LLM agent orchestration
security tool integration
capability diagnosis
client-model interaction
empirical evaluation