🤖 AI Summary
This work proposes a novel paradigm—“AI Cybersecurity Scientist”—to address the challenges posed by the dynamic, non-stationary, and highly adversarial nature of cybersecurity, which traditional AI-driven scientific automation systems struggle to handle. Centered on security incidents and interaction traces as fundamental units, the paradigm employs a modular, role-specialized multi-agent collaborative architecture that spans the entire scientific workflow: problem formulation, threat modeling, tool generation, controlled experimentation, evaluation, and scientific reporting. Trustworthy assessment is enabled through digital twins and cyber ranges. The framework establishes core constructs and system architecture via a “Four-Zero” objective (zero risk, zero trust, zero incident, zero energy), AI-native defense mechanisms, auditable evidence chains, and a non-stationary tool foundation, thereby laying the groundwork for future benchmarking and empirical studies.
📝 Abstract
Cyber offense is moving to machine speed; cyber research itself is not. Existing AI scientist systems make end-to-end research automation increasingly plausible, but they target relatively stable scientific domains. We argue that AI-native cybersecurity is a different kind of scientific object. Its recurring units of study are security events and interaction traces, not static assets; its model and tool substrate is non-stationary, not steady-state; and credible evaluation depends on digital twins, cyber ranges, and auditable evidence rather than on a single benchmark score. We call this object the Cybersecurity AI Scientist. A practical realization is a modular, role-specialized multi-agent research system that coordinates problem framing, threat modeling, tool generation, controlled experimentation, evaluation, governance, and scientific reporting, and that anchors its concrete objectives in a four-zeros frame spanning risk, trust, incident, and energy dimensions. As a representative agenda we focus on AI-native defense, where steady-state perimeters give way to resilient agent legions and the classical category of terminal security is itself being deconstructed into agent security. This paper defines the object, separates it from any single organizational realization, and offers an architecture and an agenda on which later systems, benchmarks, and empirical programs can be built.