This study addresses the current lack of systematic methodologies for constructing training and evaluation environments tailored to reinforcement learning–based autonomous cyber defense, particularly in government and critical infrastructure contexts. By convening a multidisciplinary expert workshop, this work proposes the first interface decomposition framework specifically designed for autonomous cyber defense reinforcement learning environments. Integrating insights from academia, industry, and government practitioners, the framework yields a reusable set of guidelines for environment design and evaluation. It substantially enhances the realism, scalability, and evaluative validity of training environments, thereby providing a systematic foundation for the development and assessment of autonomous cyber defense agents.

In November 2025, the authors ran a workshop on the topic of what makes a good reinforcement learning (RL) environment for autonomous cyber defence (ACD). This paper details the knowledge shared by participants both during the workshop and shortly afterwards by contributing herein. The workshop participants come from academia, industry, and government, and have extensive hands-on experience designing and working with RL and cyber environments. While there is now a sizeable body of literature describing work in RL for ACD, there is nevertheless a great deal of tradecraft, domain knowledge, and common hazards which are not detailed comprehensively in a single resource. With a specific focus on building better environments to train and evaluate autonomous RL agents in network defence scenarios, including government and critical infrastructure networks, the contributions of this work are twofold: (1) a framework for decomposing the interface between RL cyber environments and real systems, and (2) guidelines on current best practice for RL-based ACD environment development and agent evaluation, based on the key findings from our workshop.