Autonomous Offensive Security

For registration, please apply for this seminar through the central seminar assignment system.

LLMs and autonomous agents are changing the way security researchers hunt for bugs, analyze attack surfaces, and validate real vulnerabilities. Recent systems have shown increasingly strong capabilities in using tools, understanding targets, generating exploits, and automating parts of the vulnerability discovery workflow. This seminar explores this emerging frontier: autonomous offensive security.

The goal of the seminar is for students to develop critical thinking about autonomous offensive security. Students will also gain a deeper understanding of vulnerability classes, study the state of the art in detecting and exploiting them, and identify where current approaches still fall short. Based on this analysis, each student will build their own autonomous agent for tasks such as vulnerability detection, validation, or exploitation.

The seminar is organized around almost weekly meetings with discussions, presentations, and practical implementation and experimentation. Each student will work on a selected vulnerability class: they will study existing tools and recent research papers, identify one concrete open challenge, and implement an agentic solution that addresses it. The agent will be evaluated on selected targets, and the results will form the basis of the final seminar report.

Notes on requirements and background knowledge

Students without a background in computer security will likely find this seminar particularly challenging. The same applies to students without a hands-on attitude toward security, systems, and software development, as the seminar involves both reading research papers and building/evaluating an autonomous security agent.

When applying, students must clearly state their current background in security in the motivation box, including relevant security courses and university projects.