{"id":"https://openalex.org/W7130685212","doi":"https://doi.org/10.48550/arxiv.2602.17622","title":"What Makes a Good LLM Agent for Real-world Penetration Testing?","display_name":"What Makes a Good LLM Agent for Real-world Penetration Testing?","publication_year":2026,"publication_date":"2026-02-19","ids":{"openalex":"https://openalex.org/W7130685212","doi":"https://doi.org/10.48550/arxiv.2602.17622"},"language":null,"primary_location":{"id":"pmh:doi:10.48550/arxiv.2602.17622","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"publisher-specific-oa","license_id":"https://openalex.org/licenses/publisher-specific-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":null,"any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5126486199","display_name":"Gelei Deng","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Deng, Gelei","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126516501","display_name":"Yi Liu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Yi","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126499301","display_name":"Yuekang Li","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li, Yuekang","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103115872","display_name":"R. X. Yang","orcid":"https://orcid.org/0009-0004-3561-0615"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yang, Ruozhao","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126460388","display_name":"Xiaofei Xie","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xie, Xiaofei","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126514520","display_name":"Jie Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Jie","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063615379","display_name":"Han Qiu","orcid":"https://orcid.org/0000-0003-1465-8009"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Qiu, Han","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5126487791","display_name":"Tianwei Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Tianwei","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5126486199"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.21140000224113464,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.21140000224113464,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.13819999992847443,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.13529999554157257,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/penetration","display_name":"Penetration (warfare)","score":0.6269999742507935},{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.5343999862670898},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5070000290870667},{"id":"https://openalex.org/keywords/penetration-test","display_name":"Penetration test","score":0.430400013923645},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.41269999742507935}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6377999782562256},{"id":"https://openalex.org/C80107235","wikidata":"https://www.wikidata.org/wiki/Q7162625","display_name":"Penetration (warfare)","level":2,"score":0.6269999742507935},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.5343999862670898},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5070000290870667},{"id":"https://openalex.org/C98214672","wikidata":"https://www.wikidata.org/wiki/Q1501923","display_name":"Penetration test","level":3,"score":0.430400013923645},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.41269999742507935},{"id":"https://openalex.org/C200601418","wikidata":"https://www.wikidata.org/wiki/Q2193887","display_name":"Reliability engineering","level":1,"score":0.3321000039577484},{"id":"https://openalex.org/C2777683733","wikidata":"https://www.wikidata.org/wiki/Q201456","display_name":"Directory","level":2,"score":0.3287999927997589},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.28780001401901245},{"id":"https://openalex.org/C190470478","wikidata":"https://www.wikidata.org/wiki/Q2370229","display_name":"Invariant (physics)","level":2,"score":0.2542000114917755},{"id":"https://openalex.org/C188198153","wikidata":"https://www.wikidata.org/wiki/Q1613840","display_name":"Limiting","level":2,"score":0.2508000135421753}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:doi:10.48550/arxiv.2602.17622","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"publisher-specific-oa","license_id":"https://openalex.org/licenses/publisher-specific-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},{"id":"doi:10.48550/arxiv.2602.17622","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2602.17622","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:doi:10.48550/arxiv.2602.17622","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"publisher-specific-oa","license_id":"https://openalex.org/licenses/publisher-specific-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"LLM-based":[0,20],"agents":[1,90,99],"show":[2,73,227],"promise":[3],"for":[4],"automating":[5],"penetration":[6,21,121],"testing,":[7],"yet":[8],"reported":[9],"performance":[10],"varies":[11],"widely":[12],"across":[13,29,235],"systems":[14,23],"and":[15,24,68,106,133,143,169,172,208,237],"benchmarks.":[16],"We":[17,72],"analyze":[18],"28":[19],"testing":[22,122],"evaluate":[25],"five":[26],"representative":[27],"implementations":[28],"three":[30],"benchmarks":[31,197],"of":[32,63,211],"increasing":[33],"complexity.":[34],"Our":[35],"analysis":[36],"reveals":[37],"two":[38],"distinct":[39],"failure":[40],"modes:":[41],"Type":[42,58,75,137,153],"A":[43,131,138,146],"failures":[44,60,77,139,155],"stem":[45],"from":[46],"capability":[47],"gaps":[48],"(missing":[49],"tools,":[50],"inadequate":[51],"prompts)":[52],"that":[53,74,82,124,228,241],"engineering":[54],"readily":[55],"addresses,":[56],"while":[57],"B":[59,76,154],"persist":[61],"regardless":[62],"tooling":[64,127],"due":[65],"to":[66,86,103,176,191,202],"planning":[67,230],"state":[69],"management":[70],"limitations.":[71],"share":[78],"a":[79,97,120,239],"root":[80],"cause":[81],"is":[83],"largely":[84],"invariant":[85],"the":[87,215],"underlying":[88],"LLM:":[89],"lack":[91],"real-time":[92],"task":[93,193],"difficulty":[94],"estimation.":[95],"As":[96],"result,":[98],"misallocate":[100],"effort,":[101],"over-commit":[102],"low-value":[104],"branches,":[105],"exhaust":[107],"context":[108,167],"before":[109],"completing":[110],"attack":[111],"chains.":[112],"Based":[113],"on":[114,195,214],"this":[115],"insight,":[116],"we":[117],"present":[118],"Excalibur,":[119],"agent":[123],"couples":[125],"strong":[126],"with":[128,198],"difficulty-aware":[129,229],"planning.":[130],"Tool":[132],"Skill":[134],"Layer":[135],"eliminates":[136],"through":[140,159],"typed":[141],"interfaces":[142],"retrieval-augmented":[144],"knowledge.":[145],"Task":[147],"Difficulty":[148],"Assessment":[149],"(TDA)":[150],"mechanism":[151],"addresses":[152,238],"by":[156,222],"estimating":[157],"tractability":[158],"four":[160],"measurable":[161],"dimensions":[162],"(horizon":[163],"estimation,":[164],"evidence":[165],"confidence,":[166],"load,":[168],"historical":[170],"success)":[171],"uses":[173],"these":[174],"estimates":[175],"guide":[177],"exploration-exploitation":[178],"decisions":[179],"within":[180],"an":[181],"Evidence-Guided":[182],"Attack":[183],"Tree":[184],"Search":[185],"(EGATS)":[186],"framework.":[187],"Excalibur":[188],"achieves":[189],"up":[190],"91%":[192],"completion":[194],"CTF":[196],"frontier":[199],"models":[200,236],"(39":[201],"49%":[203],"relative":[204],"improvement":[205],"over":[206],"baselines)":[207],"compromises":[209],"4":[210],"5":[212],"hosts":[213],"GOAD":[216],"Active":[217],"Directory":[218],"environment":[219],"versus":[220],"2":[221],"prior":[223],"systems.":[224],"These":[225],"results":[226],"yields":[231],"consistent":[232],"end-to-end":[233],"gains":[234],"limitation":[240],"model":[242],"scaling":[243],"alone":[244],"does":[245],"not":[246],"eliminate.":[247]},"counts_by_year":[],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2026-02-21T00:00:00"}