{"id":"https://openalex.org/W7160306081","doi":"https://doi.org/10.48550/arxiv.2605.02346","title":"APIOT: Autonomous Vulnerability Management Across Bare-Metal Industrial OT Networks","display_name":"APIOT: Autonomous Vulnerability Management Across Bare-Metal Industrial OT Networks","publication_year":2026,"publication_date":"2026-05-04","ids":{"openalex":"https://openalex.org/W7160306081","doi":"https://doi.org/10.48550/arxiv.2605.02346"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2605.02346","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.02346","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2605.02346","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5107375816","display_name":"Adel ElZemity","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"ElZemity, Adel","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5025663670","display_name":"Budi Arief","orcid":"https://orcid.org/0000-0002-1830-1587"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Arief, Budi","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5135373592","display_name":"Shujun Li","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li, Shujun","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052966819","display_name":"Calvin Brierley","orcid":"https://orcid.org/0000-0001-8766-822X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Brierley, Calvin","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5135373862","display_name":"Yichao Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Yichao","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103140704","display_name":"Yuxiang Huang","orcid":"https://orcid.org/0000-0002-4380-2447"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Huang, Yuxiang","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5135378050","display_name":"James Pope","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Pope, James","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5135327170","display_name":"Haoxiang Li","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li, Haoxiang","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5072981915","display_name":"George Oikonomou","orcid":"https://orcid.org/0000-0002-1684-6989"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Oikonomou, George","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5107375816"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.8937000036239624,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.8937000036239624,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.01769999973475933,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.01080000028014183,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/firmware","display_name":"Firmware","score":0.66839998960495},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.6053000092506409},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.45179998874664307},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.42829999327659607},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.4140999913215637},{"id":"https://openalex.org/keywords/industrial-control-system","display_name":"Industrial control system","score":0.3887999951839447},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.38499999046325684},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.3756999969482422},{"id":"https://openalex.org/keywords/resource","display_name":"Resource (disambiguation)","score":0.3702000081539154},{"id":"https://openalex.org/keywords/personalization","display_name":"Personalization","score":0.35269999504089355}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7468000054359436},{"id":"https://openalex.org/C67212190","wikidata":"https://www.wikidata.org/wiki/Q104851","display_name":"Firmware","level":2,"score":0.66839998960495},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6053000092506409},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.45179998874664307},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.42829999327659607},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.4140999913215637},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.40799999237060547},{"id":"https://openalex.org/C40071531","wikidata":"https://www.wikidata.org/wiki/Q2513962","display_name":"Industrial control system","level":3,"score":0.3887999951839447},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.38499999046325684},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.3756999969482422},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.37529999017715454},{"id":"https://openalex.org/C206345919","wikidata":"https://www.wikidata.org/wiki/Q20380951","display_name":"Resource (disambiguation)","level":2,"score":0.3702000081539154},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.3546000123023987},{"id":"https://openalex.org/C183003079","wikidata":"https://www.wikidata.org/wiki/Q1000371","display_name":"Personalization","level":2,"score":0.35269999504089355},{"id":"https://openalex.org/C173018170","wikidata":"https://www.wikidata.org/wiki/Q165678","display_name":"Microcontroller","level":2,"score":0.32820001244544983},{"id":"https://openalex.org/C169468491","wikidata":"https://www.wikidata.org/wiki/Q146923","display_name":"Middleware (distributed applications)","level":2,"score":0.3183000087738037},{"id":"https://openalex.org/C86844869","wikidata":"https://www.wikidata.org/wiki/Q2798820","display_name":"Hacker","level":2,"score":0.31439998745918274},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.31360000371932983},{"id":"https://openalex.org/C164155591","wikidata":"https://www.wikidata.org/wiki/Q2067766","display_name":"Satisfiability modulo theories","level":2,"score":0.305400013923645},{"id":"https://openalex.org/C147358964","wikidata":"https://www.wikidata.org/wiki/Q1200992","display_name":"Abstraction layer","level":3,"score":0.3034999966621399},{"id":"https://openalex.org/C124304363","wikidata":"https://www.wikidata.org/wiki/Q673661","display_name":"Abstraction","level":2,"score":0.30300000309944153},{"id":"https://openalex.org/C12269588","wikidata":"https://www.wikidata.org/wiki/Q132364","display_name":"Communications protocol","level":2,"score":0.2985000014305115},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.29120001196861267},{"id":"https://openalex.org/C11392498","wikidata":"https://www.wikidata.org/wiki/Q11288","display_name":"Web server","level":3,"score":0.2890999913215637},{"id":"https://openalex.org/C203479927","wikidata":"https://www.wikidata.org/wiki/Q5165939","display_name":"Controller (irrigation)","level":2,"score":0.2824000120162964},{"id":"https://openalex.org/C25810664","wikidata":"https://www.wikidata.org/wiki/Q44325","display_name":"Ontology","level":2,"score":0.27880001068115234},{"id":"https://openalex.org/C2776650193","wikidata":"https://www.wikidata.org/wiki/Q264661","display_name":"Obstacle","level":2,"score":0.27239999175071716},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.2696000039577484},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.26930001378059387},{"id":"https://openalex.org/C2779585090","wikidata":"https://www.wikidata.org/wiki/Q3457762","display_name":"Resilience (materials science)","level":2,"score":0.2621000111103058},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.2590999901294708},{"id":"https://openalex.org/C14185376","wikidata":"https://www.wikidata.org/wiki/Q30232","display_name":"Agile software development","level":2,"score":0.25679999589920044},{"id":"https://openalex.org/C107418235","wikidata":"https://www.wikidata.org/wiki/Q1520565","display_name":"Human multitasking","level":2,"score":0.2502000033855438}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2605.02346","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.02346","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2605.02346","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.02346","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure","score":0.4147392809391022}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Bare-metal":[0,48],"operational":[1],"technology":[2],"(OT)":[3],"devices":[4],"--":[5,20],"especially":[6],"the":[7,14,24,92,110,168,175,219],"microcontrollers":[8],"running":[9],"Modbus/TCP":[10],"and":[11,36,41,60,68,71,80,103,126,154,202,226],"CoAP":[12],"at":[13],"base":[15],"of":[16,26,105,165,236],"industrial":[17,136,242],"control":[18],"systems":[19],"have":[21],"remained":[22],"outside":[23],"reach":[25],"autonomous":[27,31,101,238],"security":[28],"attacks.":[29],"Prior":[30],"pentesting":[32],"studies":[33],"target":[34],"Linux":[35],"web":[37],"systems,":[38],"whose":[39],"shells":[40],"filesystems":[42],"are":[43],"familiar":[44],"to":[45],"LLM":[46],"agents.":[47],"OT":[49,107,224],"has":[50],"neither,":[51],"so":[52],"agents":[53,191],"must":[54,230],"reason":[55],"directly":[56],"over":[57],"protocol":[58],"fields":[59],"parser":[61],"semantics.":[62],"This":[63],"requires":[64],"new":[65,73],"action-space":[66],"designs":[67],"runtime":[69,176],"controls,":[70],"opens":[72],"research":[74],"questions":[75],"about":[76],"protocol-level":[77],"exploit":[78],"reasoning":[79],"its":[81],"deployment":[82],"envelope.":[83],"We":[84,124,172],"present":[85],"APIOT":[86,159],"(Autonomous":[87],"Purple-teaming":[88],"for":[89],"Industrial":[90],"OT),":[91],"first":[93],"large":[94],"language":[95],"model":[96],"(LLM)":[97],"framework":[98,129],"demonstrating":[99],"an":[100,182],"attack":[102],"remediation":[104],"bare-metal":[106,223],"devices,":[108],"achieving":[109],"full":[111,169],"discovery":[112],"-&gt;":[113,115,117],"exploitation":[114],"patching":[116],"verification":[118],"cycle":[119],"without":[120,189],"step-by-step":[121],"human":[122],"intervention.":[123],"implemented":[125],"evaluated":[127],"this":[128],"on":[130,167,222],"Zephyr":[131],"RTOS":[132],"firmware":[133],"across":[134],"heterogeneous":[135],"IoT":[137],"(IIoT)":[138],"topologies.":[139],"Through":[140],"290":[141],"experiment":[142],"runs":[143],"spanning":[144],"five":[145],"frontier":[146],"LLMs,":[147],"three":[148],"network":[149],"topologies,":[150],"two":[151,209],"impairment":[152],"levels,":[153],"guided":[155],"versus":[156],"unguided":[157],"conditions,":[158],"achieved":[160],"a":[161,185],"mission":[162],"success":[163],"rate":[164],"90.0%":[166],"attack-remediation":[170],"cycle.":[171],"found":[173],"that":[174],"governance":[177],"layer":[178],"(which":[179],"we":[180],"call":[181],"overseer)":[183],"is":[184,216],"critical":[186],"engineering":[187],"variable:":[188],"it,":[190],"exhibit":[192],"systematic":[193],"degenerate":[194],"patterns,":[195],"including":[196],"repetition":[197],"loops,":[198],"missing":[199],"crash":[200],"verification,":[201],"reconnaissance":[203],"deadlocks.":[204],"Together,":[205],"these":[206],"findings":[207],"carry":[208],"implications":[210],"beyond":[211],"our":[212],"testbed.":[213],"Attacker":[214],"expertise":[215],"no":[217],"longer":[218],"binding":[220],"constraint":[221],"exploitation,":[225],"defender":[227],"threat":[228],"models":[229],"now":[231],"assume":[232],"LLM-augmented":[233],"adversaries":[234],"capable":[235],"executing":[237],"discovery-through-remediation":[239],"cycles":[240],"against":[241],"firmware.":[243]},"counts_by_year":[],"updated_date":"2026-05-06T06:10:43.113611","created_date":"2026-05-06T00:00:00"}