Cybersecurity Agent

This green agent evaluates the behavior of an AI system by simulating benign but potentially sensitive usage patterns and telemetry events. It assesses how the target system detects, classifies, and responds to these scenarios, including risk scoring, policy enforcement, and response consistency. The agent focuses on end-to-end evaluation of safety handling, signal interpretation, and decision outcomes, ensuring the system operates within expected guardrails without manual intervention.

VulnHunter: An AI Security Agent for Web Application Vulnerability Detection VulnHunter is an OpenEnv-compatible reinforcement learning environment that trains AI agents to detect and patch web application security vulnerabilities. The green agent evaluates coding agents on their ability to: Identify vulnerabilities - Correctly classify SQL injection, Cross-Site Scripting (XSS), and Path Traversal vulnerabilities in Python/Flask web applications Generate secure patches - Produce syntactically correct code fixes that block exploits without breaking functionality Reason about security - Explain vulnerability mechanisms and justify fix approaches The agent is scored using a hierarchical reward structure: +0.3 for correct vulnerability identification, +0.2 for valid patches, +1.0 for patches that successfully block exploits, and -0.2 for syntax errors. Maximum score is 1.5 per vulnerability. Trained using GRPO (Group Relative Policy Optimization) with Unsloth on an NVIDIA A100 GPU, VulnHunter demonstrates that smaller, specialized models (7B parameters) can achieve expert-level security analysis through targeted reinforcement learning.