Cybersecurity AI in OT: Insights from an AI Top-10 Ranker in the Dragos OT CTF 2025

Practical insights learned from participating in the Dragos OT CTF 2025 using the Cybersecurity AI (CAI) framework, highlighting strengths and limitations of AI agents when operating in real OT challenge environments and detailing actionable lessons for defensive and offensive workflows.

Cybersecurity AI Benchmark (CAIBench)

Existing benchmarks assess isolated skills rather than integrated performance. To address this limitation, we present the Cybersecurity AI Benchmark (CAIBench), a modular meta-benchmark framework that allows evaluating LLM models and agents across offensive and defensive cybersecurity domains, taking a step towards meaningfully measuring their labor-relevance.

Cybersecurity AI: Evaluating Agentic Cybersecurity in Attack/Defense CTFs

Empirical evaluation of AI systems in cybersecurity Attack/Defense CTFs reveals defensive agents achieve 54.3% patching success versus 28.3% offensive initial access, though operational constraints eliminate this advantage, providing first controlled evidence challenging AI attacker superiority claims.

The Cybersecurity of a Humanoid Robot

Security assessment of a production humanoid robot platform's architecture, bridging the gap between robotics creation and cybersecurity defense. Uncover dual-layer encryption flaws, unauthorized telemetry transmissions, and more.

Cybersecurity AI: Humanoid Robots as Attack Vectors

We present a systematic security assessment of the Unitree G1 humanoid showing it operates simultaneously as a covert surveillance node and can be purposed as an active cyber operations platform.

Cybersecurity AI: Hacking the AI Hackers via Prompt Injection

We demonstrate how AI-powered cybersecurity tools can be turned against themselves through prompt injection attacks and build guardrails to prevent them in four layers.

CAI Fluency: A Framework for Cybersecurity AI Fluency

This work introduces CAI Fluency, an an educational platform of the Cybersecurity AI (CAI) framework dedicated to democratizing the knowledge and application of cybersecurity AI tools in the global security community.

The Dangerous Gap Between Automation and Autonomy

The cybersecurity industry often confuses “automated” and “autonomous” AI. We establish a 6-level taxonomy distinguishing automation from autonomy in Cybersecurity AI

Cybersecurity AI (CAI)

Introducing Cybersecurity AI (CAI): the leading open-source AI security framework that democratizes security testing. CAI outperforms humans by up to 3,600× in CTF benchmarks, discovers critical vulnerabilities (CVSS 4.3-7.5), and significantly reduces testing costs.

PentestGPT

Pioneering LLMs in cybersecurity. A GPT-empowered penetration testing tool.

SROS2: Usable Cyber Security Tools for ROS 2

Methodology and tools to secure ROS 2 computational graphs in a usable manner.

Robot Cybersecurity, a review

We review the status of the robot cybersecurity after three years of research.

Robot Teardown

We introduce and advocate for robot teardown as an approach to study robot hardware architectures and fuel security research.

Cybersecurity in Robotics: Challenges, Quantitative Modeling, and Practice

In cooperation with other researchers, this book stipulates the inclusion of security in robotics from the earliest design phases onward. We advocate for quantitative methods of security management, cover vulnerability scoring systems and account for the highly distributed nature of robots.

Securing robots in OT enviroments

We show how simple attacks are feasible in OT and how an industrial cybersecurity solution is not capable of capturing the complexity of modern robot interactions. We extend one of such solutions with a robot-specific Endpoint Protection Platform (EPP) and successfully protect the robot from attacks.

alurity, a toolbox for robot cybersecurity

We present a modular and composable toolbox for robot cybersecurity which ensures that both roboticists and security researchers working on a project have a common, consistent and easily reproducible development environment.

Red teaming ROS in industry

Can ROS be used securely for industrial use cases? The present study analyzes this question experimentally by performing a targeted offensive security exercise in a synthetic industrial use case involving ROS-Industrial and ROS packages.

DevSecOps in Robotics

We introduce DevSecOps in Robotics, a set of best practices designed to help roboticists implant security deep in the heart of their development and operations processes.

Akerbeltz

Industrial robot ransomware. We present Akerbeltz, the first known instance of industrial robot ransomware. Our malware demonstrates the current insecurity landscape.

Robot Vulnerability Database (RVD)

We present the Robot Vulnerability Database (RVD), a directory for responsible disclosure of bugs, weaknesses and vulnerabilities in robots.

Aztarna

A footprinting tool for robots. We present aztarna and discuss how such tool can facilitate the process of identifying vestiges of different robots, while maintaining an extensible structure.

Robot Hazards

We review robot hazards and analyze the consequences of not facing these issues. We advocate strongly for a security-first approach and argue about the transition from safety to security in robotics.

Robot Security Framework (RSF)

A methodology to perform systematic security assessments in robots. We propose, adapt and develop specific terminology and provide guidelines to enable a holistic security assessment in robotics.

Robotics CTF (RCTF)

A playground for robot hacking. We describe the architecture of the RCTF and provide 9 scenarios where hackers can challenge the security of different robotic setups.

Robot Vulnerability Scoring System

We present a scoring system for robot vunerabilities that considers a) robot safety aspects, b) assessment of downstream implications, c) library and third-party scoring assessments and d) environmental variables.

RIS EIC Accelerator

Exportación ICEX-NEXT

ZL-2021/00456 - RISCon

ROBOTCYSEC

SEGRES (EXP 00131359)

SEÑUELO INDUSTRIAL ALURITY

VEHICLE IMMUNE SYSTEM (VIS)