@article{Zhang2026, 
author = {Haonan Zhang and Hui Lu and Yanli Chen and Yuyu He and Zhihong Tian},
title = {COAPT: Bridging Semantic-Operational Divide in Autonomous Penetration Testing Through LLM-Driven Cognitive Planning},
year = {2026},
journal = {Big Data Mining and Analytics},
volume = {9},
number = {3},
pages = {788-804},
keywords = {multi-agent, large language model (LLM), retrieval-augmented generation (RAG), autonomous penetration testing, semantic-operational interface},
url = {https://www.sciopen.com/article/10.26599/BDMA.2025.9020078},
doi = {10.26599/BDMA.2025.9020078},
abstract = {The automation of penetration testing has long been constrained by the semantic-operational divide between human expert cognition and machine-executable workflows. We present COAPT, a novel architecture that bridges this gap through large language model (LLM) driven cognitive planning, enabling autonomous execution of full-cycle penetration testing aligned with the penetration testing execution standard (PTES) and MITRE adversarial tactics, techniques, and common knowledge (ATT&amp;CK) framework. COAPT introduces three key innovations: (1) A cognitive planning architecture combining retrieval-augmented generation with chain-of-thought reasoning, grounding decisions in verified cybersecurity knowledge; (2) Formal semantic interfaces that translate strategic intent into executable commands for security tools through machine-actionable contracts; (3) Hierarchical multi-agent coordination that maintains tactical consistency across reconnaissance, exploitation, privilege escalation, and defense recommendation phases. Evaluated across diverse penetration testing scenarios, COAPT demonstrates superior performance over state-of-the-art tools in vulnerability exploitation success rates and operational efficiency, while significantly reducing LLM hallucination risks through its knowledge-grounded reasoning approach. The architecture’s ability to autonomously chain multi-stage attacks and generate ATT&amp;CK-mapped defense strategies establishes a new paradigm for cybersecurity automation that preserves human expert workflows at machine execution scales.}
}