The automation of penetration testing has long been constrained by the semantic-operational divide between human expert cognition and machine-executable workflows. We present COAPT, a novel architecture that bridges this gap through large language model (LLM) driven cognitive planning, enabling autonomous execution of full-cycle penetration testing aligned with the penetration testing execution standard (PTES) and MITRE adversarial tactics, techniques, and common knowledge (ATT&CK) framework. COAPT introduces three key innovations: (1) A cognitive planning architecture combining retrieval-augmented generation with chain-of-thought reasoning, grounding decisions in verified cybersecurity knowledge; (2) Formal semantic interfaces that translate strategic intent into executable commands for security tools through machine-actionable contracts; (3) Hierarchical multi-agent coordination that maintains tactical consistency across reconnaissance, exploitation, privilege escalation, and defense recommendation phases. Evaluated across diverse penetration testing scenarios, COAPT demonstrates superior performance over state-of-the-art tools in vulnerability exploitation success rates and operational efficiency, while significantly reducing LLM hallucination risks through its knowledge-grounded reasoning approach. The architecture’s ability to autonomously chain multi-stage attacks and generate ATT&CK-mapped defense strategies establishes a new paradigm for cybersecurity automation that preserves human expert workflows at machine execution scales.
Publications
- Article type
- Year
- Co-author
Year
Open Access
Issue
Big Data Mining and Analytics 2026, 9(3): 788-804
Published: 01 June 2026
Downloads:81
Total 1
京公网安备11010802044758号