Building a Large Language Model Based Penetration Tester
Title: Building a Large Language Model Based Penetration Tester
DNr: Berzelius-2023-122
Project Type: LiU Berzelius
Principal Investigator: Syafiq Al Atiiq <>
Affiliation: Lunds universitet
Duration: 2023-07-28 – 2024-02-01
Classification: 10201


The rapid advancement of artificial intelligence and machine learning technologies has offered new possibilities for cybersecurity practices. Among these developments, Large Language Models (LLMs) provide promising potential for a myriad of applications. This proposal introduces a novel research approach, aiming to construct a sophisticated penetration testing tool utilizing a large language model. The proposed study seeks to harness the capabilities of LLMs to interpret and generate human-like text, hypothesizing that such technologies can be effectively employed to mimic and enhance the skillset of human penetration testers. The essence of penetration testing, also known as ethical hacking, lies in the application of adversarial thinking, problem-solving, and a deep understanding of system vulnerabilities to expose potential weaknesses in an organization's cybersecurity defenses. Typically, this process requires a substantial investment of time, expertise, and resources. The anticipated tool, powered by a large language model, is expected to contribute significantly to the efficiency, cost-effectiveness, and coverage of penetration tests by automating the process and enabling a continuous evaluation of system vulnerabilities. This study will involve designing, developing, and validating an advanced penetration testing tool using an open-source-based LLM or its latest equivalent. The proposed tool will be engineered to analyze cybersecurity scenarios, generate contextually appropriate responses, and execute intelligent actions that mirror those of an experienced penetration tester. Furthermore, this research will explore how the tool can self-learn and adapt to the ever-evolving cybersecurity landscape, potentially revolutionizing the penetration testing domain by providing ongoing, real-time security assessments. Moreover, the ethical implications associated with automating penetration testing processes will be deeply examined. This includes the potential misuse of the tool, biases in the artificial intelligence algorithms, and the responsibilities of stakeholders when deploying such technologies. By proactively addressing these ethical considerations, the research aims to ensure the responsible use and governance of the proposed tool. The projected outcomes of this study could serve as a crucial step towards automated and continuous penetration testing, providing organizations with invaluable aid in fortifying their cybersecurity infrastructure. The research is expected to contribute significantly to the academic and practical field of cybersecurity, offering new insights into the utilization of artificial intelligence in penetration testing, the feasibility and effectiveness of such tools, and the ethical considerations that surround their use. In conclusion, this proposed research on building a penetration tester using a large language model signifies a bold and innovative endeavor into the fusion of artificial intelligence and cybersecurity. It aligns with the urgent need for robust, intelligent, and adaptable tools in the face of escalating cyber threats and the increasing complexity of digital infrastructures. By striving to harness the immense potential of large language models, the study aims to transform the penetration testing landscape, making it more efficient, proactive, and resilient.