Self-Healing Agentic AI Security: Building Autonomous Cyber Defense Systems for the Post-LLM Era

Core PhD Question

How can we design autonomous AI security systems that can detect, reason about, respond to, and recover from cyberattacks with minimal human intervention, while remaining safe, explainable, and resistant to manipulation?

This PhD explores the future of cybersecurity where AI systems are no longer passive detection tools, but active cyber defenders. The project investigates how large language models, multi-agent systems, reinforcement learning, and secure automation can be combined to build self-healing cyber defense systems that can understand attacks, generate responses, verify actions, and repair affected systems.

What We Are Not Planning to Do

This project is not about building another normal intrusion detection system.

It is also not about simply applying machine learning to classify network traffic as normal or malicious.

The project is not focused only on detecting attacks after they happen. Instead, the goal is to study how AI can reason, respond, and recover.

This project is also not about giving full uncontrolled power to AI agents. A major part of the research is to make sure autonomous cyber actions are safe, explainable, bounded, and human-verifiable.

It is not just an LLM chatbot for cybersecurity. The focus is on a deeper autonomous security framework that can plan, test, justify, and execute defensive actions under strict safety constraints.

What We Are Planning to Do

This project will investigate the design of self-healing cyber defence systems powered by agentic AI. These systems will be able to observe security events, understand attack behaviour, reason about possible responses, and take controlled defensive actions.

The PhD may involve designing a multi-agent AI security architecture where different agents perform different roles, such as attack analyst, vulnerability investigator, response planner, patch generator, risk evaluator, and human-explanation agent.

The system may be tested in controlled environments such as simulated enterprise networks, containerized cyber ranges, vulnerable applications, cloud workloads, or IoT-style systems.

The project may explore how AI agents can automatically analyse logs, identify attack chains, map attacker behavior to MITRE ATT&CK-style tactics, generate remediation steps, test patches, isolate compromised services, and restore safe system states.

A key focus will be on safe autonomy. The system should not blindly execute actions. Instead, it should verify its own decisions, estimate risk, explain its reasoning, and request human approval when confidence is low or impact is high.

The project can also investigate how attackers may manipulate defensive AI agents through prompt injection, poisoned logs, misleading alerts, adversarial commands, or fake evidence. Therefore, the project studies both AI for security and security of AI agents.

Possible PhD Contribution Expectations

1. Agentic Cyber Defence Architecture
   A novel architecture for autonomous cyber defence using multiple specialised AI agents that can collaborate, debate, verify, and respond to cyber threats.
2. Self-Healing Security Framework
   A framework that can move beyond detection and support automated recovery, service isolation, patch recommendation, configuration repair, and system restoration.
3. Safe Autonomy Model
   A decision-control mechanism that determines when an AI security agent can act independently, when it should ask for human approval, and when it should stop.
4. Adversarial Robustness for Security Agents
   New methods to protect AI cyber-defence agents from prompt injection, malicious logs, fake alerts, poisoned context, and attacker-controlled instructions.
5. Cyber Range Evaluation Environment
   A controlled experimental environment where autonomous AI defenders can be evaluated against realistic attack scenarios.
6. Explainable Cyber Reasoning Layer
   A mechanism that explains why the AI agent detected a threat, what evidence it used, what action it recommends, and what risks are involved.
7. Human-in-the-Loop Defence Protocol
   A practical protocol for combining autonomous AI response with human oversight, especially for high-risk defensive actions.
8. Evaluation Metrics for Agentic Security
   New metrics that measure not only detection accuracy, but also response correctness, recovery time, safety, explainability, false action risk, and resistance to manipulation.