CyberGFM: Generative Models for Cyber Defense

Updated 16 January 2026

CyberGFM is a framework that uses large generative foundation models to drive autonomous cyber operations, anomaly detection, and strategic deception.
It integrates game-theoretic models with neurosymbolic frameworks to enhance cyber defense through adaptive, offensive, and defensive automation.
Empirical benchmarks demonstrate CyberGFM’s superior performance in intrusion detection and agent-based operations, outpacing traditional methods.

CyberGFM refers to a class of approaches leveraging large generative foundation models (FMs) for cybersecurity applications, encompassing both offensive and defensive cyber operations, anomaly detection with graph-structured data, and advanced strategic deception through symbiotic integration of game-theoretic models (GMs) and FMs. The paradigm includes autonomous agent-based attacks and defense, deep anomaly detection pipelines, and neurosymbolic frameworks for adaptive cyber warfare (Heckel et al., 2024, King et al., 9 Jan 2026, Li et al., 2024).

1. Formal Definitions, Taxonomy, and Architectural Foundations

CyberGFM is defined as the use of generative foundation models—primarily LLMs and multimodal models—for autonomous and semi-autonomous cyber operations (Heckel et al., 2024). A formal CyberGFM instance is the tuple $(G,\,F)$ : $(G,\,F)$ where $G$ is a Bayesian game-theoretic model and $F$ is a Transformer-based foundation model parameterized by $\Phi$ (Li et al., 2024). In data-driven anomaly detection, CyberGFM techniques employ graph-based Transformer encoders on random walks through networks, treating walks as sentences for model pretraining and fine-tuning (King et al., 9 Jan 2026).

Key architectural elements:

Transformer encoder/decoder (depth $L$ , hidden dimension $d$ , attention heads $H$ ) for embedding cybersecurity event data or graph tokens.
Input modalities can include textual CTI reports, raw event logs, or tokenized node/edge histories (graph representation: $G=(V,E,f)$ , $f:E\to\mathbb{R}^d$ ).
Output: Embeddings, probability distributions over tokens/actions, symbolic conjectures, and next-step predictions.

2. CyberGFM in Offensive and Defensive Automation

Autonomous agent workflows use open-weight or proprietary FMs embedded in ReAct-style control frameworks with tool access (e.g., NMAP, shell, Metasploit) (Heckel et al., 2024). The workflow is formulated as a discrete dynamical system: $S_{i+1} = T(S_i, A_i),\ \,A_i = \pi(S_i)$ with $S_i$ representing the agent's state (tool outputs, memory), $A_i$ the FM-chosen action, $T$ the system transition, and $\pi$ the FM's implicit policy. Attacks are executed in isolated networks of vulnerable machines (e.g., HackTheBox retired VMs) with instrumentation for detailed observation.

Defenders counter these agents via honeypots, intrusion detection, and Defensive Prompt Injection (DPI), corrupting agent workflows by banner or multi-stage injection at observation or scan time.

3. Graph-Based Foundation Models for Intrusion Detection

CyberGFM methods extend random-walk embedding from Node2Vec/Pikachu to transformer-based masked token prediction (King et al., 9 Jan 2026). Networks are represented as graphs ( $V$ nodes, $E$ directed edges), often with rich edge attributes (e.g. protocol, timestamp, flow statistics). Pretraining is on walks sampled (uniform or temporally biased), yielding sentences of node and edge tokens.

Key components:

Tiny BERT configuration ( $L=2$ , $d=128$ , heads=2, $\sim$ 2.57 M parameters).
Vocabulary $\mathcal{T}$ includes distinct node IDs and edge-feature categories.
Masked-token objective schedules the masking rate: $\mathcal{L}_{MLM} = -\sum_{i\in M}\log\,P(x_i | x_{\setminus M};\,\theta)$
Fine-tuning for unsupervised link anomaly detection, scoring edges $(u,v)$ as benign/anomalous via either link-prediction or classification objectives.

Efficiency stems from random-walk sampling ( $\sim O(|V|)$ ), GPU-optimized transformers, and pretrain/fine-tune pipelines using only benign data. Notable datasets include OpTC, UNSW-NB15, and LANL. CyberGFM achieves state-of-the-art average precision (AP) results, e.g. AP $= 0.7600$ on LANL vs Argus’s $0.2279$ (King et al., 9 Jan 2026).

4. Integration of Game-Theoretic Models and Foundation Models

Advanced CyberGFM frameworks employ symbiotic integration of FMs and GMs for strategic cyber deception (Li et al., 2024). In this context:

FM $\rightarrow$ GM: Foundation models generate embeddings, infer attacker intent, and produce symbolic conjectures (logic rules encoding tactical knowledge).

$e_{t-1} = F_{enc}(h_{t-1};\,\Phi),\quad C_t = \{c^j_t\}$

GM $\rightarrow$ FM: Game state and outcome information (e.g., current objectives, payoffs) adaptively prompt FM outputs and parameter update cycles.
Belief and strategy updates employ log-linear rules with FM compatibility signals: $b_i^{t+1}(\theta) \propto b_i^t(\theta)\exp\left(\eta f_{FM}(e_t,s_t,a_t,\theta)\right)$
Policy head outputs are constrained by logic modules, enforcing symbolic safety during inference: $\pi'_{\Phi}(a|s) \propto \begin{cases} \pi_{\Phi}(a|s), & c^j(s,a) \leq 0\ \forall j\ 0, & \text{otherwise} \end{cases}$

Core learning objective in neurosymbolic multitasking (MANSCOL): reinforcement losses plus symbolic constraint penalties: $L_{total}(\Phi,\Psi) = L_{RL}(\Phi) + \lambda L_{sym}(\Phi,\Psi)$

5. Empirical Benchmarks and Quantitative Evaluation

CyberGFM systems have been rigorously evaluated on both agent-based penetration and graph-based anomaly detection tasks (Heckel et al., 2024, King et al., 9 Jan 2026). Key findings include:

Downloadable open-weight models (LLaMa-3-405B, Mistral-123B) achieve offensive compromise rates comparable to frontier APIs (GPT-4o) on retired HackTheBox machines (access rates: $R \approx 0.40$ –$0.80$).
Agent reasoning step limits ( $N_{max}=30$ ) and time to compromise per machine (8–20 minutes) vary with model capability.
DPI achieves marked disruption: e.g., LLaMa-405B under fake-exploit redirect reduced attack rate by 66%.
In graph anomaly detection, CyberGFM exceeds prior baselines in AP by up to 2 $\times$ (static: $0.8981$ vs Pikachu $0.3879$ on OpTC).
Efficiency comparison: CyberGFM’s pretrain+fine-tune ( $\sim$ 3.3h on 32GB V100) rivals or surpasses multi-node GNN/RNN methods with similar parameter count.

Model	Parameters (M)	Best AP (LANL)
Node2Vec	1.72	0.0605
Pikachu	3.31	0.1428
Argus	2.31	0.2279
CyberGFM-static	2.57	0.7600

6. Applications Across Cybersecurity Domains

CyberGFM frameworks are directly applied at multiple scales (Li et al., 2024):

Tactical Level: Honeypot engagement games with one-sided information, FMs for decoy content and attacker prediction, belief update via FM embedddings.
Operational Level: Kill chain planning via dynamic Bayesian game sequences, FMs for synthesis of adversarial tactics and knowledge-driven policy adaptation.
Strategic Level: Colonel Blotto/FlipIt models for resource allocation and mission planning, FMs for risk-report analysis and threat forecasting.

Graph-based CyberGFM specializes in lateral movement detection within enterprise networks, with practical deployments on real-world datasets featuring millions of connections.

7. Limitations, Challenges, and Future Directions

Challenges identified across CyberGFM research (Heckel et al., 2024, King et al., 9 Jan 2026, Li et al., 2024):

Scalability: Game-theoretic models and transformer networks both present tractability constraints with scale.
Non-inductive generalization: Graph foundation models require explicit handling of unseen nodes via feature-based tokenization.
Data scarcity and imbalance: Few-shot generalization and domain adaptation remain ongoing issues.
Interpretability: Symbolic modules aid understanding but full transparency for automated cyber operations is yet to be fully achieved.
Robustness: FMs are susceptible to adversarial manipulations; formal constraint modules and robust aggregation approaches are active areas of research.
Latency and Efficiency: Inference speed for transformers can bottleneck real-time detection and rapid defense.
Governance: The proliferation of downloadable foundation models undermines compute-based governance and necessitates new standards for evaluation, certification, and safety (e.g., standardized red-teaming on retired machines, agent-aware IDS/IPS investment).

This suggests sustained research in modular architectures, inductive reasoning over host-profile features, more scalable symbolic-neural integrations, and formal solution concepts for nonequilibrium adaptive security games.

In summary, CyberGFM encompasses the application of generative foundation models for autonomous cyber operations, deep graph-based anomaly detection, and neurosymbolic game-theoretic defense frameworks. Research demonstrates both state-of-the-art empirical performance and identifies a spectrum of governance, interpretability, and scalability challenges central to cybersecurity practitioners and researchers (Heckel et al., 2024, King et al., 9 Jan 2026, Li et al., 2024).

Markdown Upgrade to Chat

References (3)

Countering Autonomous Cyber Threats (2024)

CyberGFM: Graph Foundation Models for Lateral Movement Detection in Enterprise Networks (2026)

Symbiotic Game and Foundation Models for Cyber Deception Operations in Strategic Cyber Warfare (2024)

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to CyberGFM.