An Agentic Multi-Agent Architecture for Cybersecurity Risk Management
| Authors | Ravish Gupta et al. |
| Year | 2026 |
| Field | AI / Agents |
| arXiv | 2603.20131 |
| Download | |
| Categories | cs.AI, cs.CR |
Abstract
Getting a real cybersecurity risk assessment for a small organization is expensive -- a NIST CSF-aligned engagement runs $15,000 on the low end, takes weeks, and depends on practitioners who are genuinely scarce. Most small companies skip it entirely. We built a six-agent AI system where each agent handles one analytical stage: profiling the organization, mapping assets, analyzing threats, evaluating controls, scoring risks, and generating recommendations. Agents share a persistent context that grows as the assessment proceeds, so later agents build on what earlier ones concluded -- the mechanism that distinguishes this from standard sequential agent pipelines. We tested it on a 15-person HIPAA-covered healthcare company and compared outputs to independent assessments by three CISSP practitioners -- the system agreed with them 85% of the time on severity classifications, covered 92% of identified risks, and finished in under 15 minutes. We then ran 30 repeated single-agent assessments across five synthetic but sector-realistic organizational profiles in healthcare, fintech, manufacturing, retail, and SaaS, comparing a general-purpose Mistral-7B against a domain fine-tuned model. Both completed every run. The fine-tuned model flagged threats the baseline could not see at all: PHI exposure in healthcare, OT/IIoT vulnerabilities in manufacturing, platform-specific risks in retail. The full multi-agent pipeline, however, failed every one of 30 attempts on a Tesla T4 with its 4,096-token default context window -- context capacity, not model quality, turned out to be the binding constraint.
Engineering Breakdown
Plain English
This paper addresses the accessibility problem in cybersecurity risk assessment: a proper NIST CSF-aligned evaluation costs $15,000+ and takes weeks, making it inaccessible to small organizations. The authors built a six-agent AI system where each agent specializes in one assessment stage (profiling, asset mapping, threat analysis, control evaluation, risk scoring, and recommendations), with agents sharing a persistent context that accumulates findings across stages. They validated the system on a 15-person HIPAA-covered healthcare company against three independent CISSP assessments, demonstrating that multi-agent architectures with stateful context passing can produce enterprise-grade security assessments at a fraction of cost and time.
Core Technical Contribution
The core innovation is the persistent context mechanism that distinguishes this from standard sequential agent pipelines. Rather than each agent operating independently with only direct inputs, agents access and extend a shared knowledge graph that accumulates findings, conclusions, and confidence scores as the assessment proceeds. This allows later agents (e.g., risk scoring) to leverage the full analytical chain from earlier agents (e.g., threat analysis) rather than re-analyzing from scratch. The architectural contribution is demonstrating that structured, hierarchical agent decomposition with stateful context passing scales better than monolithic LLM calls or fully independent sequential agents for complex analytical workflows.
How It Works
The system ingests organization metadata and documentation as input, then routes assessment through six specialized agents in sequence. Agent 1 profiles the organization (size, industry, compliance obligations); Agent 2 inventories assets from documentation and scans; Agent 3 performs threat modeling using asset inventory and organizational context; Agent 4 evaluates existing security controls; Agent 5 scores risks by combining threat likelihood, asset impact, and control effectiveness; Agent 6 generates prioritized recommendations. Between each stage, the agents update a shared context store (likely a structured database or vector-backed knowledge graph) that includes profiles, asset lists, identified threats, control assessments, and risk scores. Each subsequent agent queries this context before executing its analysis, ensuring decisions compound rather than starting fresh. The output is a comprehensive risk assessment document with traced lineage showing which earlier findings informed each recommendation.
Production Impact
For organizations building security automation, this approach reduces assessment time from weeks to days and cost from 100, but this degrades for multi-thousand-asset enterprises without caching or summarization.
Limitations and When Not to Use This
The evaluation is limited to a single organization size (15 employees) and single vertical (healthcare/HIPAA), leaving open whether the approach generalizes to larger enterprises with complex IT environments or industries with different threat models (finance, critical infrastructure). The paper doesn't detail failure modes when agents produce conflicting assessments or when context becomes stale; no discussion of hallucination rates or how the system handles ambiguous/incomplete documentation. Persistence and context accumulation assume high-quality upstream agent outputs, but no validation of intermediate outputs appears in the abstract—if Agent 3's threat analysis is mediocre, Agent 5's risk scoring inherits that error. The CISSP comparison is a baseline for validity but doesn't measure whether the system catches novel risks or false positives at scale. Follow-up work should address multi-agent debate/consensus mechanisms, context compression for large environments, and continuous learning as real assessments feed back into the agent knowledge base.
Research Context
This builds on the emerging multi-agent AI literature (ReAct, AutoGen, Langraph frameworks) that moves beyond single-LLM systems toward orchestrated reasoning pipelines. It applies agent decomposition specifically to the cybersecurity domain, where prior automation attempts focused on vulnerability scanning (point solutions) rather than holistic risk assessment. The paper implicitly validates that domain-specific stage decomposition (borrowed from traditional NIST CSF frameworks) maps cleanly onto agent boundaries, suggesting that established audit/assessment methodologies are natural inductive biases for AI agent design. The persistent context contribution is related to memory-augmented LLM systems (RAG, vector databases) but specialized for workflow state rather than pure information retrieval.
:::tip Subscribe Get weekly breakdowns of papers like this in AI Letters - the newsletter for engineers building production AI systems. :::
