Skip to main content

An Agentic Multi-Agent Architecture for Cybersecurity Risk Management

AuthorsRavish Gupta et al.
Year2026
FieldAI / Agents
arXiv2603.20131
PDFDownload
Categoriescs.AI, cs.CR

Abstract

Getting a real cybersecurity risk assessment for a small organization is expensive -- a NIST CSF-aligned engagement runs $15,000 on the low end, takes weeks, and depends on practitioners who are genuinely scarce. Most small companies skip it entirely. We built a six-agent AI system where each agent handles one analytical stage: profiling the organization, mapping assets, analyzing threats, evaluating controls, scoring risks, and generating recommendations. Agents share a persistent context that grows as the assessment proceeds, so later agents build on what earlier ones concluded -- the mechanism that distinguishes this from standard sequential agent pipelines. We tested it on a 15-person HIPAA-covered healthcare company and compared outputs to independent assessments by three CISSP practitioners -- the system agreed with them 85% of the time on severity classifications, covered 92% of identified risks, and finished in under 15 minutes. We then ran 30 repeated single-agent assessments across five synthetic but sector-realistic organizational profiles in healthcare, fintech, manufacturing, retail, and SaaS, comparing a general-purpose Mistral-7B against a domain fine-tuned model. Both completed every run. The fine-tuned model flagged threats the baseline could not see at all: PHI exposure in healthcare, OT/IIoT vulnerabilities in manufacturing, platform-specific risks in retail. The full multi-agent pipeline, however, failed every one of 30 attempts on a Tesla T4 with its 4,096-token default context window -- context capacity, not model quality, turned out to be the binding constraint.


Engineering Breakdown

Plain English

This paper addresses the accessibility problem in cybersecurity risk assessment: a proper NIST CSF-aligned evaluation costs $15,000+ and takes weeks, making it inaccessible to small organizations. The authors built a six-agent AI system where each agent specializes in one assessment stage (profiling, asset mapping, threat analysis, control evaluation, risk scoring, and recommendations), with agents sharing a persistent context that accumulates findings across stages. They validated the system on a 15-person HIPAA-covered healthcare company against three independent CISSP assessments, demonstrating that multi-agent architectures with stateful context passing can produce enterprise-grade security assessments at a fraction of cost and time.

Core Technical Contribution

The core innovation is the persistent context mechanism that distinguishes this from standard sequential agent pipelines. Rather than each agent operating independently with only direct inputs, agents access and extend a shared knowledge graph that accumulates findings, conclusions, and confidence scores as the assessment proceeds. This allows later agents (e.g., risk scoring) to leverage the full analytical chain from earlier agents (e.g., threat analysis) rather than re-analyzing from scratch. The architectural contribution is demonstrating that structured, hierarchical agent decomposition with stateful context passing scales better than monolithic LLM calls or fully independent sequential agents for complex analytical workflows.

How It Works

The system ingests organization metadata and documentation as input, then routes assessment through six specialized agents in sequence. Agent 1 profiles the organization (size, industry, compliance obligations); Agent 2 inventories assets from documentation and scans; Agent 3 performs threat modeling using asset inventory and organizational context; Agent 4 evaluates existing security controls; Agent 5 scores risks by combining threat likelihood, asset impact, and control effectiveness; Agent 6 generates prioritized recommendations. Between each stage, the agents update a shared context store (likely a structured database or vector-backed knowledge graph) that includes profiles, asset lists, identified threats, control assessments, and risk scores. Each subsequent agent queries this context before executing its analysis, ensuring decisions compound rather than starting fresh. The output is a comprehensive risk assessment document with traced lineage showing which earlier findings informed each recommendation.

Production Impact

For organizations building security automation, this approach reduces assessment time from weeks to days and cost from 15Ktopotentiallyhundredsofdollars,makingcompliancedrivensecurityaccessibletocompanieswith<50employees.Productionsystemscouldembedthisasapreengagementtriagetooltoreduceconsultanthours,orasacontinuousmonitoringlayerthatrerunsmonthlytotrackriskdrift.Thestatefulcontextpatternisgeneralizablebeyondsecurity:anycomplexanalyticalworkflow(duediligence,operationalresilience,regulatorycompliance)benefitsfromagentspecializationpairedwithsharedanalyticalstate.Tradeoffsinclude:(1)latencyincreaseslinearlywithagentcountduetosequentialexecution,(2)contextwindowmanagementbecomescriticalifassessmentsspanthousandsofassets,(3)LLMcostsscalewithcontextsizeandnumberofagents,and(4)agentorchestrationrequirescarefulerrorhandlingsincedownstreamagentsdependonupstreamquality.Fora15personorg,computecostislikely<15K to potentially hundreds of dollars, making compliance-driven security accessible to companies with <50 employees. Production systems could embed this as a pre-engagement triage tool to reduce consultant hours, or as a continuous monitoring layer that re-runs monthly to track risk drift. The stateful context pattern is generalizable beyond security: any complex analytical workflow (due diligence, operational resilience, regulatory compliance) benefits from agent specialization paired with shared analytical state. Trade-offs include: (1) latency increases linearly with agent count due to sequential execution, (2) context window management becomes critical if assessments span thousands of assets, (3) LLM costs scale with context size and number of agents, and (4) agent orchestration requires careful error handling since downstream agents depend on upstream quality. For a 15-person org, compute cost is likely <100, but this degrades for multi-thousand-asset enterprises without caching or summarization.

Limitations and When Not to Use This

The evaluation is limited to a single organization size (15 employees) and single vertical (healthcare/HIPAA), leaving open whether the approach generalizes to larger enterprises with complex IT environments or industries with different threat models (finance, critical infrastructure). The paper doesn't detail failure modes when agents produce conflicting assessments or when context becomes stale; no discussion of hallucination rates or how the system handles ambiguous/incomplete documentation. Persistence and context accumulation assume high-quality upstream agent outputs, but no validation of intermediate outputs appears in the abstract—if Agent 3's threat analysis is mediocre, Agent 5's risk scoring inherits that error. The CISSP comparison is a baseline for validity but doesn't measure whether the system catches novel risks or false positives at scale. Follow-up work should address multi-agent debate/consensus mechanisms, context compression for large environments, and continuous learning as real assessments feed back into the agent knowledge base.

Research Context

This builds on the emerging multi-agent AI literature (ReAct, AutoGen, Langraph frameworks) that moves beyond single-LLM systems toward orchestrated reasoning pipelines. It applies agent decomposition specifically to the cybersecurity domain, where prior automation attempts focused on vulnerability scanning (point solutions) rather than holistic risk assessment. The paper implicitly validates that domain-specific stage decomposition (borrowed from traditional NIST CSF frameworks) maps cleanly onto agent boundaries, suggesting that established audit/assessment methodologies are natural inductive biases for AI agent design. The persistent context contribution is related to memory-augmented LLM systems (RAG, vector databases) but specialized for workflow state rather than pure information retrieval.


:::tip Subscribe Get weekly breakdowns of papers like this in AI Letters - the newsletter for engineers building production AI systems. :::


Back to Research Lab → · Subscribe to AI Letters →

© 2026 EngineersOfAI. All rights reserved.