Baseline LLMs Perform Well in Autonomous Penetration Testing.

Ananda Dhakal, Krish Neupane, Aarjan Chaudhary· July 16, 2026 View original

Summary

This paper argues for establishing strong plain-agent baselines before attributing performance gains to complex architectures in autonomous penetration testing. It shows that default coding CLI agents, especially with newer LLM models, can solve a large share of benchmarks, sometimes matching or exceeding specialized systems.

This research emphasizes the importance of evaluating plain-agent baselines before attributing performance improvements in autonomous penetration testing to complex architectural designs. Many recent papers on this topic introduce multi-component security harnesses around frontier Large Language Models (LLMs), making it difficult to discern whether performance gains stem from the architecture or the underlying model. The study conducted a controlled experiment using the 104-task XBOW benchmark, comparing default coding CLI agents (Codex, OpenCode, Pi) with the same GPT-5 model, budget, and scoring rules. It found that these plain agents could solve a significant portion of the benchmark tasks. Furthermore, the research demonstrated that repeated plain-agent runs can achieve or even surpass the union coverage of some published architecture scores. Crucially, simply upgrading to newer models like GPT-5.2 and GPT-5.5 within the same basic scaffold led to substantial performance improvements. This suggests that while specialized harnesses can offer measurable lift and cost efficiency, the inherent capabilities of the LLM backbone are a major, often underestimated, factor in performance.

Why it matters

Cybersecurity professionals and AI developers need to understand that the core LLM's capabilities are paramount in autonomous penetration testing. Over-engineering architectures without first optimizing the underlying model or establishing strong baselines can lead to inefficient development and misattributed performance.

How to implement this in your domain

  1. 1Establish robust plain-agent baselines using the latest LLM models before investing heavily in complex architectural overlays for security tasks.
  2. 2Prioritize upgrading to newer, more capable LLM backbones for autonomous security agents.
  3. 3Conduct controlled experiments to isolate the performance contributions of architectural components versus the underlying LLM.
  4. 4Integrate default coding CLI agents into security testing workflows to leverage their baseline capabilities.

Who benefits

CybersecuritySoftware DevelopmentAI DevelopmentIT Security Consulting

Key takeaways

  • Plain coding agents, especially with newer LLMs, can solve a significant portion of autonomous penetration testing benchmarks.
  • Performance gains are often more attributable to the underlying LLM model than complex architectural harnesses.
  • Establishing strong plain-agent baselines is crucial for accurate evaluation of specialized security architectures.
  • Future evaluations should always report model-matched plain-agent baselines.

Original post by Ananda Dhakal, Krish Neupane, Aarjan Chaudhary

"arXiv:2607.13085v1 Announce Type: cross Abstract: Recent autonomous penetration testing papers report high benchmark scores while adding multi-component security harnesses around frontier LLMs. Because these systems often change both architecture and backbone model, it is difficu…"

View on X

Originally posted by Ananda Dhakal, Krish Neupane, Aarjan Chaudhary on X · view source

Want to go deeper?

Turn these trends into skills with Learnijoy's hands-on AI & tech courses.

Explore courses