Agentic AI for Critical Infrastructure Security

October 31, 2025
Categories: Events, Seminar Series

Dylan Christensen

Nov 5th 2025 11:30 WWH 335

Abstract: The security and reliability of our critical infrastructure is increasingly dependent on

the integrity of millions of interconnected Cyber-Physical Systems (CPS) and IoT devices.

UNCC’s Center for Energy Security and Reliability (CESAR) addresses this challenge by

demonstrating vulnerability discovery through emulating threat actor approaches on

components like solar power gateways. However, manually identifying and testing these

vulnerabilities across diverse systems remains a significant scalability bottleneck for defenders.

This talk presents an AI-enabled framework that transforms this process, using the frontier

technology of agentic large language models (LLMs) to automate and intelligently orchestrate

security stress-testing.  We introduce a system where an AI agent acts as a persistent,

automated adversary to probe system resilience, creating a rapid adversarial feedback loop that

exposes the true exploitability of vulnerabilities and reveals blind spots in security postures

before they can be leveraged in the field.

We demonstrate this framework’s  capability by targeting a widely deployed connectivity daemon (ConnMan), a software component analogous to those found in many grid-connected IoT devices. By emulating a vulnerable device, the AI agent, starting with minimal access,

successfully and autonomously analyzed the system’s defenses, identified a critical

vulnerability, adapted its attack strategy to bypass system protections, and executed a privilege

escalation attack to gain full administrative control.

This work automates the very class of vulnerability discovery—privilege escalation, credential

attacks, and denial-of-service vectors—that CESAR researchers are actively investigating. By

demonstrating how agentic AI transforms automatic exploit generation into an adaptive,

intelligent process extending human anticipation, this work positions AutoPwn as a foundational

step toward AI-empowered, symbiotic security in IoT and Cyber-Physical Systems essential to

our energy infrastructure.

Bio: Dylan Christensen received a B.S. in Computer Science with a concentration in

Cybersecurity from UNC Charlotte in 2025. He is currently a Research Assistant pursuing an

M.S. in Cybersecurity and a Ph.D. in Software and Information Systems under the supervision

of Dr. Meera Sridhar. His current research extends agentic AI frameworks for automated

security testing of critical infrastructure, with focus on cyber-physical energy systems and IoT

devices.