Agentic AI for Critical Infrastructure Security
Dylan Christensen
Nov 5th 2025 11:30 WWH 335
Abstract: The security and reliability of our critical infrastructure is increasingly dependent on
the integrity of millions of interconnected Cyber-Physical Systems (CPS) and IoT devices.
UNCC’s Center for Energy Security and Reliability (CESAR) addresses this challenge by
demonstrating vulnerability discovery through emulating threat actor approaches on
components like solar power gateways. However, manually identifying and testing these
vulnerabilities across diverse systems remains a significant scalability bottleneck for defenders.
This talk presents an AI-enabled framework that transforms this process, using the frontier
technology of agentic large language models (LLMs) to automate and intelligently orchestrate
security stress-testing. We introduce a system where an AI agent acts as a persistent,
automated adversary to probe system resilience, creating a rapid adversarial feedback loop that
exposes the true exploitability of vulnerabilities and reveals blind spots in security postures
before they can be leveraged in the field.
We demonstrate this framework’s capability by targeting a widely deployed connectivity daemon (ConnMan), a software component analogous to those found in many grid-connected IoT devices. By emulating a vulnerable device, the AI agent, starting with minimal access,
successfully and autonomously analyzed the system’s defenses, identified a critical
vulnerability, adapted its attack strategy to bypass system protections, and executed a privilege
escalation attack to gain full administrative control.
This work automates the very class of vulnerability discovery—privilege escalation, credential
attacks, and denial-of-service vectors—that CESAR researchers are actively investigating. By
demonstrating how agentic AI transforms automatic exploit generation into an adaptive,
intelligent process extending human anticipation, this work positions AutoPwn as a foundational
step toward AI-empowered, symbiotic security in IoT and Cyber-Physical Systems essential to
our energy infrastructure.
Bio: Dylan Christensen received a B.S. in Computer Science with a concentration in
Cybersecurity from UNC Charlotte in 2025. He is currently a Research Assistant pursuing an
M.S. in Cybersecurity and a Ph.D. in Software and Information Systems under the supervision
of Dr. Meera Sridhar. His current research extends agentic AI frameworks for automated
security testing of critical infrastructure, with focus on cyber-physical energy systems and IoT
devices.