{"ID":2881248,"CreatedAt":"2026-06-01T04:54:23.091178241Z","UpdatedAt":"2026-06-01T04:54:23.091178241Z","DeletedAt":null,"paper_url":"https://arxiv.org/abs/2508.13118","arxiv_id":"2508.13118","title":"AutoBnB-RAG: Enhancing Multi-Agent Incident Response with Retrieval-Augmented Generation","abstract":"Incident response (IR) requires fast, coordinated, and well-informed decision-making to contain and mitigate cyber threats. While large language models (LLMs) have shown promise as autonomous agents in simulated IR settings, their reasoning is often limited by a lack of access to external knowledge. In this work, we present AutoBnB-RAG, an extension of the AutoBnB framework that incorporates retrieval-augmented generation (RAG) into multi-agent incident response simulations. Built on the Backdoors \u0026 Breaches (B\u0026B) tabletop game environment, AutoBnB-RAG enables agents to issue retrieval queries and incorporate external evidence during collaborative investigations. We introduce two retrieval settings: one grounded in curated technical documentation (RAG-Wiki), and another using narrative-style incident reports (RAG-News). We evaluate performance across eight team structures, including newly introduced argumentative configurations designed to promote critical reasoning. To validate practical utility, we also simulate real-world cyber incidents based on public breach reports, demonstrating AutoBnB-RAG's ability to reconstruct complex multi-stage attacks. Our results show that retrieval augmentation improves decision quality and success rates across diverse organizational models. This work demonstrates the value of integrating retrieval mechanisms into LLM-based multi-agent systems for cybersecurity decision-making.","short_abstract":"Incident response (IR) requires fast, coordinated, and well-informed decision-making to contain and mitigate cyber threats. While large language models (LLMs) have shown promise as autonomous agents in simulated IR settings, their reasoning is often limited by a lack of access to external knowledge. In this work, we pr...","url_abs":"https://arxiv.org/abs/2508.13118","url_pdf":"https://arxiv.org/pdf/2508.13118v2","authors":"[\"Zefang Liu\",\"Arman Anwar\"]","published":"2025-08-18T17:22:51Z","proceeding":"cs.CL","tasks":"[\"cs.CL\",\"cs.CR\"]","methods":"[\"RAG\",\"Large Language Model\",\"Language Model\",\"Generative Adversarial Network\"]","has_code":false}