DLA26BZ02-NV005 — Strengthening Defensive Cybersecurity and Penetration Testing Through Agentic AI and Automation
Award Maximum: $100,000 Period of Performance: 12 months Phase Type: Phase I
OBJECTIVE: The Defense Logistics Agency (DLA) manages a vast and complex global supply chain, underpinned by a sprawling digital infrastructure. The objective is to address the fact that traditional cybersecurity approaches, which rely heavily on manual processes and human expertise, are increasingly strained and struggle to scale effectively against an evolving threat landscape. This landscape is characterized by expanding attack surfaces, a persistent shortage of skilled cybersecurity personnel, and the rise of AI-enabled adversaries. This effort seeks to introduce a new paradigm to automate and scale DLA's cyber defense and assessment capabilities, mitigating significant risks to the agency's critical logistics and supply chain data.
DESCRIPTION: DLA seeks SBIR project opportunities for an agentic AI framework designed to strengthen its defensive cybersecurity posture and automate penetration testing. The proposed solution involves a team of specialized AI Agents, each configured with specific tools, knowledge, and roles, that collaborate to execute complex cybersecurity workflows.
The core innovation lies in a collaborative, multi-agent framework that mimics the workflow of a human cybersecurity team, enabling autonomous execution of complex, multi-step tasks. Specific agent roles and functions of interest include:
Project Management: Devising high-level plans for security tasks, such as network enumeration or vulnerability assessment, using algorithms and security frameworks (e.g., MITRE ATT&CK).
Cyber Analysis: Interpreting raw data from scans and tests to identify and prioritize defensive actions and vulnerabilities, utilizing vulnerability databases and threat intelligence feeds.
Code Generation & Execution: Translating high-level plans and priorities into executable code and command-line instructions (e.g., NMAP, Metasploit) and running them in emulated environments.
Vulnerability Research: Conducting deep-dive analysis on specific vulnerabilities using Retrieval-Augmented Generation (RAG) against a corpus of CVEs, CPEs, and technical documentation.
Research and Development (R&D) efforts selected under this topic shall demonstrate and involve a degree of risk where the technical feasibility of the proposed work has not been fully established.
PHASE I: Not to exceed a duration of 12 months and cost of $100,000.
Phase I will demonstrate proof of concept for the agentic AI framework. The effort will focus on establishing the technical merit and feasibility by developing a prototype capable of performing a foundational cybersecurity task. Key activities will include: defining the agent architecture and collaboration protocols; building the core framework for agent instantiation and communication; and implementing a proof-of-concept workflow for automated network enumeration. A prototype "Researcher" agent will also be developed to demonstrate RAG-based vulnerability research against a curated dataset of public CVEs. Phase I will culminate in a comprehensive final report detailing the results, prototype performance, and a detailed plan for the Phase II effort.
PHASE II: Not to exceed a duration of 24 months and cost of $1,000,000.
Depending on Phase I results, Phase II will consist of expanding the prototype into a more robust framework. This will involve increasing the complexity of the cybersecurity tasks the agentic team can perform, such as automating vulnerability validation and simulated exploit attempts. Additional activities may include integrating more sophisticated tools, expanding the knowledge bases for the agents, and developing a user interface for human-operator oversight and management. The goal is to mature the system's capabilities for continuous, automated penetration testing and vulnerability assessment in a relevant environment. Development of a detailed business case analysis and commercialization plan will be required.
PHASE III DUAL USE APPLICATIONS: Phase III efforts will focus on transitioning the mature agentic AI framework for operational use within the DLA. This phase will include the delivery of a production-level product ready for integration into the overall DLA Enterprise system. A key component will be the development of a sustainment plan to support the delivered system for the lifetime of the program, ensuring it remains effective against future cyber threats. The goal is to provide DLA with a scalable, efficient, and resilient cybersecurity capability that enhances the security of the defense supply chain.