Primary Investigator:
Smriti Bhatt

Project Members
Sushmitha Reddy Balaji Reddy

Consumer IoT devices represent one of the most persistently vulnerable surfaces in modern network infrastructure, yet automated security assessment for these devices remains far behind the tooling available for web applications. Existing agentic penetration testing frameworks like PentestGPT demonstrate that LLM-driven agents can reason across multi-stage attack workflows, but they are designed for web targets and assume standardised interfaces. IoT devices speak heterogeneous protocols, run diverse firmware architectures, and require emulation before any dynamic interaction is even possible. No equivalent agentic framework exists for IoT red teaming. This paper presents a master-agent plus specialised sub-agent architecture for autonomous, multi-stage IoT exploitation against firmware-emulated consumer devices. The master planner maintains a shared attack state and routes execution across specialised sub-agents responsible for network discovery, service fingerprinting, web interface exploitation, protocol interaction, and post-compromise evidence collection. Each agent operates under real-world uncertainty, reasoning about partial observations and adapting its strategy without human intervention. Every action taken by the framework is logged as a structured agent experience trace, capturing the observation, tool output, LLM reasoning, chosen action, and outcome label. These traces serve a dual purpose: they provide empirical data for evaluating autonomous agent performance across heterogeneous IoT interfaces, and they produce labelled attack graphs suitable for downstream defensive analysis, including access control policy derivation, microsegmentation guidance, and anomaly detection signature generation. We evaluate the framework against firmware-emulated Netgear routers and IP cameras using FirmAE, demonstrating autonomous end-to-end compromise across multiple vulnerability classes, including default credential exploitation, administrative interface bypass, and SSH root access. We also characterise failure modes and introduce a taxonomy of autonomy degradation categories observed across heterogeneous device interfaces.