cybersecurity engineer | MITRE | Caldera contributor
Ethan Michalak is a cybersecurity engineer and an avid CTF player. Ethan pursues efforts in adversary emulation, detection engineering, and malware development. In his free time, Ethan plays video games, reads a book, or makes a cocktail.
Saturday | Aug 9th
2025
Adversary Village workshop stage | Las Vegas Convention Center
Purple Team
Adversary
Emulation
The rapid advancement of large language models (LLMs) is reshaping the landscape of
cybersecurity. These models are not only achieving higher benchmarks in math, coding, and cybersecurity
tasks but are also being leveraged by threat actors to enhance resource development and social
engineering capabilities. As LLMs continue to evolve, what could autonomous cyber capabilities powered by
these models look like? How can we responsibly harness their potential for adversary emulation and
defense?
In this talk, we will explore the integration of LLMs into MITRE Caldera, a scalable automated adversary
emulation platform, and investigate how these models can transform adversary emulation through three
distinct paradigms: as planners, as factories for constructing custom cyber abilities, and as
forward-deployed autonomous agents. Drawing on existing research, including papers on LLM-assisted
malware development and benchmarks for offensive cyber operations, we will examine the capabilities of
LLMs in generating plausible emulations of advanced persistent threats (APTs).
The session will feature live demonstrations showcasing how LLMs can replicate adversary profiles,
construct new cyber abilities on the fly, and autonomously execute emulation tasks. Attendees will gain
insights into the performance of these paradigms, their implications for purple teaming, and the
challenges of maintaining realistic emulations.
Finally, we will look ahead to the future of adversary emulation, discussing how APTs might leverage
autonomous or semi-autonomous LLM capabilities in practice and the role of increasingly powerful models
in shaping the next generation of cybersecurity tools. Whether you're a defender, researcher, or
technologist, this talk will provide a compelling glimpse into the possibilities and risks of LLM-enabled
adversary emulation.
Detailed workshop outline :
Access Everywhere.
Join Adversary Village official Discord server to connect with our amazing community of adversary simulation experts and offensive security researchers!