CyberDex: An Autonomous LLM Agent for Conversational Network Security Analysis

Pranay Garapati (Saint Louis University), Lokesh Talagatla (Saint Louis University), Thridev Gajavelly (Saint Louis University), Dr. Maria Weber (Saint Louis University)

Network security tools such as nmap, TShark, and openssl give powerful insights into hosts, networks, and services. However, these tools are primarily command-line based and often require users to memorize syntax, plan multi-step workflows, and interpret dense outputs with limited guidance. While some graphical tools can automate individual scans, they typically do not explain results clearly, connect findings to risks, or adapt the next step based on what was discovered. CyberDex addresses these gaps with an AI agent that enables conversational network security analysis. Users describe goals in plain English, and CyberDex translates the request into a sequence of tool actions. By utilizing a doubt-driven reasoning loop, the agent continually evaluates remaining uncertainties and orchestrates additional tools (such as correlating DNS traffic with network flows, enriching IPs, or verifying SSL certificates) until its findings are supported by concrete evidence. It then summarizes the results, explains potential risks, and recommends mitigations. CyberDex supports mixed interactions in a single conversation: conceptual questions produce explanatory answers, while action requests trigger autonomous tool execution. We evaluated the intent classifier on 50 labeled queries, achieving 100% accuracy with an average decision latency of 0.49 seconds. CyberDex demonstrates that LLM agents can orchestrate common security tools through natural language, making professional-grade security analysis accessible to beginners while supporting learning through guided exploration.