Worlds: A Simulation Engine for Agentic Pentesting (dreadnode.io)

A new simulation engine called Worlds has been developed to enhance penetration testing by enabling the generation of realistic and diverse testing scenarios without the need for physical networks or actual infrastructure. By fine-tuning an 8B model using solely synthetic training data, Worlds successfully facilitated a full compromise of a GOAD domain, showcasing how it can dramatically improve the efficiency and scalability of security training data. This approach eliminates the limitations associated with traditional methods, such as the high costs and logistical challenges of building real environments for testing. The significance of Worlds lies in its ability to bridge the "Sim2Real" gap in cybersecurity, offering security professionals a way to train small, task-specific models effectively. The simulation provides high-fidelity representations of Active Directory dynamics and realistic penetration testing trajectories, supporting a robust training framework for AI models. With this innovation, users can generate diverse tool call sequences rapidly and without the expensive and cumbersome requirements of real network infrastructure. Ultimately, Worlds positions itself as a transformative tool in the AI-driven security landscape, enabling automated yet efficient penetration testing capabilities while addressing the persistent issue of access to quality training environments and data.