CYBER MODEL RESEARCH

Train cybersecurity modelson work that can be verified.

Action Theory Lab builds the environments, rollout data, and evaluations behind capable defensive cybersecurity models.

SandboxVerifiersRolloutsPost-trainingEvaluationsDefensive research
AT AT Labcyber environments / path-normalization verifier live

TASK 048 / PATH NORMALIZATION

Rollout evidence

Last 8 attempts
Rollout group summaryEight samples from the same task, compared before a training update
R01R02R03R04R05R06R07R08
verifier reward task completion policy compliance tool efficiency rollout length
SignalOriginResult
path allow-list respectedtool policyobserved
hidden behavior checksverifierpassed
workspace boundary preservedcontainmentenforced

From a cyber task to
a learning signal.

Controlled environments where a model's actions can be evaluated, not merely narrated.

Train on trajectories that prove what happened.

Action Theory Lab keeps task state, tool calls, observations, verifier outcomes, and reward signals in one replayable rollout. This is the substrate for dataset design, post-training, and evaluation.

Explore the lab model
EXAMPLE ENVIRONMENTTASK T-048

DEFENSIVE TASK CONTRACT

Path normalization

Train an agent to correct unsafe path handling inside an isolated service repository.
Initial state
Vulnerable service repository
Allowed tools
Read, search, edit, test
Visible state
Files, outputs, observations
Rollout budget
12 steps / 8 samples
HIDDEN VERIFIERIndependent validation stays outside the model's rollout context.

The model receives the task and observations, never the target solution or the verifier implementation.

We build cybersecurity models, not only environments.

The environments shown above are one part of a complete model-research stack.

01

Cyber knowledge

Curated defensive-security knowledge gives a model the vocabulary, systems context, and technical grounding to reason about real work.

02

Expert trajectories

High-quality demonstrations and corrections teach a model how experienced defenders inspect, decide, and use constrained tools.

03

Verified post-training

Rollouts in task environments create the learning signal for improving tool use, task completion, and reliable behavior.

Models can act.
Action Theory Lab makes cyber work verifiable.

The environment is the research artifact: it defines the cyber task, action boundaries, verifier, and evidence needed to measure a model capability.

01

Defensive task design

Each environment begins with a concrete defensive objective and a meaningful initial state.

02

Bounded actions

Models act through explicit tools, schemas, timeouts, and containment rules.

03

Hidden verifiers

A model cannot see the target implementation that decides whether work is correct.

04

Rollout traces

Tool calls, observations, state changes, and verifier outcomes stay attached to each run.

05

Reward design

Rewards reflect the task outcome, safety constraints, and efficient tool use.

06

Held-out evaluations

A fixed environment and verifier let a capability be measured again after training.

Build cybersecurity models that can show their work.

Action Theory Lab connects cyber expertise with the datasets, environments, and evaluation loops behind reliable defensive models.

WORK WITH THE LAB

FAQ

01What is Action Theory Lab?+

Action Theory Lab is a research lab building cybersecurity models, task environments, datasets, and evaluations for defensive cyber work.

02What are Action Theory Lab environments?+

They are isolated cyber tasks with an initial state, allowed tools, a constrained action space, safety checks, and an independent verifier.

03What is a hidden verifier?+

It is the part of an environment that checks the final state and safety constraints without exposing the target solution to the model during a rollout.

04Is this offensive cybersecurity training?+

No. The lab focuses on defensive capabilities such as secure-code review, incident triage, configuration validation, remediation, and evidence-led analysis.

05Who is the lab for?+

Action Theory Lab is for researchers and teams building models, training data, agent environments, or evaluation systems for defensive cybersecurity.