Cyber knowledge
Curated defensive-security knowledge gives a model the vocabulary, systems context, and technical grounding to reason about real work.
CYBER MODEL RESEARCH
Action Theory Lab builds the environments, rollout data, and evaluations behind capable defensive cybersecurity models.






TASK 048 / PATH NORMALIZATION
Controlled environments where a model's actions can be evaluated, not merely narrated.
Action Theory Lab keeps task state, tool calls, observations, verifier outcomes, and reward signals in one replayable rollout. This is the substrate for dataset design, post-training, and evaluation.
Explore the lab modelDEFENSIVE TASK CONTRACT
The model receives the task and observations, never the target solution or the verifier implementation.
The environments shown above are one part of a complete model-research stack.
Curated defensive-security knowledge gives a model the vocabulary, systems context, and technical grounding to reason about real work.
High-quality demonstrations and corrections teach a model how experienced defenders inspect, decide, and use constrained tools.
Rollouts in task environments create the learning signal for improving tool use, task completion, and reliable behavior.
The environment is the research artifact: it defines the cyber task, action boundaries, verifier, and evidence needed to measure a model capability.
Each environment begins with a concrete defensive objective and a meaningful initial state.
Models act through explicit tools, schemas, timeouts, and containment rules.
A model cannot see the target implementation that decides whether work is correct.
Tool calls, observations, state changes, and verifier outcomes stay attached to each run.
Rewards reflect the task outcome, safety constraints, and efficient tool use.
A fixed environment and verifier let a capability be measured again after training.
Action Theory Lab connects cyber expertise with the datasets, environments, and evaluation loops behind reliable defensive models.
WORK WITH THE LABAction Theory Lab is a research lab building cybersecurity models, task environments, datasets, and evaluations for defensive cyber work.
They are isolated cyber tasks with an initial state, allowed tools, a constrained action space, safety checks, and an independent verifier.
It is the part of an environment that checks the final state and safety constraints without exposing the target solution to the model during a rollout.
No. The lab focuses on defensive capabilities such as secure-code review, incident triage, configuration validation, remediation, and evidence-led analysis.
Action Theory Lab is for researchers and teams building models, training data, agent environments, or evaluation systems for defensive cybersecurity.