MerlinX Introduces Cyber Autonomy to Offensive Operations in Cyberspace
How Leidos is using advanced AI to help cyber red-team operators act faster, think sharper and stay ahead of evolving threats
Three Points to Remember
- MerlinX serves as a co-pilot for offensive cyberspace operations and penetration testing by working alongside red-team operators.
- A large language model-based AI assistant, MerlinX can help operators by identifying risks to their missions and recommending tactical next steps.
- AI assistance lowers the skill floor for operators and accelerates readiness for red-team engagements.
An offensive cyber operator practicing in a simulated scenario sits in front of multiple screens filled with an adversary’s network traffic and reconnaissance data. The goal is to infiltrate the network, establish a foothold and accomplish objectives like mapping out the infrastructure, identifying exploitable entry points and maintaining long-term control without being detected.
The mission tasks are relentless and can take hours to accomplish. Each action generates massive amounts of data that must be analyzed in real time. The operator also needs to jump between disconnected tools and data in different formats. Delays in piecing together information can mean alerting the target, losing access and missing an opportunity.
Not only are they important to maintaining control of cyberspace, red-team operations are among the most demanding missions in cybersecurity. In them, operators simulate offensive attacks on our defense and intelligence systems to uncover weaknesses and provide insights to bolster defenses against real adversaries. But in these cyber missions, manual workflows slow operators down and increase their cognitive burden during the most critical moments.
Watching cyber operators' backs in high-stakes missions
To support red-team operations, Leidos created MerlinX, a large language model-based AI assistant that serves as a co-pilot for operators, analyzing their moves and recognizing patterns that humans might miss. MerlinX is designed to work seamlessly beside the operator, capturing every decision and output in real time and preparing recommendations on next tactics and the tools to perform them.
MerlinX helps red-teams benefit from more accurate and beneficial insights drawn from their own data using an AI technique called graph retrieval-augmented generation. This enables the LLM to not only draw from the knowledge base of the operator’s organization but also build a knowledge graph from it to acquire contextual understanding.
By bridging the gap between novice and expert operators, MerlinX helps red-teams prepare for engagements faster while advancing toward AI-driven offensive cyber operations and penetration testing.
Bobby Scharmann
Leidos Cyber Accelerator VP
Normally, operators would have to review the results of their commands and assess their next moves. This often forces them to break from the operation and take time to research.
The downtime usually entails “figuring out some technical problem and applying risk management to reduce the likelihood of getting caught and preserve the operation,” said Marc Brasher, cyber AI research scientist for MerlinX and an experienced red-team operator.
Instead, by drawing from knowledge of prior operations and known threat patterns, MerlinX alerts them about potential risks, potential targets and safe steps to advance mission objectives.
MerlinX’s insights appear directly through a chatbot interface within the operator’s workstation, so operators don’t need to switch between tools. It’s a smooth human-and-machine partnership that helps accomplish mission work efficiently while staying hidden from adversaries.
Getting ready for the future of cyber operations
MerlinX has been tested in realistic mission environments and is designed to support a variety of operational needs. Leidos has built it on adaptable architecture to support integration into cloud, local or distributed environments.
“We recognize that customers have different architectures or classification requirements and have developed MerlinX with that in mind,” Brasher said. “Each of MerlinX’s components can be deployed in a customized fashion.”
MerlinX is a co-pilot not just in the field but also throughout operator training and after completed missions. The AI assistant can create realistic environments for teams to rehearse missions in lifelike conditions, reducing the time to build test networks and freeing operators to focus on strategy, execution and skill development.
Gavin Black, director of cyber autonomy for Leidos, confirms this point: “MerlinX pushes the boundary of offensive cyber by turning every interaction into a living map of the operation to prevent operators from chasing data and allow them to focus on shaping the mission.”
After a mission is complete, teams can continue to improve themselves by using the replay and evaluation tools, since each action was captured to be analyzed. This feature also helps them analyze the AI’s recommendations and fine-tune it for future operations.
Testing MerlinX, Leidos saw the tool reduce the time to analyze large data sets, improve mission completeness and raise operator confidence. Less experienced analysts were able to perform closer to expert levels.
The LLM can ultimately help red-teams build their skills and expertise faster. Training cyber operators can cost millions of dollars and take several years to get them mission-ready, not to mention that there is a limited cyber talent pool.
Bobby Scharmann, vice president of Leidos’ Cyber Accelerator, explained, “By bridging the gap between novice and expert operators, MerlinX helps red-teams prepare for engagements faster while advancing toward AI-driven offensive cyber operations and penetration testing.”
From a defensive cyber perspective, more operationally ready red-teams translates into more effective and timely penetration testing of U.S. networks. It allows vulnerabilities to be identified, prioritized and mitigated at a pace that better matches modern threat activity.
Leidos continues to evolve MerlinX as a foundation for broader research into cyber autonomy by going beyond AI-assisted workflows and toward agent-driven operations. The platform is designed to help teams manage larger, more complex missions with greater precision, consistency and reduced operational risk.
Looking ahead, Leidos is exploring a fully autonomous MerlinX system that can act on high-level operational goals while remaining under the supervision of operators and mission analysts. This approach reflects the company’s vision for responsible cyber autonomy, as it increases mission speed in addition to preserving human judgment and accountability.
Leidos is working toward a future where cyber missions could be conducted more safely, faster and precisely with AI-enabled cyber warriors. When they face a flood of data and the pressure of the mission clock, MerlinX is their dependable co-pilot, helping them move faster, stay hidden and strike with confidence at machine speed.
