ALOHA tool uses GenAI to emulate adversaries

A research tool called ALOHA could receive a welcoming “hello!” from resource-strapped companies that need sophisticated cybersecurity tests.

Designed by researchers from Pacific Northwest National Laboratory (PNNL), this agentic system emulates cyberattacks like ransomware-style recon and lateral movement.

PNNL data scientist Loc Truong and cybersecurity researcher Kris Willis see the simulator providing organizations with capabilities that have often belonged to teams with bigger budgets and more specialized expertise.

“I envision that any team—from big organization to small—can find it useful, but particularly small,” Truong said.

How it works. ALOHA (Agentic LLMs for Offensive Heuristic Automation) allows teams to test their system against a tuned list of company-impacting vulnerabilities.

Here are a few key points from a demo with IT Brew:

• ALOHA connects to a test machine and an LLM (Anthropic’s Claude Sonnet 4 on demo day).
• It also connects to Caldera, a controlled simulator that deploys cyberattack tactics, as defined by not-for-profit cyber defense org MITRE.
• In the demo, Truong targeted a test computer and used a natural-language prompt: “Get an IP address of a Linux node.” (An adversary, after all, wants to know the targets out there.) The test machine did not reveal an IP command at first, but ALOHA successfully retried with a different technique: finding an IP address via the hostname command. ALOHA’s telemetry lists the tools used and commands running; the latest version, Truong noted in a follow-up email, adds suggested defenses.
• ALOHA’s agent simulates adversarial tactics like uploading data, installing packages, and destroying assets. “Anything that you can describe in English can be simulated,” Truong claims.

Truong received funding in late 2024 and created the early prototype in early 2025.

Copy machines. Teams trying to emulate adversaries have resources to play with. They can find an important threat and map behaviors to attack tactics with information from groups like MITRE. Someone can then set up the attack chain, often implemented by Caldera or an adversary emulation plan.

But defense comes at a price. For example, professional pen tests and full adversary simulations offered by “red-team” services can cost tens of thousands of dollars. Truong and Willis want to help all organizations better understand their susceptibility to tactics, techniques, and procedures (TTPs).

“Nobody shares TTPs in this industry because of the expense it requires to do it. This really lowers that bar of entry, so that a single IT person could do adversary emulation,” Willis said, “which just isn’t possible today, without tools like Claude and ALOHA to be able to do this.”

He added that ALOHA “hooks into” a team’s defensive tools, as well; Truong said that defensive tools can generate rules to detect the crafted attack.

ALOHA means goodbye (adversaries). Recent studies have determined LLMs’ usefulness in cyber tasks like complex command line understanding, converting security logs to attack tactics, and acting as a threat-intel copilot.

For sectors like manufacturing, energy, and other industries with critical operational technology (OT) environments, Justin Turner, director in Protiviti’s security and privacy practice, sees ALOHA providing a valuable way to tailor emulated attacks to specific networks, hardware, and control systems.

In an email to IT Brew, Turner wrote, “A full-scale adversary emulation program has historically been out of reach for organizations with smaller teams and limited resources, but this type of platform has the potential to enable self-assessment of their cyber defense capabilities more frequently and realistically.”

What’s next? The researchers said they’re now working on ways to ensure ALOHA covers the full scale of tests that defenders need; they are also working to improve ease of use and add features like vulnerability remediation.

And questions remain: ALOHA can help hackers, too, so the PNNL team must consider how to prevent malicious use of the tools. In addition, LLMs may someday deny prompts that lead to adversarial attacks—approved or otherwise—which would require partnering with vendors on how to do the research safely, or how to write better specs, Truong said.

“When I created this tool, my hope was to help cyber experts out there to use these large language models, to empower them to make security easier and better, rather than having to pay a lot of money to do it.”