amazon-science/cyber-zero — explained in plain English
Analysis updated 2026-05-18
Generate synthetic CTF training trajectories from public writeups instead of live environments
Evaluate the quality of generated training trajectories with a language model
Benchmark a cybersecurity AI agent using the patched EnIGMA scaffolding
Train an AI agent to solve Capture the Flag challenges without spinning up real infrastructure
| amazon-science/cyber-zero | thealgorithms/scripts | italozucareli/zabbix-observability | |
|---|---|---|---|
| Stars | 87 | 88 | 85 |
| Language | Python | Python | Python |
| Last pushed | — | 2023-10-04 | — |
| Maintenance | — | Dormant | — |
| Setup difficulty | hard | easy | moderate |
| Complexity | 4/5 | 1/5 | 3/5 |
| Audience | researcher | ops devops | ops devops |
Figures from each repo's GitHub metadata at analysis time.
Requires access to language model APIs via litellm and CTF challenge metadata to generate training data.
Cyber-Zero is a research framework from Amazon Science that trains AI agents to solve cybersecurity challenges, specifically CTF (Capture the Flag) competitions, without needing a live computer environment to practice in. CTF competitions are hacking contests where participants find hidden flags by exploiting vulnerabilities, reverse-engineering software, or breaking cryptographic schemes. The usual way to train an AI agent for this is to let it interact with real challenge environments, but those environments are often unavailable, expensive to spin up, or too slow to generate enough training data. Cyber-Zero solves this by using a language model to simulate what those interactions would look like. It reads publicly available CTF writeups (step-by-step solutions written by humans after solving challenges) and uses an AI to reconstruct realistic multi-step interaction sequences as if the agent had been running real commands. These synthetic conversations become training data. Models trained on this data achieved up to 13.1 percentage point improvements on three established CTF benchmarks. The framework includes a pipeline with three steps: generating simulated interaction trajectories from CTF challenge metadata, evaluating the quality of those trajectories using a language model, and reformatting them into the training format needed. It also ships a patched version of the EnIGMA agent scaffolding, built on top of SWE-agent, that can evaluate hundreds of CTF challenges in hours rather than days. A researcher building or benchmarking cybersecurity AI agents would use this. The tech stack is Python with litellm for multi-provider language model access.
A research framework that generates synthetic CTF training data to teach AI agents cybersecurity skills.
Mainly Python. The stack also includes Python, litellm, SWE-agent.
The README does not state a license.
Setup difficulty is rated hard, with roughly 1day+ to a first successful run.
Mainly researcher.
This repo across BitVibe Labs
Verify against the repo before relying on details.