A declarative, reproducible cybersecurity simulation environment for studying AI-assisted offensive and defensive security practices.
┌─────────────────────────────────────────────────────────────────────────────┐
│ Host Machine (NixOS) │
│ │
│ ┌─────────────────────────────┐ │
│ │ Ollama Container │ ← GPU/CPU • Runs red & blue agents │
│ │ (localhost:11434) │ │
│ └─────────────────────────────┘ │
│ │
│ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐
│ │ Red Team VM │ │ Blue Team VM │ │ Target VM │ │ Vulnerable VM │
│ │ 10.0.0.101 │ │ 10.0.0.102 │ │ 10.0.0.103 │ │ 10.0.0.104 │
│ │ Offensive │ │ Defensive │ │ Clean victim │ │ Weak system │
│ └───────────────┘ └───────────────┘ └───────────────┘ └───────────────┘
│ │ │ │ │
│ └───────────────────┴───────────────────┴───────────────────┘
│ br0 bridge (10.0.0.1/24) │
│ │
│ DNS Controller VM (10.0.0.5) │
│ • BIND9 authoritative DNS │
│ • All name resolution goes through here │
└─────────────────────────────────────────────────────────────────────────────┘
Simple I/O Flow:
You → lab-ctl CLI → Ollama (AI brain) → Red/Blue agent thinks → calls safe tools
→ runs inside MicroVM → result loops back → you see output
All network stays inside br0 — no real Internet, no breakout.
graph TD
A[You / lab-ctl CLI] --> B[Ollama Container<br>GPU/CPU Inference]
B --> C[Red Team Agent<br>10.0.0.101]
B --> D[Blue Team Agent<br>10.0.0.102]
C --> E[Target VM<br>10.0.0.103]
C --> F[Vulnerable VM<br>10.0.0.104]
D --> F
E --> G[DNS Controller<br>10.0.0.5<br>BIND9]
F --> G
subgraph "Isolated Lab Network"
E
F
G
C
D
end
subgraph "Host"
B
A
end
SiegeWare (noun) /siːdʒˈwɛər/
A term coined by DeMoD LLC in 2025 to describe AI-powered autonomous cyber warfare simulation platforms designed for controlled, ethical, and educational replication of real-world offensive and defensive cybersecurity operations.
SiegeWare platforms are defined by:
- Autonomous or semi-autonomous AI agents performing red team (offensive) and blue team (defensive) roles
- Realistic, isolated network topology built with reproducible infrastructure
- Hardware-accelerated local large language model (LLM) inference for agent reasoning and decision-making
- Progressive, outcome-focused learning modules with verifiable assessment
- Strict safety boundaries that prevent any real-world harm or external impact
- Explicit emphasis on both technical mastery and ethical responsibility
The name combines two evocative elements:
- Siege — referencing the historical military tactic of surrounding and methodically reducing a fortified position, paralleling modern cyber campaigns that involve reconnaissance, persistence, lateral movement, and objective achievement.
- Ware — derived from "software" and "malware", underscoring that this is a purely software-defined, AI-augmented simulation environment, not physical warfare.
SiegeWare represents the responsible convergence of artificial intelligence, cybersecurity training, and ethical simulation technology — a digital training platform that prepares defenders and helps students understand adversary tactics without ever crossing into real-world harm.
The Universal Educational AI Agents Lab is intentionally engineered as a full-featured SiegeWare simulator, with the core mission of preparing the next generation of IT security professionals.
Key SiegeWare characteristics implemented in this platform:
-
Autonomous Agent Behavior
Red and blue team agents leverage local LLMs to independently reason, plan, and execute actions within the simulation. -
Realistic Attack/Defense Lifecycle
Five progressive labs mirror actual cyber kill chains, defensive workflows, and incident response processes. -
Isolated, High-Fidelity Environment
MicroVMs, containerized services, and virtual networking create production-like conditions while guaranteeing complete isolation. -
Hardware-Agnostic Scalability
Runs natively on consumer laptops (Apple Silicon via Asahi Linux, Intel/AMD/NVIDIA GPUs) and scales to classroom servers or research clusters. -
Verifiable Educational Outcomes
Structured objectives, automated verification scripts, progress tracking, and instructor oversight tools. -
Ethical & Safety Framework
Explicit system prompts, network containment, no external connectivity, and repeated emphasis on responsible use and simulation-only actions.
This SiegeWare simulator is designed for:
- University cybersecurity programs (undergraduate and graduate levels)
- Professional training organizations (SANS, Offensive Security, EC-Council, etc.)
- Corporate red team / blue team / purple team training programs
- Independent learners preparing for certifications (OSCP, PNPT, CRTP, CEH, etc.)
- AI security researchers studying agent behavior in adversarial environments
By releasing this platform as free, open-source software under GPL-3.0, DeMoD LLC seeks to:
- Democratize access to high-fidelity AI-augmented cybersecurity training
- Accelerate the development of AI-literate security professionals
- Promote ethical understanding of both offensive and defensive capabilities
- Establish a widely adopted reference platform for modern AI-security education
SiegeWare is not entertainment. It is a professional training environment.
The future of cybersecurity will be shaped by those who understand both how AI can attack systems and how AI can defend them. This lab exists to train that next generation — safely, responsibly, and effectively.
This lab offers a secure, fully isolated environment to study the application of artificial intelligence in cybersecurity through structured red team vs. blue team simulations. Built with Nix and NixOS, it ensures complete reproducibility across deployments and supports a wide range of hardware platforms.
By completing the full lab series, participants will be able to:
- Use AI-assisted methods to perform network reconnaissance and asset enumeration
- Identify and safely simulate exploitation of privilege escalation vectors
- Implement defensive monitoring, anomaly detection, and incident response using AI agents
- Execute multi-stage attack campaigns while practicing operational security
- Optimize autonomous AI agents for competitive red vs. blue scenarios
- Critically evaluate the role, strengths, limitations, and ethical implications of AI in security operations
- Fully declarative infrastructure — 100% reproducible via Nix flakes
- Broad hardware compatibility — x86_64 (NVIDIA CUDA, AMD ROCm, Intel Arc, CPU) and aarch64 (Apple Silicon Metal)
- GPU-accelerated inference — Local LLMs via Ollama
- Strong isolation — MicroVM-based execution environments with network containment
- Structured curriculum — Five progressive labs with clear objectives and verification
- Integrated management tooling —
lab-ctlCLI for students and instructors
- Nix package manager (https://nixos.org/download)
- Hardware:
- Minimum: 16 GB RAM, 4-core CPU
- Recommended: 32+ GB RAM, GPU (NVIDIA/AMD/Intel) or Apple Silicon
- Basic Linux terminal proficiency
Best plug and play UX with Oligarchy NixOS lite
-
Clone the repository
git clone https://github.com/ALH477/ai-agents-lab.git cd ai-agents-lab -
Deploy the lab infrastructure
nix run .#deployThis command:
- Builds and activates the NixOS configuration
- Starts the Ollama inference container
- Launches MicroVMs (red-team, blue-team, target, vulnerable-vm, dns-controller)
- Configures isolated networking and DNS authority
-
Verify deployment
nix run .#statusExpected output includes:
- Ollama service running
- All MicroVMs active
- DNS controller responding (dig @10.0.0.5 red.lab.local)
- Loaded models listed
-
Access student guide
nix run .#student-quickstart -
(Optional) Build portable Docker image
nix build .#inferenceImage docker load < result
- Ollama API:
curl http://localhost:11434/api/tags - DNS resolution:
dig @10.0.0.5 red.lab.local - VM connectivity:
ping 10.0.0.101(from host or another VM)
Level: Foundational | Duration: 30–45 minutes | Points: 100
Focus: AI-assisted enumeration and intelligence gathering
Key Skills: Port scanning, service fingerprinting, OS detection, banner grabbing
Learning Outcomes: Understand reconnaissance phase of penetration testing; interpret scan results; apply AI for tool selection and analysis
Level: Intermediate | Duration: 60–90 minutes | Points: 150
Focus: Identification and simulation of privilege escalation vectors
Key Skills: SUID/SGID binary analysis, permission misconfiguration, service exploitation
Learning Outcomes: Recognize common escalation paths; assess risk of misconfigurations; practice controlled exploitation
Level: Intermediate | Duration: 45–60 minutes | Points: 125
Focus: Defensive operations and anomaly detection
Key Skills: Log analysis, network monitoring, alert rule creation
Learning Outcomes: Build foundational detection capabilities; understand blue team workflows; apply AI to accelerate threat identification
Level: Advanced | Duration: 90–120 minutes | Points: 200
Focus: Execution of multi-stage attack campaigns
Key Skills: Stealth reconnaissance, persistence, lateral movement, data exfiltration
Learning Outcomes: Conduct structured attacks; apply operational security practices; understand evasion techniques
Level: Advanced | Duration: 120+ minutes | Points: 300
Focus: Strategy optimization for competing autonomous AI agents
Key Skills: Prompt engineering, performance tuning, attack-defense balance
Learning Outcomes: Explore emergent behavior in AI security systems; understand trade-offs between aggression and stealth
Instructors serve as facilitators of learning, not just content deliverers. Your role includes:
- Setting clear expectations for ethical use
- Monitoring student progress and intervening when needed
- Providing context and real-world relevance
- Assessing learning outcomes fairly and consistently
- Customizing labs to match course objectives
-
Deploy the lab on instructor workstation/server
nix run .#deploy -
Verify all components
nix run .#status -
Run instructor setup script
nix run .#instructor-setup -
Create student accounts or environments (future feature)
- Current: single shared lab (recommended for initial classes)
- Planned: per-student MicroVM cloning
-
Review lab materials
- /var/lib/ai-agents-lab/labs/
- Each lab has lab.json, starter.py, verify.py
Duration: 2–3 hours per lab (including debrief)
-
Introduction (10–15 min)
- State learning objectives
- Review ethical guidelines
- Explain lab controller commands
-
Guided Start (15–20 min)
- Students run
lab-ctl student start <lab-id> - Instructor walks through starter code
- Students run
-
Independent Work (60–120 min)
- Students interact with agents
- Use
lab-ctl student statusandverify - Instructor circulates, answers questions
-
Debrief & Discussion (20–30 min)
- Share findings (screenshots, agent conversations)
- Discuss what worked, what failed
- Highlight defensive lessons from offensive actions
-
Assessment
- Run
lab-ctl student verifyon student machines - Instructor reviews outputs
- Use
lab-ctl instructor grade <student-id>(future)
- Run
-
Real-time monitoring:
lab-ctl instructor monitor student-01
-
Class-wide stats:
lab-ctl instructor stats
-
Reset stuck student:
lab-ctl instructor reset student-01
- Add new labs by creating directories under
packages/lab-controller/labs/ - Modify objectives/hints in
lab.json - Extend verification logic in
verify.py - Adjust DNS records in
modules/ai-agents-env.nixfor custom domains
- 40% Objective completion (via
verify) - 30% Quality of documentation / notes
- 20% Ethical reasoning demonstrated
- 10% Creativity / sophistication of approach
┌─────────────────────────────────────────────────────────────┐
│ Host System │
│ ┌────────────────────────────────────────────────────────┐ │
│ │ Ollama Container (GPU-accelerated inference) │ │
│ │ - red-qwen-agent (Offensive AI) │ │
│ │ - blue-llama-agent (Defensive AI) │ │
│ └────────────────────────────────────────────────────────┘ │
│ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌───────────────┐
│ │ Red Team │ │ Blue Team │ │ Target │ │ Vulnerable │ │ DNS Controller│
│ │ MicroVM │ │ MicroVM │ │ MicroVM │ │ VM │ │ (BIND9) │
│ │ 10.0.0.101 │ │ 10.0.0.102 │ │ 10.0.0.103 │ │ 10.0.0.104 │ │ 10.0.0.5 │
│ └─────────────┘ └─────────────┘ └─────────────┘ └─────────────┘ └───────────────┘
│ │ │ │ │ │
│ └─────────────────┴─────────────────┴─────────────────┴─────────────────┘
│ br0 (10.0.0.1/24) – Isolated Lab Network │
└─────────────────────────────────────────────────────────────┘
- MicroVMs provide kernel-level isolation from host
- Network traffic confined to virtual bridge (br0)
- No direct Internet access from any VM
- DNS resolution controlled by isolated DNS controller
- Environment fully resettable via rebuild
- All configurations declarative and auditable
Participants must:
- Use knowledge gained solely for authorized educational or professional purposes
- Never apply techniques to production systems without explicit permission
- Adhere strictly to ethical and legal guidelines
- Report discovered vulnerabilities responsibly
- Lab 01 – Network Reconnaissance
- Focus: AI-assisted enumeration, tool selection
- Lab 02 – Privilege Escalation
- Focus: Vulnerability identification, exploitation techniques
- Lab 03 – Security Monitoring & Detection
- Focus: Log analysis, anomaly detection, alerting
- Lab 04 – Multi-stage Attack Campaigns
- Focus: Persistence, lateral movement, evasion
- Lab 05 – AI Red vs Blue Competition
- Focus: Strategy optimization, emergent behavior
By completing this lab series, participants will develop:
- Network reconnaissance and enumeration
- Privilege escalation analysis
- Security monitoring and incident detection
- Multi-stage attack execution
- AI agent orchestration and tuning
- Attack surface mapping
- Defense-in-depth principles
- Operational security (OpSec)
- AI limitations in security contexts
- Ethical considerations in offensive security
- Structured documentation and reporting
- Risk assessment and prioritization
- Responsible disclosure practices
- Prompt engineering for security tasks
sudo systemctl status docker-inference-optimized
sudo journalctl -u docker-inference-optimized -f
sudo systemctl restart docker-inference-optimizedsystemctl list-units 'microvm@*' --no-pager
sudo systemctl start microvm@red-team
sudo systemctl start microvm@blue-team
sudo systemctl start microvm@target
sudo systemctl start microvm@vulnerable-vm
sudo systemctl start microvm@dns-controllersudo systemctl status microvm@dns-controller
dig @10.0.0.5 red.lab.local
ssh root@10.0.0.101 "dig red.lab.local"which lab-ctl
ls -la /var/lib/ai-agents-lab/labs/
sudo chmod -R 755 /var/lib/ai-agents-lab/ip addr show br0
sudo systemctl status dhcpd4
sudo systemctl restart systemd-networkd- Create lab directory structure
- Define
lab.jsonmetadata - Add optional
starter.py,verify.py,README.md - Test with:
lab-ctl student start <new-lab-id> lab-ctl student verify
Provide:
- Clear problem description
- Steps to reproduce
- Expected vs. observed behavior
- System info (architecture, Nix version, hardware)
Copyright © 2025 DeMoD LLC
Licensed under the GNU General Public License v3.0 (GPL-3.0)
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see https://www.gnu.org/licenses/.
- Ollama project — efficient local LLM inference
- MicroVM.nix — lightweight virtualization
- NixOS ecosystem — declarative system configuration
- Educational contributors and reviewers
- Documentation — This README
- Troubleshooting — See section above
- Issues — GitHub issue tracker
- Community — (Discord/forum link forthcoming)
This SiegeWare simulator is designed to support rigorous, structured learning in AI security. Feedback and contributions are welcome to enhance its educational impact.