CDIS: Autonomous Adversary Engagement Using Agentic AI and Microsoft Security
Cyber Security
Semester programme:Open Learning/Innovation
Client company:Microsoft
Project group members:Taha Al-Abrawi
Project description
Traditional cybersecurity defenses are reactive, waiting for attackers to strike before responding. This leaves organizations blind to adversary tactics until it is too late. The Cyber Deception Intelligence System (CDIS) flips this paradigm by shifting from passive defense to active adversary engagement.
This research project introduces an innovative, autonomous deception framework built entirely within the Microsoft Security ecosystem. By leveraging Agentic AI (via Microsoft Copilot for Security) and advanced orchestration tools (Logic Apps), CDIS autonomously deploys high-fidelity honeypots that adapt in real-time to attacker behavior.
Unlike static honeypots, CDIS utilizes AI agents that analyze live threat data from Microsoft Defender XDR to predict an attacker’s next move. It then dynamically constructs and deploys tailored decoys—such as fake credentials or vulnerable services—specifically designed to trick the adversary into revealing their tools and tactics (TTPs).
Context
CyberSecurity Defense AI
Results
The system features a Human-in-the-Loop (HITL) control framework, allowing security analysts to dial the level of autonomy from "Copilot" recommendations to full "Autopilot" execution. The final output is high-fidelity, Operational Cyber Threat Intelligence (CTI) structured in STIX 2.1 format, ready to be fed back into defensive platforms to proactively block threats across the enterprise. CDIS demonstrates the future of self-driving cyber defense.
About the project group
A graduate student at Fontys ICT is in the final phase of the bachelor programme and works independently on a graduation assignment rooted in professional practice. The assignment addresses a concrete ICT-related challenge and requires the integration of technical knowledge, research skills, and professional competencies.
During the final semester, the student analyses a real-world problem, develops and implements a substantiated solution, and reflects critically on both the process and the outcome. As part of the graduation moment, the student presents and demonstrates their work at Innovations Insight, explaining the relevance, approach, and results to a diverse audience of professionals, students, and teachers. This presentation forms an essential part of the assessment and demonstrates the student’s readiness to enter the ICT profession.