Branch-Commit-Validate: A Git-Inspired Workflow for Autonomous Red-Team Agents

Download PDF

Chinmay Shringi, Alon Hillel-Tuch, Sariya Rizwan

Published: 24 Jul 2025, Last Modified: 25 Jan 2026Springer Nature Lecture Notes in Computer Science: 2025 World Congress in Computer Science, Computer Engineering, & Applied Computing (CSCE)EveryoneRevisionsCC BY 4.0
Abstract: Red-team penetration testing is critical for uncovering vulnerabilities and strengthening defenses. Automating these complex engagements requires traversing vast, dynamic attack spaces and adjusting to real-time target changes, an area where existing search-based planners and deep reinforcement-learning (RL) agents struggle due to combinatorial explosion and prolonged training requirements. This paper presents Branch, Commit and Validate, a Git-inspired workflow that orchestrates specialized agents through parallel hypothesis exploration (Branch), metadata-rich recording of CPU-hours and operator-interaction time (Commit), and automated reliability and performance validation before integration (Validate). We intend to test the framework in a multi host, multi service simulated enterprise setting, gauging gains in decision delay, exploration efficiency, and validated coverage. Keywords: Validation frameworks, autonomous red teaming, version control, Penetration testing, Continuous integration (CI), Deep reinforcement-learning, Multi-agent systems.