Chimera: Harnessing Multi-Agent LLMs for Automatic Insider Threat Simulation
Jiongchi Yu
Network and Distributed System Security (NDSS) Symposium 2026 · Day 1 · AI Security
This talk introduces **Chimera**, the first multi-agent LLM framework for automated insider threat simulation. The system addresses a critical gap in insider threat detection: the lack of **high-quality, realistic, large-scale, and adaptive datasets** for training and evaluating detection models. Chimera deploys LLM-powered agents as employees within a simulated organization, generating both benign work activities and adversarial insider behaviors with full semantic context.
AI review
A well-motivated framework for generating realistic insider threat simulation data using multi-agent LLMs. The MITRE ATT&CK TTP structuring from real prosecution records gives the attack scenarios credibility, and the finding that existing detection models struggle with Chimera data is a useful wake-up call. However, this is fundamentally a data generation and benchmarking paper, not attack research. The 12 attack types are drawn from existing knowledge, not novel techniques.