To address the limitations of existing network defense approaches in scalability and adversarial robustness, this paper proposes a decentralized dynamic defense framework based on multi-agent reinforcement learning (MARL), targeting two core challenges: intrusion detection and lateral movement containment. Methodologically, it introduces the first systematic integration of Autonomous Intelligent Cyber Defense Agents (AICA) with the Cyber Gym cybersecurity simulation platform to establish a distributed collaborative decision-making architecture, augmented by adversarial training to enhance robustness. The contributions are threefold: (1) establishing a principled MARL-driven technical roadmap for cyber defense; (2) empirically validating the framework’s effectiveness and generalizability in dynamic threat response, cooperative containment, and cross-domain coordination; and (3) providing a novel paradigm for scalable, adaptive, and interference-resilient automated defense in realistic operational environments.

Multi-Agent Reinforcement Learning (MARL) has shown great potential as an adaptive solution for addressing modern cybersecurity challenges. MARL enables decentralized, adaptive, and collaborative defense strategies and provides an automated mechanism to combat dynamic, coordinated, and sophisticated threats. This survey investigates the current state of research in MARL applications for automated cyber defense (ACD), focusing on intruder detection and lateral movement containment. Additionally, it examines the role of Autonomous Intelligent Cyber-defense Agents (AICA) and Cyber Gyms in training and validating MARL agents. Finally, the paper outlines existing challenges, such as scalability and adversarial robustness, and proposes future research directions. This also discusses how MARL integrates in AICA to provide adaptive, scalable, and dynamic solutions to counter the increasingly sophisticated landscape of cyber threats. It highlights the transformative potential of MARL in areas like intrusion detection and lateral movement containment, and underscores the value of Cyber Gyms for training and validation of AICA.