Autonomous cyber defense systems exhibit weak policy generalizability and lack verifiable security guarantees under advanced persistent threats (APTs). Method: This paper proposes a game-theoretic agent evaluation framework featuring: (1) a potential-function-driven reward shaping mechanism to accelerate convergence to Nash equilibrium in double-oracle games; and (2) the first multi-response oracle (MRO) framework, enabling systematic, scalable evaluation of open-source autonomous defense policies such as ACD-DRL. Contribution/Results: Experiments demonstrate that the framework significantly improves game-theoretic convergence speed and—crucially—enables the first quantitative assessment of robustness, environmental adaptability, and resilience against adversarial policy evolution. By providing formal, reproducible evaluation protocols grounded in game theory, the framework establishes a verifiable, empirically grounded pathway for certifying the security of autonomous defense systems.

The recent rise in increasingly sophisticated cyber-attacks raises the need for robust and resilient autonomous cyber-defence (ACD) agents. Given the variety of cyber-attack tactics, techniques and procedures (TTPs) employed, learning approaches that can return generalisable policies are desirable. Meanwhile, the assurance of ACD agents remains an open challenge. We address both challenges via an empirical game-theoretic analysis of deep reinforcement learning (DRL) approaches for ACD using the principled double oracle (DO) algorithm. This algorithm relies on adversaries iteratively learning (approximate) best responses against each others' policies; a computationally expensive endeavour for autonomous cyber operations agents. In this work we introduce and evaluate a theoretically-sound, potential-based reward shaping approach to expedite this process. In addition, given the increasing number of open-source ACD-DRL approaches, we extend the DO formulation to allow for multiple response oracles (MRO), providing a framework for a holistic evaluation of ACD approaches.