Scenario Generation Agent — Summary
What It Does
Given a few pieces of information (e.g., company name and Domain), the agents research the company, generate tailored cyber incident scenarios, validate them against real historical incidents, and quantify their financial impact — outputting board-ready content stored in Axio's platform.
Scenario Generation Agent
From a company name and domain to board-ready, quantified cyber scenarios.
| # | Stage | Description |
|---|---|---|
| 1 | Research | Company, NAICS, revenue |
| 2 | Scenario Generation | 4–6 scenarios |
| 3 | Validation | Precedents & polish |
| 4 | Quantification | Impacts, formulas, susceptibility |
| 5 | Help Text | Plain-language documentation |
Key Features
- Agentic architecture — individual agents work per stage, not a monolithic prompt
- Context engineering — each prompt receives key aspects of output from previous stages
- Hallucination control — QA agents reduce false outputs
- Parallel execution — quantification sub-stages run concurrently per scenario
- Response caching — caching avoids redundant API calls
- Board-first framing — explicit prompt for executive readability
- Real-world grounding — precedent validation links every scenario to historical incident analogs
- Schema validation — all LLM output validated against strict JSON schemas
- Model selection by task — heavier models for research/modeling; lighter models for classification
Understanding the Output
Each scenario produced by the agent includes the following sections:
Opening paragraph: The scenario narrative itself — a board-ready description of a plausible cyber incident written specifically for this company's industry, business model, and critical assets. It leads with the attacker's method, traces how harm propagates through the company's systems, and lands on the business consequences that matter to executives: operational disruption, financial cost, and reputational damage.
Systems/Assets and Privacy Risk Validation: Documents that the systems and assets named in the scenario actually exist and work the way the scenario assumes. Each bullet cites a publicly discoverable source — product pages, help documentation, vendor agreements, privacy policies — confirming that the attack surface described is real, not hypothetical.
Attack Path Plausibility: Explains why each step of the attack is technically feasible given what is publicly known about the company's systems. Where a direct technical precedent doesn't exist, it draws on well-documented analogous attack patterns from security research (NIST, MITRE, etc.) and explains why the analogy applies.
Impact Reasonableness: Validates that the business consequences described in the scenario narrative are realistic in scale and type. Real incidents at comparable companies are cited to demonstrate that outcomes like operational shutdowns, regulatory exposure, or financial remedies have actually occurred — grounding the scenario against skepticism.
Precedents: A ranked list of real-world incidents that support the scenario's plausibility. Incidents are ordered from closest match to more analogous, with a brief explanation of why each one fits — same industry, same affected system, same failure mode, or comparable business impact — along with citations.
Notes on Unknowns/Analogies: Flags any claims in the scenario that rest on analogy or inference rather than confirmed public fact. This section is transparent about the limits of what can be verified externally, and explains the reasoning behind any assumptions so readers can judge them for themselves.
Inputs & Outputs
Input:
Company Name(required) — Name of the company being researchedNAICS(optional) — The North American Industry Classification System number that describes the main function of the companyRevenue(optional) — The annual revenue of the company being researchedDomain(required) — The web domain of the companyRefinement Prompt(optional) — A text prompt to focus the AI agents in their work
Output stored to Axio:
Board-ready, fully quantified scenario collections that include:
- Evaluations of attack-path plausibility, impact reasonableness, and assets per scenario
- Historical precedents per scenario
- Selection of relevant impacts
- Full formula generation that includes full help text per impact
- NAICS and Revenue categorization to derive probability of attacks per year, and susceptibility assignment and justification