English
Related papers

Related papers: Using LLMs to Automate Threat Intelligence Analysi…

200 papers

Cyber threat intelligence (CTI) is central to modern cybersecurity, providing critical insights for detecting and mitigating evolving threats. With the natural language understanding and reasoning capabilities of large language models…

Cryptography and Security · Computer Science 2025-10-15 Yutong Cheng , Yang Liu , Changze Li , Dawn Song , Peng Gao

Security incident analysis (SIA) poses a major challenge for security operations centers, which must manage overwhelming alert volumes, large and diverse data sources, complex toolchains, and limited analyst expertise. These difficulties…

Cryptography and Security · Computer Science 2026-03-09 Sourov Jajodia , Madeena Sultana , Suryadipta Majumdar , Adrian Taylor , Grant Vandenberghe

As artificial intelligence (AI) becomes deeply embedded in critical services and everyday products, it is increasingly exposed to security threats which traditional cyber defenses were not designed to handle. In this paper, we investigate…

Cryptography and Security · Computer Science 2026-03-06 Natalia Krawczyk , Mateusz Szczepkowski , Adrian Brodzik , Krzysztof Bocianiak

Autonomous browsing agents powered by large language models (LLMs) are increasingly used to automate web-based tasks. However, their reliance on dynamic content, tool execution, and user-provided data exposes them to a broad attack surface.…

Cryptography and Security · Computer Science 2025-05-20 Mykyta Mudryi , Markiyan Chaklosh , Grzegorz Wójcik

Proactive approaches to security, such as adversary emulation, leverage information about threat actors and their techniques (Cyber Threat Intelligence, CTI). However, most CTI still comes in unstructured forms (i.e., natural language),…

Cryptography and Security · Computer Science 2022-08-26 Vittorio Orbinato , Mariarosaria Barbaraci , Roberto Natella , Domenico Cotroneo

Autonomous AI agents powered by large language models (LLMs) with structured function-calling interfaces enable real-time data retrieval, computation, and multi-step orchestration. However, the rapid growth of plugins, connectors, and…

Cryptography and Security · Computer Science 2025-12-16 Mohamed Amine Ferrag , Norbert Tihanyi , Djallel Hamouda , Leandros Maglaras , Abderrahmane Lakas , Merouane Debbah

Cybersecurity has become one of the earliest adopters of agentic AI, as security operations centers increasingly rely on multi-step reasoning, tool-driven analysis, and rapid decision-making under pressure. While individual large language…

Cryptography and Security · Computer Science 2025-12-09 Vaishali Vinay

From automated intrusion testing to discovery of zero-day attacks before software launch, agentic AI calls for great promises in security engineering. This strong capability is bound with a similar threat: the security and research…

Cryptography and Security · Computer Science 2025-05-13 Brian Challita , Pierre Parrend

Large Language Models (LLMs) have the potential to significantly enhance threat intelligence by automating the collection, preprocessing, and analysis of threat data. However, the usability of these tools is critical to ensure their…

Cryptography and Security · Computer Science 2024-09-24 Sanchana Srikanth , Mohammad Hasanuzzaman , Farah Tasnur Meem

This work evaluates the performance of Cyber Threat Intelligence (CTI) extraction methods in identifying attack techniques from threat reports available on the web using the MITRE ATT&CK framework. We analyse four configurations utilising…

Cryptography and Security · Computer Science 2025-05-07 Hoang Cuong Nguyen , Shahroz Tariq , Mohan Baruwal Chhetri , Bao Quoc Vo

Large language models (LLMs) can be used to analyze cyber threat intelligence (CTI) data from cybercrime forums, which contain extensive information and key discussions about emerging cyber threats. However, to date, the level of accuracy…

Security analysts are overwhelmed by the volume of alerts and the low context provided by many detection systems. Early-stage investigations typically require manual correlation across multiple log sources, a task that is usually…

Cryptography and Security · Computer Science 2026-04-29 Even Eilertsen , Vasileios Mavroeidis , Gudmund Grov

Cyber Threat Intelligence (CTI) reports document observations of cyber threats, synthesizing evidence about adversaries' actions and intent into actionable knowledge that informs detection, response, and defense planning. However, the…

Cryptography and Security · Computer Science 2026-03-04 Haokai Ma , Javier Yong , Yunshan Ma , Kuei Chen , Anis Yusof , Zhenkai Liang , Ee-Chien Chang

Post-mortem analysis of compromised systems is a key aspect of cyber forensics, today a mostly manual, slow, and error-prone task. Agentic AI, i.e., LLM-powered agents, is a promising avenue for automation. However, applying such agents to…

Cryptography and Security · Computer Science 2026-03-06 Stefano Fumero , Kai Huang , Matteo Boffa , Danilo Giordano , Marco Mellia , Dario Rossi

Cyber Threat Intelligence (CTI) has emerged as a vital complementary approach that operates in the early phases of the cyber threat lifecycle. CTI involves collecting, processing, and analyzing threat data to provide a more accurate and…

Cryptography and Security · Computer Science 2026-05-25 Samaneh Shafee , Alysson Bessani , Pedro M. Ferreira

Large Language Models (LLMs) are increasingly deployed as agentic systems that plan, memorize, and act in open-world environments. This shift brings new security problems: failures are no longer only unsafe text generation, but can become…

Cryptography and Security · Computer Science 2026-03-03 Zhihang Deng , Jiaping Gui , Weinan Zhang

An Artificial Intelligence (AI) agent is a software entity that autonomously performs tasks or makes decisions based on pre-defined objectives and data inputs. AI agents, capable of perceiving user inputs, reasoning and planning tasks, and…

Cryptography and Security · Computer Science 2025-11-26 Zehang Deng , Yongjian Guo , Changzhou Han , Wanlun Ma , Junwu Xiong , Sheng Wen , Yang Xiang

Agentic AI systems, specifically LLM-driven agents that plan, invoke tools, maintain persistent memory, and delegate tasks to peer agents via protocols such as MCP and A2A, introduce a threat surface that differs materially from standalone…

Cryptography and Security · Computer Science 2026-05-08 Javad Forough , Marios Kogias , Hamed Haddadi

As the practicality of Artificial Intelligence (AI) and Machine Learning (ML) based techniques grow, there is an ever increasing threat of adversarial attacks. There is a need to red team this ecosystem to identify system vulnerabilities,…

Cryptography and Security · Computer Science 2022-08-17 Chuyen Nguyen , Caleb Morgan , Sudip Mittal

With ChatGPT-like large language models (LLM) prevailing in the community, how to evaluate the ability of LLMs is an open question. Existing evaluation methods suffer from following shortcomings: (1) constrained evaluation abilities, (2)…

Artificial Intelligence · Computer Science 2023-08-09 Jiaju Lin , Haoran Zhao , Aochi Zhang , Yiting Wu , Huqiuyue Ping , Qin Chen