AI Cybersecurity Operations
Synthesis
AI in cybersecurity operations is represented by alert triage, incident response, threat detection, vulnerability repair, and analyst-assistance workflows.
Evidence Base
This page was generated from the batch ingest of SRC-20260702-raw-papers-batch, SRC-20260702-raw-whitepapers-batch, and SRC-20260702-raw-news-batch. Treat it as a navigation and synthesis page; promote individual statements into claim pages when they become decision-relevant.
Representative Sources
| Title | Kind | Date | Tags | Raw |
|---|---|---|---|---|
| Before You Hand Over the Wheel: Evaluating LLMs for Security Incident Analysis | paper | 2026-03-06 | Adrian Taylor, Grant Vandenberghe, Madeena Sultana, Sourov Jajodia, Suryadipta Majumdar, agentic-evaluation | raw |
| PAIEL: Protocol-Aware and Context-Integrated Protocol Explanation Using LLMs for SOCs | conference_paper | 2026-02-23 | ai-for-security, ai-soc, context-compression, protocol-analysis, rag, structured-context | raw |
| Non-Disruptive Disruption: An Empirical Experience of Introducing LLMs in the SOC | conference_paper | 2026-02-23 | ai-for-security, ai-soc, co-creation, ethnography, human-ai-collaboration | raw |
| Cognitive Threat Detection for SOC Operations: Automating Manipulation Tactic Analysis in Election S | conference_paper | 2026-02-23 | ai-for-security, ai-soc, cognitive-threat, election-security, llm-routing | raw |
| Experiences of Using Agentic AI to Fill Tooling Gaps in a Security Operations Center | paper | 2026 | Faayed Al Faisal, Kritan Banstola, Xinming Ou, ai-agent, ai-for-security, alert-triage | raw |
| Carbon Filter: Scalable, Efficient, and Secure Alert Triage for Endpoint Detection & Response | conference_paper | 2025-10-20 | Adam Bates, Jonathan Oliver, Muhammad Adil Inam, Raghav Batta, ai-for-security, ai-soc | raw |
| CORTEX: Collaborative LLM Agents for High-Stakes Alert Triage | paper | 2025-09-30 | Bowen Wei, Chris Jordan, Howard Liu, Jinhao Pan, Kun Luo, Yuan Shen Tay | raw |
| LLMs in the SOC: An Empirical Study of Human-AI Collaboration in Security Operations Centres | paper | 2025-06 | Cecile Paris, Fatemeh Jalalvand, Martin Lochner, Mohan Baruwal Chhetri, Ronal Singh, Shahroz Tariq | raw |
| Alert Fatigue in Security Operations Centres: Research Challenges and Opportunities | journal_paper | 2025-04-04 | Cecile Paris, Mohan Baruwal Chhetri, Shahroz Tariq, Surya Nepal, ai-for-security, ai-soc | raw |
| Severity-based triage of cybersecurity incidents using kill chain attack graphs | journal_paper | 2025-03 | Basel Katt, Lukas Sadlek, Muhammad Mudassar Yamin, Pavel Celeda, ai-for-security, ai-soc | raw |
| AI-Augmented SOC: A Survey of LLMs and Agents for Security Operations | paper | 2025 | ai-for-security, alert-triage, incident-response, llm-agents, security-operations, soc | raw |
| Large Language Models Can Provide Accurate and Interpretable Incident Triage | conference_paper | 2024-10 | Changhua Pei, Chaoyun Zhang, Chetan Bansal, Dongmei Zhang, Gaogang Xie, Jianhui Li | raw |
Open Questions
- Which evidence in this cluster is strongest enough to support a stable claim?
- Which results generalize across models, tools, and deployment settings?
- Which controls have been evaluated under realistic adversarial conditions?