Large Language Models in Cybersecurity: State-of-the-Art
Farzad Nourmohammadzadeh Motlagh, Mehrdad Hajizadeh, Mehryar Majd, Pejman Najafi, Feng Cheng, Christoph Meinel
TL;DR
This paper tackles the dual-use challenge of large language models in cybersecurity, surveying how LLMs can both strengthen defenses and enable sophisticated attacks. The authors categorize defensive applications under the NIST Cybersecurity Framework and adversarial uses under the MITRE ATT&CK framework, providing a holistic view of current capabilities. Key contributions include a taxonomy of LLM-enabled defense strategies, a catalog of adversarial techniques (from reconnaissance to C2), and identified research gaps—particularly in post-attack recovery. The work informs practitioners and researchers about opportunities and risks, underscoring the need for robust safeguards and future study of LLM-driven post-incident responses.
Abstract
The rise of Large Language Models (LLMs) has revolutionized our comprehension of intelligence bringing us closer to Artificial Intelligence. Since their introduction, researchers have actively explored the applications of LLMs across diverse fields, significantly elevating capabilities. Cybersecurity, traditionally resistant to data-driven solutions and slow to embrace machine learning, stands out as a domain. This study examines the existing literature, providing a thorough characterization of both defensive and adversarial applications of LLMs within the realm of cybersecurity. Our review not only surveys and categorizes the current landscape but also identifies critical research gaps. By evaluating both offensive and defensive applications, we aim to provide a holistic understanding of the potential risks and opportunities associated with LLM-driven cybersecurity.