DTDA is an LLM agent that produces novel security alerts at 80.1% customer-validated precision and 0.78 F1 on hidden activity while running at production scale inside Microsoft Defender.
CORTEX: Collaborative LLM Agents for High-Stakes Alert Triage, September 2025
7 Pith papers cite this work. Polarity classification is still indexing.
citation-role summary
citation-polarity summary
years
2026 7roles
background 3representative citing papers
AI-native asset intelligence framework converts heterogeneous security signals into normalized asset importance scores by separating intrinsic exposure from contextual factors using modeling and deterministic aggregation.
A RAG system with query-based log filtering achieves up to 94% recall in malware incident analysis and 96% attack-step detection, with ablation studies confirming the filtering step is essential.
Proposes a typed Security Context enforced across LLM agent components, Runtime Core, Tool Adapter Layer, and HITL gates for auditable, scoped cybersecurity workflows.
CyberAId is a proposed on-premise multi-agent system that coordinates LLM subagents with classical security tools to improve threat response and regulatory alignment in financial services.
A literature survey synthesizes 119 studies on AI-driven alert screening into a four-stage taxonomy of filtering, triage, correlation, and generative augmentation while identifying gaps in deployment realism and robustness.
citing papers explorer
-
GenAI-Driven Threat Detection with Microsoft Security Copilot
DTDA is an LLM agent that produces novel security alerts at 80.1% customer-validated precision and 0.78 F1 on hidden activity while running at production scale inside Microsoft Defender.
-
AI Native Asset Intelligence
AI-native asset intelligence framework converts heterogeneous security signals into normalized asset importance scores by separating intrinsic exposure from contextual factors using modeling and deterministic aggregation.
-
Retrieval-Augmented LLMs for Security Incident Analysis
A RAG system with query-based log filtering achieves up to 94% recall in malware incident analysis and 96% attack-step detection, with ablation studies confirming the filtering step is essential.
-
An Organization-Scoped LLM Agent Runtime Architecture for Regulated Cybersecurity Operations
Proposes a typed Security Context enforced across LLM agent components, Runtime Core, Tool Adapter Layer, and HITL gates for auditable, scoped cybersecurity workflows.
-
CyberAId: AI-Driven Cybersecurity for Financial Service Providers
CyberAId is a proposed on-premise multi-agent system that coordinates LLM subagents with classical security tools to improve threat response and regulatory alignment in financial services.
-
AI-Driven Security Alert Screening and Alert Fatigue Mitigation in Security Operations Centers: A Comprehensive Survey
A literature survey synthesizes 119 studies on AI-driven alert screening into a four-stage taxonomy of filtering, triage, correlation, and generative augmentation while identifying gaps in deployment realism and robustness.
- Like a Hammer, It Can Build, It Can Break: Large Language Model Uses, Perceptions, and Adoption in Cybersecurity Operations on Reddit