CyLens: Towards Reinventing Cyber Threat Intelligence in the Paradigm of Agentic Large Language Models

TL;DR

CYLENS is a novel AI-powered cyber threat intelligence tool that leverages large language models and extensive threat report data to assist security professionals across the entire threat management lifecycle, improving scalability and adaptability.

Contribution

This work introduces CYLENS, a customizable LLM-based cyber threat intelligence system that integrates large-scale threat data and specialized NLP modules for enhanced reasoning and task support.

Findings

CYLENS outperforms existing LLMs and cybersecurity agents in evaluations.

It effectively supports threat attribution, detection, and remediation tasks.

CYLENS demonstrates high adaptability to different organizational needs.

Abstract

The exponential growth of cyber threat knowledge, exemplified by the expansion of databases such as MITRE-CVE and NVD, poses significant challenges for cyber threat analysis. Security professionals are increasingly burdened by the sheer volume and complexity of information, creating an urgent need for effective tools to navigate, synthesize, and act on large-scale data to counter evolving threats proactively. However, conventional threat intelligence tools often fail to scale with the dynamic nature of this data and lack the adaptability to support diverse threat intelligence tasks. In this work, we introduce CYLENS, a cyber threat intelligence copilot powered by large language models (LLMs). CYLENS is designed to assist security professionals throughout the entire threat management lifecycle, supporting threat attribution, contextualization, detection, correlation, prioritization, and remediation. To ensure domain expertise, CYLENS integrates knowledge from 271,570 threat reports into its model parameters and incorporates six specialized NLP modules to enhance reasoning capabilities. Furthermore, CYLENS can be customized to meet the unique needs of different or ganizations, underscoring its adaptability. Through extensive evaluations, we demonstrate that CYLENS consistently outperforms industry-leading LLMs and state-of-the-art cybersecurity agents. By detailing its design, development, and evaluation, this work provides a blueprint for leveraging LLMs to address complex, data-intensive cybersecurity challenges.