Towards AI-Driven Human-Machine Co-Teaming for Adaptive and Agile Cyber Security Operation Centers

TL;DR

This paper proposes an AI-driven human-machine co-teaming framework using large language models to improve cybersecurity operations by enhancing threat detection, alert management, and incident response, aiming to reduce analyst workload.

Contribution

It introduces a novel co-teaming paradigm leveraging LLMs for SOC workflows, enabling AI agents to learn from analysts and improve cybersecurity task performance.

Findings

Potential for improved SOC productivity through human-AI collaboration

Use of LLMs to learn tacit knowledge from analysts

Framework encourages collaboration to develop measurable improvements

Abstract

Security Operations Centers (SOCs) face growing challenges in managing cybersecurity threats due to an overwhelming volume of alerts, a shortage of skilled analysts, and poorly integrated tools. Human-AI collaboration offers a promising path to augment the capabilities of SOC analysts while reducing their cognitive overload. To this end, we introduce an AI-driven human-machine co-teaming paradigm that leverages large language models (LLMs) to enhance threat intelligence, alert triage, and incident response workflows. We present a vision in which LLM-based AI agents learn from human analysts the tacit knowledge embedded in SOC operations, enabling the AI agents to improve their performance on SOC tasks through this co-teaming. We invite SOCs to collaborate with us to further develop this process and uncover replicable patterns where human-AI co-teaming yields measurable improvements in SOC productivity.