
Large Language Models for Cyber Security: A Systematic Literature Review
HANXIANG XU, Huazhong University of Science and Technology, China
SHENAO WANG, Huazhong University of Science and Technology, China
NINGKE LI, Huazhong University of Science and Technology, China
KAILONG WANG∗,Huazhong University of Science and Technology, China
YANJIE ZHAO, Huazhong University of Science and Technology, China
KAI CHEN∗,Huazhong University of Science and Technology, China
TING YU, Hamad Bin Khalifa University, The State of Qatar
YANG LIU, Nanyang Technological University, Singapore
HAOYU WANG∗,Huazhong University of Science and Technology, China
The rapid advancement of Large Language Models (LLMs) has opened up new opportunities for leveraging articial intelligence in a
variety of application domains, including cybersecurity. As the volume and sophistication of cyber threats continue to grow, there
is an increasing need for intelligent systems that can automatically detect vulnerabilities, analyze malware, and respond to attacks.
In this survey, we conduct a comprehensive review of the literature on the application of LLMs in cybersecurity (LLM4Security).
By comprehensively collecting over 40K relevant papers and systematically analyzing 185 papers from top security and software
engineering venues, we aim to provide a holistic view of how LLMs are being used to solve diverse problems across the cybersecurity
domain.
Through our analysis, we identify several key ndings. First, we observe that LLMs are being applied to an expanding range
of cybersecurity tasks, including vulnerability detection, malware analysis, and network intrusion detection. Second, we analyze
application trends of dierent LLM architectures (such as encoder-only, encoder-decoder, and decoder-only) across security domains.
Third, we identify increasingly sophisticated techniques for adapting LLMs to cybersecurity, such as advanced ne-tuning, prompt
engineering, and external augmentation strategies. A signicant emerging trend is the use of LLM-based autonomous agents, which
represent a paradigm shift from single-task execution to orchestrating complex, multi-step security workows. Furthermore, we nd
that the datasets used for training and evaluating LLMs are often limited, highlighting the need for more comprehensive datasets and
the use of LLMs for data augmentation. Finally, we discuss the main challenges and opportunities for future research, including the
need for more interpretable models, addressing the inherent security risks of LLMs, and their potential for proactive defense.
Overall, our survey provides a comprehensive overview of the current state-of-the-art in LLM4Security and identies several
promising directions for future research. We believe that the insights and ndings presented in this survey will contribute to the
growing body of knowledge on the application of LLMs in cybersecurity and provide valuable guidance for researchers and practitioners
working in this eld.
1 INTRODUCTION
The rapid advancements in natural language processing (NLP) over the past decade have been largely driven by the
development of large language models (LLMs). By leveraging the Transformer architecture [
288
] and training on
∗Corresponding authors: {wangkl, kchen, haoyuwang}@hust.edu.cn
Authors’ addresses: Hanxiang Xu, Huazhong University of Science and Technology, China; Shenao Wang, Huazhong University of Science and Technology,
China; Ningke Li, Huazhong University of Science and Technology, China; Kailong Wang, Huazhong University of Science and Technology, China; Yanjie
Zhao, Huazhong University of Science and Technology, China; Kai Chen, Huazhong University of Science and Technology, China; Ting Yu, Hamad
Bin Khalifa University, The State of Qatar; Yang Liu, Nanyang Technological University, Singapore; Haoyu Wang, Huazhong University of Science and
Technology, China.
1
arXiv:2405.04760v5 [cs.CR] 22 Sep 2025