Autonomous Cyber Defense: LLM-Powered Incident Response with LangChain and SOAR Integration

Sandhya Guduru

doi:10.63530/IJCSITR_2025_06_01_008

Authors

Sandhya Guduru Masters in Information Systems Security, Software Engineer - Technical Lead, USA. Author

DOI:

https://doi.org/10.63530/IJCSITR_2025_06_01_008

Keywords:

Autonomous Cyber Defense, Large Language Models (LLMs), LangChain, Security Orchestration Automation and Response (SOAR), MITRE ATT&CK, Probabilistic Graphical Models (PGMs), AI-Driven Incident Response, Cybersecurity Automation

Abstract

The increasing sophistication of cyber threats necessitates the adoption of advanced, autonomous defense mechanisms. Large Language Models (LLMs) have emerged as a powerful tool for automating cybersecurity workflows, enabling intelligent incident response. This paper explores integrating LLM-powered incident response using LangChain, a framework that enhances natural language processing capabilities, and Security Orchestration, Automation, and Response (SOAR) platforms like Tines for automated containment workflows. The proposed system leverages MITRE ATT&CK playbooks to train LLMs, ensuring contextual decision-making and threat mitigation. Furthermore, probabilistic graphical models (PGMs) validate LLM-driven decisions, enhancing reliability and reducing false positives. This approach minimizes response time and enhances cybersecurity resilience by automating threat detection, triage, and containment. The findings underscore the transformative potential of AI-driven cyber defense, offering a scalable and efficient solution for mitigating modern cyber threats.

References

“AI in Cybersecurity: 13 Examples and Use Cases,” Perception Point, Nov. 25, 2024. Available: https://perception-point.io/guides/ai-security/ai-in-cybersecurity-examples-use-cases/?.

A. Jamil, “Case Studies: Successful Implementations of AI in Cyber Defense,” Umetech.net, Sep. 03, 2024. Available: https://www.umetech.net/blog-posts/successful-implementations-of-ai-in-cyber-defense?.

S. Chahal, “AI-Enhanced Cyber Incident Response and Recovery,” International journal of science and research, vol. 12, no. 3, pp. 1795–1801, Mar. 2023, doi: https://doi.org/10.21275/sr231003163025

J. Zhang, “When LLMs Meet Cybersecurity: A Systematic Literature Review,” Arxiv.org, 2023. Available: https://arxiv.org/html/2405.03644v1?.

V. Mavroudis, “LangChain,” Nov. 2024, doi: https://doi.org/10.20944/preprints202411.0566.v1. Available: https://hal.science/hal-04817573/.

I. Jada and T. O. Mayayise, “The impact of artificial intelligence on organisational cyber security: An outcome of a systematic literature review,” Data and Information Management, vol. 8, no. 2, pp. 100063–100063, 2023, doi: https://doi.org/10.1016/j.dim.2023.100063. Available: https://www.sciencedirect.com/science/article/pii/S2543925123000372

A. H. Salem, S. M. Azzam, O. E. Emam, and A. A. Abohany, “Advancing cybersecurity: a comprehensive review of AI-driven detection techniques,” Journal Of Big Data, vol. 11, no. 1, Aug. 2024, doi: https://doi.org/10.1186/s40537-024-00957-y. Available: https://journalofbigdata.springeropen.com/articles/10.1186/s40537-024-00957-y

R. Kelly, “Simplifying Cyber Incident Response Strategies,” NormCyber, Nov. 04, 2024. Available: https://www.normcyber.com/blog/navigating-the-complexity-of-cyber-incident-response/?.

admin, “The Limitations of Incident Management: Challenges and Opportunities,” CIO Insight Hub, Nov. 07, 2022. Available: https://ciohub.org/post/2022/11/the-limitations-of-incident-management/?

J. Chukwube, “Challenges to Traditional Methods of Cybersecurity Information Gathering - Risk and Resilience Hub,” Risk and Resilience Hub, Jan. 26, 2023. Available: https://www.riskandresiliencehub.com/challenges-to-traditional-methods-of-cybersecurity-information-gathering/?.

T. Ali and P. Kostakos, “HuntGPT: Integrating Machine Learning-Based Anomaly Detection and Explainable AI with Large Language Models (LLMs),” arXiv.org, 2023. Available: https://arxiv.org/abs/2309.16021?.

J. Kerwin, “What Is the Role of AI in Cybersecurity?,” Excelsior University, Jul. 2024. Available: https://www.excelsior.edu/article/ai-in-cybersecurity/?

G. Sweny, “How AI and LLMs change SOAR and the Security Operations Center (SOC),” Agileblue.com, 2019. Available: https://agileblue.com/how-ai-and-llms-change-soar-and-the-security-operations-center-soc/?.