Hybrid AI System Proposed for Financial Cybersecurity

A recent position paper from arXiv (2605.01892) advocates for European financial institutions to adopt hybrid multi-agent AI systems that integrate LLMs with current SIEM/XDR telemetry instead of replacing it. The document points out that enterprise SIEMs only address a small portion of MITRE ATT&CK techniques, and two-thirds of SOC teams struggle to manage the volume of alerts. Furthermore, many breaches are preceded by alerts that go uninvestigated. Although advanced LLMs excel in specific tasks such as one-day vulnerability exploitation and intrusion detection, none have proven to be a comprehensive platform capable of integrating functions, maintaining multi-tenant states, aligning findings with regulatory requirements, and withstanding audits. The suggested model involves a system where specialized LLM subagents analyze traditional telemetry and share their insights to overcome reasoning limitations.