Traditional rule-based cybersecurity approaches struggle to counter dynamic, advanced threats. Method: This paper systematically establishes, for the first time, an LLM application paradigm across the full cybersecurity lifecycle—reconnaissance, foothold establishment, and lateral movement—via a systematic literature review (SLR), integrating threat intelligence frameworks, an LLM capability assessment matrix, and multi-scenario deployment case studies. Contribution/Results: We identify 12 representative LLM applications, 7 critical capability bottlenecks, and 5 prioritized research directions. Crucially, we distinguish and analyze intrinsic LLM risks (e.g., hallucination, prompt injection) from extrinsic deployment risks (e.g., data leakage, adversarial attacks). The study yields a comprehensive taxonomy of LLM-enabled cybersecurity, offering both theoretical foundations and practical guidelines for secure, engineering-grade AI adoption in security operations.

With the rapid development of technology and the acceleration of digitalisation, the frequency and complexity of cyber security threats are increasing. Traditional cybersecurity approaches, often based on static rules and predefined scenarios, are struggling to adapt to the rapidly evolving nature of modern cyberattacks. There is an urgent need for more adaptive and intelligent defence strategies. The emergence of Large Language Model (LLM) provides an innovative solution to cope with the increasingly severe cyber threats, and its potential in analysing complex attack patterns, predicting threats and assisting real-time response has attracted a lot of attention in the field of cybersecurity, and exploring how to effectively use LLM to defend against cyberattacks has become a hot topic in the current research field. This survey examines the applications of LLM from the perspective of the cyber attack lifecycle, focusing on the three phases of defense reconnaissance, foothold establishment, and lateral movement, and it analyzes the potential of LLMs in Cyber Threat Intelligence (CTI) tasks. Meanwhile, we investigate how LLM-based security solutions are deployed and applied in different network scenarios. It also summarizes the internal and external risk issues faced by LLM during its application. Finally, this survey also points out the facing risk issues and possible future research directions in this domain.