This work systematically investigates the application paradigms and challenges of large language models (LLMs) in cybersecurity. Addressing the lack of a unified research framework, the authors conduct a comprehensive literature review—screening over 30,000 publications and performing in-depth analysis of 127 top-tier conference papers—to construct the first LLM4Security research taxonomy, covering four core tasks: vulnerability detection, malware analysis, intrusion identification, and threat hunting. Methodologically, they propose three domain-adaptation strategies: security-domain pretraining on curated corpora, fine-grained task-specific fine-tuning, and multimodal collaborative modeling. The study identifies five critical open challenges: scarcity of high-quality security data, limited model interpretability, weak privacy preservation and adversarial robustness, absence of standardized evaluation benchmarks, and constrained cross-task generalization. As the first systematic survey and authoritative research guide in this emerging field, this work lays foundational insights for advancing LLM-powered proactive cyber defense.

The rapid advancement of Large Language Models (LLMs) has opened up new opportunities for leveraging artificial intelligence in various domains, including cybersecurity. As the volume and sophistication of cyber threats continue to grow, there is an increasing need for intelligent systems that can automatically detect vulnerabilities, analyze malware, and respond to attacks. In this survey, we conduct a comprehensive review of the literature on the application of LLMs in cybersecurity (LLM4Security). By comprehensively collecting over 30K relevant papers and systematically analyzing 127 papers from top security and software engineering venues, we aim to provide a holistic view of how LLMs are being used to solve diverse problems across the cybersecurity domain. Through our analysis, we identify several key findings. First, we observe that LLMs are being applied to a wide range of cybersecurity tasks, including vulnerability detection, malware analysis, network intrusion detection, and phishing detection. Second, we find that the datasets used for training and evaluating LLMs in these tasks are often limited in size and diversity, highlighting the need for more comprehensive and representative datasets. Third, we identify several promising techniques for adapting LLMs to specific cybersecurity domains, such as fine-tuning, transfer learning, and domain-specific pre-training. Finally, we discuss the main challenges and opportunities for future research in LLM4Security, including the need for more interpretable and explainable models, the importance of addressing data privacy and security concerns, and the potential for leveraging LLMs for proactive defense and threat hunting. Overall, our survey provides a comprehensive overview of the current state-of-the-art in LLM4Security and identifies several promising directions for future research.