To address the challenge of detecting stealthy, long-term Advanced Persistent Threats (APTs) in 6G networks, this paper proposes the first LLM-driven APT detection research framework. We systematically analyze five core technical challenges—semantic log fusion, encrypted traffic analysis, edge deployment constraints, multi-source data scarcity, and slice-aware real-time adaptation—and introduce a novel multidimensional taxonomy spanning granularity, deployment models, and cyber kill-chain stages. Key bottlenecks identified include insufficient model interpretability, limited labeled multi-modal data, stringent edge hardware constraints, and dynamic network-slicing requirements. By integrating large language model–based semantic reasoning, APT attack modeling, 6G network slicing, and edge intelligence, we establish the first comprehensive research roadmap for LLM-empowered APT detection in 6G, accompanied by an open list of unresolved challenges. This work lays the theoretical and methodological foundation for next-generation security architectures that are reproducible, low-latency, and highly adaptive.

Sixth Generation (6G) wireless networks, which are expected to be deployed in the 2030s, have already created great excitement in academia and the private sector with their extremely high communication speed and low latency rates. However, despite the ultra-low latency, high throughput, and AI-assisted orchestration capabilities they promise, they are vulnerable to stealthy and long-term Advanced Persistent Threats (APTs). Large Language Models (LLMs) stand out as an ideal candidate to fill this gap with their high success in semantic reasoning and threat intelligence. In this paper, we present a comprehensive systematic review and taxonomy study for LLM-assisted APT detection in 6G networks. We address five research questions, namely, semantic merging of fragmented logs, encrypted traffic analysis, edge distribution constraints, dataset/modeling techniques, and reproducibility trends, by leveraging most recent studies on the intersection of LLMs, APTs, and 6G wireless networks. We identify open challenges such as explainability gaps, data scarcity, edge hardware limitations, and the need for real-time slicing-aware adaptation by presenting various taxonomies such as granularity, deployment models, and kill chain stages. We then conclude the paper by providing several research gaps in 6G infrastructures for future researchers. To the best of our knowledge, this paper is the first comprehensive systematic review and classification study on LLM-based APT detection in 6G networks.