Current financial Security Operations Centers (SOCs) are constrained by limited reasoning capabilities, hindering their ability to efficiently manage massive alert volumes, comprehensively cover the full spectrum of attack techniques, and meet stringent compliance requirements. This work proposes a principal-agent-coordinated hybrid multi-agent architecture that integrates specialized large language model (LLM) sub-agents to collaboratively reason over SIEM/XDR telemetry data. The platform supports privacy-preserving federated learning, quantum authentication, digital twins, and eBPF-based kernel telemetry. Designed with model-agnosticism, local deployability, multi-tenant state sharing, and skill-based agent adaptability, it enables auditable and continuously evolving collective defense. Empirical validation across four critical financial use cases—customer impersonation, anti-money laundering, banking incident response, and high-frequency trading resilience—demonstrates its effectiveness.

European financial institutions face mounting regulatory pressure while their security operations centres remain constrained not by data or staffing but by reasoning capacity: enterprise SIEMs cover only a fraction of MITRE ATT&CK techniques, two thirds of SOC teams cannot keep pace with alert volumes, and the majority of breaches are preceded by alerts that are generated but never investigated. Frontier large language models now achieve state-of-the-art results on isolated cybersecurity tasks (one-day vulnerability exploitation, code-level patching, intrusion detection) yet no narrow win constitutes a platform that can compose across functions, persist multi-tenant state, map findings to regulatory regimes and survive an audit. This position paper argues that the right unit of construction is a hybrid multi-agent system in which specialised LLM subagents reason over classical SIEM/XDR telemetry rather than replacing it, share accumulated agent state across institutions through privacy-preserving federation, and can connect to complementary capability packs such as quantum-based authentication, digital twins for adversarial validation, and eBPF-based kernel telemetry. We present CyberAId, a model-agnostic, on-premise-deployable platform in which a Main Agent coordination layer, a Reporting capability, and specialist subagents operate within a shared runtime under bounded human-in-the-loop autonomy, organised around four falsifiable design principles, and aligned with relevant regulations. CyberAId will be validated at four representative financial use cases (client impersonation, anti-money-laundering for payment service providers, retail-banking incident response, and high-frequency-trading resilience) and propose skill-based agent adaptation as the most promising research direction for turning each deployment into a contribution to a continuously refined collective defence.