Cloud site anomaly detection suffers from high false-positive rates and poor interpretability due to severe class imbalance in metric data. This paper proposes CloudAnoAgent, the first large language model (LLM)-based intelligent agent integrating neuro-symbolic reasoning for unified, end-to-end interpretable anomaly inference over heterogeneous multi-source data—including metrics and logs. Key contributions are: (1) the first application of neuro-symbolic verification to anomaly detection, enabling verifiable logical reasoning over LLM-generated detection hypotheses; (2) the construction of CloudAnoBench, the first generative multimodal cloud anomaly benchmark with fine-grained annotations; and (3) under a multi-source joint reasoning framework, achieving a 46.36% improvement in classification accuracy, a 36.67% reduction in false-positive rate, and a 12.8% gain in anomaly type identification accuracy over baseline LLM prompting.

Anomaly detection in cloud sites remains a critical yet challenging task. Existing approaches that rely solely on metric data often suffer from high false positive rates (FPR) due to data imbalance between normal and anomalous events, leading to significant operational overhead for system reliance engineers. Recent advances in large language models (LLMs) offer new opportunities for integrating metrics with log data, enabling more accurate and interpretable anomaly detection. In this paper, we propose CloudAnoAgent, the first neuro-symbolic LLM-based agent for anomaly detection in cloud environments. CloudAnoAgent jointly processes structured metrics and textual log data in a unified pipeline, leveraging symbolic verification to validate detection hypotheses and generate structured anomaly reports. To support systematic evaluation, we introduce CloudAnoBench, the first benchmark that provides LLM-generated paired metrics and log data with fine-grained anomaly behavior annotations, filling a critical gap in existing datasets. Experimental results demonstrate that CloudAnoAgent improves anomaly classification accuracy by 46.36% and 36.67% on average and reduces the FPR by 36.67% and 33.89% on average over traditional baselines and LLM-only baseline, with a boost on anomaly type detection accuracy by 12.8% compared to vanilla LLM prompting. These results demonstrate the strengths of our approach in improving detection accuracy, reducing false positives, and enhancing interpretability, thereby supporting practical deployment in enterprise cloud environments.