Traditional AI exhibits fundamental limitations in cybersecurity—including weak conceptual grounding, poor instruction adaptability, and misalignment with security objectives. This study systematically surveys neural-symbolic AI (NeSy) applications in cybersecurity from 2019 to 2025 and proposes the novel G-I-A (Grounding–Instructibility–Alignment) triadic evaluation framework—the first to holistically quantify NeSy systems’ semantic grounding capability, analyst instructibility, and security objective alignment. By integrating multi-agent architectures, causal reasoning, and neural-symbolic synergies, our approach significantly improves zero-day attack detection and malware analysis accuracy while enabling interpretable, adaptive defense. We further identify dual risks arising from autonomous adversarial behavior. The study also reveals critical gaps: lack of standardization and persistent human-AI collaboration bottlenecks. Collectively, it establishes a theoretical foundation and actionable roadmap for the responsible development of NeSy-based security AI.

Traditional Artificial Intelligence (AI) approaches in cybersecurity exhibit fundamental limitations: inadequate conceptual grounding leading to non-robustness against novel attacks; limited instructibility impeding analyst-guided adaptation; and misalignment with cybersecurity objectives. Neuro-Symbolic (NeSy) AI has emerged with the potential to revolutionize cybersecurity AI. However, there is no systematic understanding of this emerging approach. These hybrid systems address critical cybersecurity challenges by combining neural pattern recognition with symbolic reasoning, enabling enhanced threat understanding while introducing concerning autonomous offensive capabilities that reshape threat landscapes. In this survey, we systematically characterize this field by analyzing 127 publications spanning 2019-July 2025. We introduce a Grounding-Instructibility-Alignment (G-I-A) framework to evaluate these systems, focusing on both cyber defense and cyber offense across network security, malware analysis, and cyber operations. Our analysis shows advantages of multi-agent NeSy architectures and identifies critical implementation challenges including standardization gaps, computational complexity, and human-AI collaboration requirements that constrain deployment. We show that causal reasoning integration is the most transformative advancement, enabling proactive defense beyond correlation-based approaches. Our findings highlight dual-use implications where autonomous systems demonstrate substantial capabilities in zero-day exploitation while achieving significant cost reductions, altering threat dynamics. We provide insights and future research directions, emphasizing the urgent need for community-driven standardization frameworks and responsible development practices that ensure advancement serves defensive cybersecurity objectives while maintaining societal alignment.