Traditional intrusion detection systems (IDS) suffer from limited dynamic threat identification and poor cross-scenario generalization. Method: This paper systematically surveys Transformer architectures and large language models (LLMs) for cybersecurity, proposing the first taxonomy tailored to IDS—categorizing attention mechanisms, BERT/GPT-style models, CNN/LSTM-Transformer hybrids, and Vision Transformers (ViTs), while adapting them to diverse environments including networks, IoT, cloud, SDN, and autonomous driving. Contribution/Results: We introduce a challenge framework centered on interpretability, dynamic threat adaptability, and cross-platform scalability; establish a unified evaluation benchmark; analyze over 100 studies to quantitatively characterize trade-offs among detection accuracy, real-time performance, and generalization capability; and identify lightweight deployment and domain-adaptive fine-tuning as critical research directions—thereby providing both theoretical foundations and practical guidelines for operationalizing AI-driven security.

With significant advancements in Transformers LLMs, NLP has extended its reach into many research fields due to its enhanced capabilities in text generation and user interaction. One field benefiting greatly from these advancements is cybersecurity. In cybersecurity, many parameters that need to be protected and exchanged between senders and receivers are in the form of text and tabular data, making NLP a valuable tool in enhancing the security measures of communication protocols. This survey paper provides a comprehensive analysis of the utilization of Transformers and LLMs in cyber-threat detection systems. The methodology of paper selection and bibliometric analysis is outlined to establish a rigorous framework for evaluating existing research. The fundamentals of Transformers are discussed, including background information on various cyber-attacks and datasets commonly used in this field. The survey explores the application of Transformers in IDSs, focusing on different architectures such as Attention-based models, LLMs like BERT and GPT, CNN/LSTM-Transformer hybrids, emerging approaches like ViTs, among others. Furthermore, it explores the diverse environments and applications where Transformers and LLMs-based IDS have been implemented, including computer networks, IoT devices, critical infrastructure protection, cloud computing, SDN, as well as in autonomous vehicles. The paper also addresses research challenges and future directions in this area, identifying key issues such as interpretability, scalability, and adaptability to evolving threats, and more. Finally, the conclusion summarizes the findings and highlights the significance of Transformers and LLMs in enhancing cyber-threat detection capabilities, while also outlining potential avenues for further research and development.