To address the expanded attack surface introduced by the open architecture of 6G Open Radio Access Networks (O-RAN) and the inadequacy of traditional passive defense mechanisms in supporting closed-loop, autonomous security operations, this paper proposes the first closed-loop security agent framework tailored for O-RAN. Leveraging large language models (LLMs), the framework implements a modular multi-agent system integrating retrieval-augmented generation (RAG), the MITRE FiGHT knowledge graph, 3GPP/O-RAN standard repositories, and O-RAN control interfaces to enable end-to-end threat perception, interpretable analysis, automated classification, and coordinated response. Its key innovations include: (i) the first deep integration of trustworthy RAG with the O-RAN control plane—ensuring decision interpretability and execution safety; and (ii) a paradigm shift from passive detection to proactive, low-latency response. Experimental evaluation validates its capability in identifying sophisticated threats and orchestrating adaptive security policies, demonstrating the feasibility of LLM-driven autonomous security operations in 6G networks.

The evolution toward 6G networks is being accelerated by the Open Radio Access Network (O-RAN) paradigm -- an open, interoperable architecture that enables intelligent, modular applications across public telecom and private enterprise domains. While this openness creates unprecedented opportunities for innovation, it also expands the attack surface, demanding resilient, low-cost, and autonomous security solutions. Legacy defenses remain largely reactive, labor-intensive, and inadequate for the scale and complexity of next-generation systems. Current O-RAN applications focus mainly on network optimization or passive threat detection, with limited capability for closed-loop, automated response. To address this critical gap, we present an agentic AI framework for fully automated, end-to-end threat mitigation in 6G O-RAN environments. MobiLLM orchestrates security workflows through a modular multi-agent system powered by Large Language Models (LLMs). The framework features a Threat Analysis Agent for real-time data triage, a Threat Classification Agent that uses Retrieval-Augmented Generation (RAG) to map anomalies to specific countermeasures, and a Threat Response Agent that safely operationalizes mitigation actions via O-RAN control interfaces. Grounded in trusted knowledge bases such as the MITRE FiGHT framework and 3GPP specifications, and equipped with robust safety guardrails, MobiLLM provides a blueprint for trustworthy AI-driven network security. Initial evaluations demonstrate that MobiLLM can effectively identify and orchestrate complex mitigation strategies, significantly reducing response latency and showcasing the feasibility of autonomous security operations in 6G.