This work proposes a neuro-symbolic hybrid architecture that integrates multi-agent AI with an expert system to address the challenges of extracting critical information from cyber threat intelligence and mitigating delayed response. By leveraging hyponymy-hypernymy semantic relationships for the first time in threat report analysis, the approach accurately identifies malicious entities and automatically generates executable CLIPS firewall rules. The framework innovatively combines semantic reasoning with automated response mechanisms, significantly improving both the accuracy of information extraction and the effectiveness of threat mitigation while preserving interpretability. Experimental results demonstrate its superiority over multiple baseline methods, validating the feasibility and advantages of a semantics-driven automated defense paradigm.

Web security demands rapid response capabilities to evolving cyber threats. Agentic Artificial Intelligence (AI) promises automation, but the need for trustworthy security responses is of the utmost importance. This work investigates the role of semantic relations in extracting information for sensitive operational tasks, such as configuring security controls for mitigating threats. To this end, it proposes to leverage hypernym-hyponym textual relations to extract relevant information from Cyber Threat Intelligence (CTI) reports. By leveraging a neuro-symbolic approach, the multi-agent system automatically generates CLIPS code for an expert system creating firewall rules to block malicious network traffic. Experimental results show the superior performance of the hypernym-hyponym retrieval strategy compared to various baselines and the higher effectiveness of the agentic approach in mitigating threats.