To address analytical bottlenecks arising from the explosive growth and dynamic evolution of threat intelligence data, this paper proposes CYLENS—the first cybersecurity threat intelligence co-pilot system integrating large language models (LLMs) with structured domain knowledge. Methodologically, CYLENS features a customizable architecture incorporating parameterized knowledge from 271,000 threat reports and six specialized NLP modules. Its core innovations include domain-knowledge parameter injection, multi-module collaborative reasoning, structured threat intelligence alignment, and organization-level personalization. CYLENS supports the full threat intelligence lifecycle—attributing threats, contextualizing incidents, detecting indicators, correlating events, prioritizing alerts, and recommending responses. Empirical evaluation demonstrates that CYLENS significantly outperforms leading commercial LLMs and state-of-the-art security agents across multiple tasks, substantially improving both analytical efficiency and judgment accuracy.

The exponential growth of cyber threat knowledge, exemplified by the expansion of databases such as MITRE-CVE and NVD, poses significant challenges for cyber threat analysis. Security professionals are increasingly burdened by the sheer volume and complexity of information, creating an urgent need for effective tools to navigate, synthesize, and act on large-scale data to counter evolving threats proactively. However, conventional threat intelligence tools often fail to scale with the dynamic nature of this data and lack the adaptability to support diverse threat intelligence tasks. In this work, we introduce CYLENS, a cyber threat intelligence copilot powered by large language models (LLMs). CYLENS is designed to assist security professionals throughout the entire threat management lifecycle, supporting threat attribution, contextualization, detection, correlation, prioritization, and remediation. To ensure domain expertise, CYLENS integrates knowledge from 271,570 threat reports into its model parameters and incorporates six specialized NLP modules to enhance reasoning capabilities. Furthermore, CYLENS can be customized to meet the unique needs of different or ganizations, underscoring its adaptability. Through extensive evaluations, we demonstrate that CYLENS consistently outperforms industry-leading LLMs and state-of-the-art cybersecurity agents. By detailing its design, development, and evaluation, this work provides a blueprint for leveraging LLMs to address complex, data-intensive cybersecurity challenges.