This study addresses the empirical gap in understanding how security practitioners actually use, perceive, and adopt large language models (LLMs) in their daily work. Through a mixed-methods approach, the authors conducted qualitative coding and statistical analysis of 892 posts from three prominent cybersecurity forums on Reddit between December 2022 and September 2025, offering the first systematic, community-grounded insights into LLM adoption patterns and barriers in security operations. The findings reveal that practitioners primarily deploy LLMs for low-risk, efficiency-oriented tasks, yet their ability to achieve high autonomy is constrained by concerns over model reliability, high verification costs, and potential security risks. Building on these insights, the paper proposes practical recommendations that balance operational efficiency with robust security considerations.

Large language models (LLMs) have recently emerged as promising tools for augmenting Security Operations Center (SOC) workflows, with vendors increasingly marketing autonomous AI solutions for SOCs. However, there remains a limited empirical understanding of how such tools are used, perceived, and adopted by real-world security practitioners. To address this gap, we conduct a mixed-methods analysis of discussions in cybersecurity-focused forums to learn how a diverse group of practitioners use and perceive modern LLM tools for security operations. More specifically, we analyzed 892 posts between December 2022 and September 2025 from three cybersecurity-focused forums on Reddit, and, using a combination of qualitative coding and statistical analysis, examined how security practitioners discuss LLM tools across three dimensions: (1) their stated tools and use cases, (2) the perceived pros and cons of each tool across a set of critical factors, and (3) their adoption of such tools and the expected impacts on the cybersecurity industry and individual analysts. Overall, our findings reveal nuanced patterns in LLM tools adoption, highlighting independent use of LLMs for low-risk, productivity-oriented tasks, alongside active interest around enterprise-grade, security-focused LLM platforms. Although practitioners report meaningful gains in efficiency and effectiveness in LLM-assisted workflows, persistent issues with reliability, verification overheads, and security risks sharply constrain the autonomy granted to LLM tools. Based on these results, we also provide recommendations for developing and adopting LLM tools to ensure the security of organizations and the safety of cybersecurity practitioners.