-
Researchers have found that the emergence of LLMs in the cybersecurity space poses a growing concern despite their widespread use in threat intelligence.
-
The reliance on LLMs by security experts was due to the exponential increase in infostealer malware activities between 2024 and 2025.
-
Investigators have also found that if not used properly, the risks of LLMs can outweigh the advantages of using them.
Over the years, with the growing cybercrime activities, nearly every attacker leaves behind some trails. For a long time now, security investigators have depended on threat intelligence solutions to survey both the regular, deep, and dark web.
By doing this, they have analyzed possible threats while generating billions of large language models (LLMs), and cybersecurity experts have been able to do more than juns of log events in the process.
LLMs Change the Narrative of Cybersecurity
According to a report from researchers at a cybersecurity firm, Flare, LLMs enable analysts to leverage GPT-powered platforms to scan forum posts in bulk. Even certain experienced analysts prompt these models to filter the needed information from these forums.
The report noted that, thanks to LLMs, no longer do experts have to manually parse hundreds of forum posts on Exploit.in RAMP or XSS.
A team of researchers combed through conversations, summarized them, flagged stolen details, and tracked paths of infection using GPT-3.5-turbo. In their report, they indicated that the AI had an accuracy of 96%, a recall of 88%, and a precision rate of 90%.
As per the report, cybercriminals favor using the path of easiest access into victim devices. Criminals have even exploited single sign-on (SSO) interfaces that are supposed to protect an enterprise’s main entry point, and researchers have now found these interfaces in malware logs.
Large Language Models (LLMs) like ChatGPT, Microsoft Copilot, and Gemini represent a specialized form of artificial intelligence (AI) designed to understand, process, and generate human language on a large scale.
A recent research found that the market was valued at $5.72 billion in 2024, and is projected to grow at a CAGR of 35.92% from 2025, surging to $123.09 billion in 2034.
LLMs in the Wrong Hands?
However, Carnegie Mellon University ran an experiment to test the power of LLMs in the wrong hands. The team prompted the models to recreate the same conditions that led to the 2017 Equifax cyberattack.
To their surprise, the tool outperformed expectations, executing every step from planning the breach to deploying malware and exfiltrating the needed data on its own.
Researchers at Flare noted that the effectiveness of the LLM depends on the prompt fed to it. They argue that well-crafted prompts translate intent into action and steer the LLM to extract needed data for investigators.
Notably, when the need is to remove threats from exposed credentials, investigators can code it to scan dark web forums for important cyber threat intelligence (CTI) signals. These include illegal sales activity, mentions of large corporations, initial access, or critical infrastructure, geopolitical talks, industries, and technologies.
At the moment, there is a great distinction between cybersecurity executives who favor the adoption of AI and cybersecurity analysts who consider it a great risk. According to a recent study, 71% of executives say that AI has enhanced productivity, while 22% of frontline cybersecurity analysts using these solutions agree.
