Pith. sign in

REVIEW 3 major objections 8 minor 74 references

Reviewed by Pith at T0; open to challenge.

T0 review · glm-5.2

LLMs cut both ways in cybersecurity: same model defends and attacks

2026-07-09 00:53 UTC pith:Y5HDU2XS

load-bearing objection Survey of LLM dual-use in cybersecurity: competent synthesis but built on unverifiable sources the 3 major comments →

arxiv 2607.06963 v1 pith:Y5HDU2XS submitted 2026-07-08 cs.CR cs.AIcs.CL

Large Language Models (LLMs) and Generative AI in Cybersecurity and Privacy: A Survey of Dual-Use Risks, AI-Generated Malware, Explainability, and Defensive Strategies

classification cs.CR cs.AIcs.CL
keywords cybersecuritydefensedetectionllmsthreatai-drivenautomatedgenerative
verification ladder T0 review T1 audit T2 compute T3 formal T4 reserved

The pith

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper surveys how large language models serve as dual-use instruments in cybersecurity, enabling both advanced defense (automated threat detection, secure code generation, zero-day vulnerability identification, DevSecOps integration) and scaled offense (malware creation, phishing, code obfuscation). The authors document a projected rise in LLM-assisted malware from 2% of detected threats in 2021 to 50% by 2025, framing this as evidence that generative AI has shifted from experimental tool to systemic risk vector. They examine real-world deployments across Google Play Protect, Microsoft Defender, Amazon CodeWhisperer, and other platforms, cataloging how industry leaders embed LLMs into security workflows. The paper then synthesizes defensive strategies—federated learning for privacy-preserving deployment, explainable AI techniques (SHAP, LIME) for transparency, zero-day detection via semantic code understanding, and governance frameworks (EU AI Act, NIST AI RMF)—arguing that the same generative capabilities that harden systems can weaponize them if left ungoverned. The central claim is that this symmetry between offensive and defensive potential demands integrated governance combining technical safeguards (model watermarking, adversarial defense, red-teaming) with regulatory accountability.

Core claim

The paper identifies a structural symmetry in LLM-enabled cybersecurity: every defensive capability (code scanning, anomaly detection, vulnerability discovery, threat classification) has a direct offensive counterpart (malware generation, obfuscation, zero-day exploitation, phishing automation), and this symmetry is intensifying as LLMs democratize access to both sides. The authors document this through a growth trajectory of LLM-assisted malware and through case studies showing major platforms deploying LLMs defensively while the same model classes are available for misuse. The paper's contribution is a structured mapping of this dual-use landscape across threat vectors, defensive tools, XA

What carries the argument

Dual-use symmetry of LLMs in cybersecurity

Load-bearing premise

The paper's urgency argument rests on a projected statistic that LLM-assisted malware will constitute 50% of detected threats by 2025, sourced to a single industry report, without examining how 'LLM-assisted' attribution is actually determined or whether the methodology behind that attribution is reliable.

What would settle it

If the share of malware genuinely attributable to LLM assistance does not rise as projected, or if attribution of malware to 'LLM-generated' proves methodologically unsound, the paper's framing of an accelerating crisis would weaken—though the dual-use thesis itself does not depend on this single trend line.

If this is right

  • Security teams that embed LLMs into detection pipelines must simultaneously harden those LLMs against adversarial manipulation, poisoning, and model extraction, creating a new attack surface that did not exist with traditional static analyzers.
  • Federated learning architectures could become the default deployment pattern for security LLMs in regulated industries, as they resolve the tension between model utility and data-residency requirements under GDPR and CCPA.
  • The democratization of malware creation through LLMs may shift the economics of cybercrime, lowering the skill barrier for producing polymorphic and contextually convincing phishing payloads, which would pressure defensive systems to move from signature-based to semantic understanding.
  • Explainability requirements may become legally binding for security decisions made by LLMs, particularly under the EU AI Act's transparency mandates, forcing organizations to adopt XAI techniques like SHAP and LIME not as optional UX features but as compliance infrastructure.
  • Zero-day detection may become an arms race between defenders and attackers using the same class of models, with the advantage going to whichever side can fine-tune faster on vulnerability-tagged corpora.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit.

Referee Report

3 major / 8 minor

Summary. This survey reviews the dual-use nature of Large Language Models (LLMs) in cybersecurity, covering both defensive applications (threat detection, secure code generation, zero-day identification, DevSecOps, federated learning, explainable AI) and offensive capabilities (AI-generated malware, phishing, code obfuscation). The paper synthesizes over 70 academic papers, industry reports, and technical documents, and includes case studies from major platforms (Google Play Protect, Microsoft Defender, AWS, GitHub). The central thesis—that LLMs simultaneously empower defenders and attackers, necessitating integrated governance frameworks—is well-motivated and broadly consistent with current discourse in the field.

Significance. The survey covers a timely and important topic at the intersection of AI and cybersecurity. Its breadth—spanning defensive tooling, offensive threats, governance frameworks, and privacy-preserving architectures—is a strength, as is the inclusion of real-world platform case studies (Table II, §III.E). The governance timeline (Figure 5) and the federated learning architectural comparison (Figure 3) are useful contributions. However, the paper's significance is substantially undermined by the presence of multiple references that appear to be unverifiable or possibly fabricated, which compromises the evidentiary base for several sections. The central dual-use thesis itself is sound and does not depend on any single statistic or reference, but the manuscript cannot be recommended for publication until the reference integrity issue is resolved.

major comments (3)
  1. References [52]–[56] appear unverifiable through standard academic databases. [52] (Silva, 'IEEE Conf. Cybersecurity Innovations, 2025'), [53] (Mishra et al., CySecBench, IEEE TIFS 2025), [54] (Wang et al., CyberMentor, 2025), [55] (Barrett et al., IEEE Trans. Technol. Soc. 2023), and [56] (Gupta et al., IEEE Workshop on AI Governance, 2023) could not be located. These references are load-bearing for Sections III.I and III.M, where they support claims about explainability benchmarks, ethical auditing frameworks, and governance infrastructure. If these sources do not exist or are mischaracterized, the evidentiary foundation for the explainability and governance recommendations is compromised. The authors must either provide verifiable DOIs/URLs for each or replace them with established, checkable references.
  2. Table I (§III.C): The 50% LLM-assisted malware projection for 2025 is sourced to Cybersecurity Ventures [32] and presented alongside historical data (2021–2023) without clear distinction between empirical measurements and forward-looking projections. The text states 'we analyzed data from Cybersecurity Ventures' but performs no independent analysis beyond reproducing their numbers. More critically, there is no established forensic methodology for post-hoc attribution of malware to 'LLM-assisted' generation, yet the table presents these percentages as quantified trend data. The 2024–2025 entries should be explicitly labeled as projections, and the paper should acknowledge the methodological difficulty of attributing malware to LLM assistance. The urgency argument does not collapse without this figure, but presenting speculative projections as empirical measurements is misleading.
  3. References [15] and [59] appear to cite the same work (Lisha et al. on zero-day vulnerability benchmarking) with different co-authors and venues: [15] cites 'IEEE CONECCT, 2024' while [59] cites 'IEEE Conf. Emerging Technologies in Security, 2024' with additional co-authors. This suggests either a reference construction error or citation of two different papers that are being conflated. Since [59] is cited in §III.K as the basis for claims about LLM zero-day detection performance, the authors should clarify which reference is correct and reflect the reference list.
minor comments (8)
  1. The abstract states 'Stable Diffusion by OpenAI, Anthropic, Google, Meta, Microsoft, Stability AI, respectively.' The mapping of models to companies is confusing as written; Stable Diffusion is by Stability AI, not OpenAI. Consider rephrasing for clarity.
  2. §II.C and §III.M overlap significantly in their discussion of governance frameworks (EU AI Act, NIST AI RMF, Brundage et al.). Consider consolidating or cross-referencing to avoid redundancy.
  3. Figure 1 is referenced but the paper also mentions 'Figure 1' in the text of §III.C. The figure caption and the text should be checked for consistency regarding what the figure displays.
  4. The Index Terms list is excessively long and includes company names and product names that are not standard index terms. Consider trimming to core technical terms.
  5. References [43] and [71] are authored by K. Ahi and are cited in §III.G and §III.M/§IV to support claims about GPU-accelerated processing and human-in-the-loop systems. These citations appear tangential to the cybersecurity focus of the survey. Either clarify their direct relevance or remove.
  6. §III.N acknowledges that 'comprehensive public data remains scarce' regarding LLM exploitation incidents, yet the section title promises 'Illustrative Examples.' The examples given are general references to reports, not specific documented incidents. Consider renaming or providing concrete cited cases.
  7. The biography section is unusually long and includes promotional language ('0→1 product leader,' 'pioneering scientist,' 'distinguished researcher'). For a journal publication, this should be substantially shortened to a standard academic biography.
  8. The acknowledgment states 'This paper has been accepted as an invited paper.' This is unusual to include in the manuscript itself and should typically be removed for the review/production version.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for a careful and constructive review. The referee's central point—that the dual-use thesis is sound but the evidentiary base needs strengthening—is well-taken. We address each major comment below. We agree with all three points and will revise accordingly. The most serious issue concerns references [52]–[56], which we have been unable to independently verify and will replace with established, checkable sources.

read point-by-point responses
  1. Referee: References [52]–[56] appear unverifiable through standard academic databases. [52] (Silva, IEEE Conf. Cybersecurity Innovations, 2025), [53] (Mishra et al., CySecBench, IEEE TIFS 2025), [54] (Wang et al., CyberMentor, 2025), [55] (Barrett et al., IEEE Trans. Technol. Soc. 2023), and [56] (Gupta et al., IEEE Workshop on AI Governance, 2023) could not be located. These references are load-bearing for Sections III.I and III.M.

    Authors: The referee is correct. Upon re-checking, we are unable to locate verifiable records for references [52]–[56] through IEEE Xplore, Google Scholar, DBLP, or DOI resolvers. We cannot confirm that these sources exist as cited. This is a serious lapse in our reference verification process, and we accept full responsibility for it. We will take the following corrective action in the revised manuscript: (1) Remove all five references. (2) For Section III.I (Explainability and Trust), replace the claims currently supported by [52]–[54] with established, verifiable sources. Specifically, for the discussion of SHAP and LIME applied to LLM-based security, we will cite Ribeiro et al. (KDD 2016) [48] and Lundberg & Lee (NeurIPS 2017) [49], which are already in our reference list and are the canonical sources for these methods. For the CySecBench claim, we will either locate the correct verifiable source or remove the specific quantitative claim (12,000 prompts, adversarial robustness results) and replace it with a more general statement about the need for security-specific explainability benchmarks, supported by verifiable survey literature. For CyberMentor, we will remove the reference and the associated claim unless we can identify the correct source. (3) For Section III.M (Ethics and Governance), the claims currently attributed to [55] and [56] regarding ethical auditing, model cards, and the Cyber Kill Chain will be re-grounded in Brundage et al. [10]/[61] (already cited and verifiable) and the NIST AI RMF [29] and EU AI Act [9], which are the primary sources for these governance concepts. We will also add Mitchell et al., 'Model Cards for Model Reporting' (FAT* 2019) as the canonical reference for model cards. No substantive argument in the paper depends uniquely on [52]–[56]; revision: yes

  2. Referee: Table I (§III.C): The 50% LLM-assisted malware projection for 2025 is sourced to Cybersecurity Ventures [32] and presented alongside historical data (2021–2023) without clear distinction between empirical measurements and forward-looking projections. The text states 'we analyzed data from Cybersecurity Ventures' but performs no independent analysis beyond reproducing their numbers. There is no established forensic methodology for post-hoc attribution of malware to 'LLM-assisted' generation, yet the table presents these percentages as quantified trend data.

    Authors: The referee raises two valid and distinct points, both of which we accept. First, the table conflates empirical data (2021–2023) with projections (2024–2025) without clear labeling. We will revise Table I to explicitly separate the two categories, adding a column or row annotation indicating 'Projected' for the 2024–2025 entries. We will also revise the surrounding text to state clearly that the 2024–2025 figures are forward-looking projections from Cybersecurity Ventures, not independent measurements. Second, we agree that the phrase 'we analyzed data from Cybersecurity Ventures' overstates what we did—we reproduced their published figures without independent analysis. We will reword this to accurately reflect that we are citing their published projections. Third, and more fundamentally, the referee is correct that there is no established forensic methodology for post-hoc attribution of malware to LLM assistance. We will add an explicit methodological caveat in §III.C acknowledging this limitation: that current attribution of malware to 'LLM-assisted' generation relies on heuristic indicators (e.g., code style analysis, behavioral signatures) rather than a validated forensic standard, and that the percentages in Table I should be understood as industry estimates, not empirically verified measurements. We will also soften the abstract's claim from 'LLM-generated malware grew to account for an estimated 50%' to 'is projected to account for up to 50%' to reflect the speculative nature of the figure. The urgency argument does not depend on this specific number and will remain intact. revision: yes

  3. Referee: References [15] and [59] appear to cite the same work (Lisha et al. on zero-day vulnerability benchmarking) with different co-authors and venues: [15] cites 'IEEE CONECCT, 2024' while [59] cites 'IEEE Conf. Emerging Technologies in Security, 2024' with additional co-authors. This suggests either a reference construction error or citation of two different papers that are being conflated.

    Authors: The referee is correct to flag this inconsistency. References [15] and [59] both list 'Lisha' as first author and concern LLM benchmarking for zero-day vulnerability detection, but differ in co-authors, venue, and title wording. Upon review, we believe this is a reference construction error: we intended to cite a single work but introduced inconsistencies in the metadata across two entries. We have not been able to independently verify either citation as published. In the revised manuscript, we will consolidate to a single reference only if we can confirm the correct venue, co-authors, and DOI. If we cannot verify the source, we will remove both entries and re-ground the claims in §III.K (zero-day detection performance) with verifiable, established sources—for example, Steenhoek et al., 'A Comprehensive Study of the LLM-Based Vulnerability Detection' (ICSE 2024), and relevant work from the DARPA AI Cyber Challenge literature. The substantive claim—that LLMs fine-tuned on vulnerability-tagged corpora outperform conventional static analyzers on certain vulnerability classes—is well-supported in the broader literature and does not depend uniquely on the Lisha et al. reference. revision: yes

Circularity Check

0 steps flagged

No circularity: survey paper with no derivation chain; minor self-citations are tangential, not load-bearing

full rationale

This is a survey paper that synthesizes literature rather than deriving results from first principles. There is no derivation chain, no fitted parameters repackaged as predictions, and no mathematical or logical argument whose output reduces to its input by construction. The central dual-use thesis (LLMs enable both defense and attack) is a qualitative framing supported by cited literature, not a derived result. The 50% LLM-assisted malware statistic (Table I, §III.C) is reproduced from a Cybersecurity Ventures report [32] and presented as an external data point, not as a prediction derived from the paper's own model. The two self-citations ([43] on GPU-accelerated processing, [71] on human-in-the-loop systems) appear in the Future Research Directions section and support tangential points about scalability and UX-centric oversight; they are not invoked to prove the paper's central cybersecurity claims, and their removal would not undermine the dual-use thesis. No uniqueness theorem, no ansatz smuggled through self-citation, and no fitted-input-as-prediction pattern is present. The concerns raised about unverifiable references [52]–[56] and the 50% statistic's attribution methodology are correctness and sourcing concerns, not circularity: they bear on whether the evidence is real and reliable, not on whether any argument is circular. The paper's structure—background, literature review, thematic analysis, future directions, conclusion—contains no step where a conclusion is equivalent to its premise by definition.

Axiom & Free-Parameter Ledger

0 free parameters · 3 axioms · 0 invented entities

The paper is a survey with no derivations, models, or experiments. It introduces no free parameters or invented entities. The axioms listed are the unverified domain assumptions that support the paper's framing, particularly the Cybersecurity Ventures projection that anchors the urgency narrative.

axioms (3)
  • domain assumption LLM-assisted malware constituted 2% of threats in 2021 and is projected to reach 50% by 2025
    Table I and Section III.C present this as the quantitative basis for the paper's urgency argument. The attribution methodology is not examined.
  • domain assumption Industry reports from Cybersecurity Ventures accurately characterize malware trends
    The central statistical claim relies entirely on this single source (ref [32]) without independent verification or methodological critique.
  • domain assumption LLMs like GPT-4 and Gemini are effectively integrated into production security pipelines at companies like Google, Microsoft, and Amazon
    Section III.E and Table II present these as established facts based on company announcements and blog posts, without independent verification of deployment scope or efficacy.

pith-pipeline@v1.1.0-glm · 17730 in / 2169 out tokens · 535696 ms · 2026-07-09T00:53:34.714785+00:00 · methodology

0 comments
read the original abstract

Large Language Models (LLMs) and generative AI (GenAI) systems, such as ChatGPT, Claude, Gemini, LLaMA, Copilot, Stable Diffusion by OpenAI, Anthropic, Google, Meta, Microsoft, Stability AI, respectively, are revolutionizing cybersecurity, enabling both automated defense and sophisticated attacks. These technologies power real-time threat detection, phishing defense, secure code generation, and vulnerability exploitation at unprecedented scales. Following a rapid surge where LLM-generated malware grew to account for an estimated 50% of detected threats by 2025, up from just 2% in 2021, navigating this highly automated threat landscape in 2026 demands next-generation security frameworks. This paper presents a comprehensive survey of the beneficial and malicious applications of LLMs in cybersecurity, including zero-day detection, DevSecOps, federated learning, synthetic content analysis, and explainable AI (XAI). Drawing on a review of over 70 academic papers, industry reports, and technical documents, this work synthesizes insights from real-world case studies across platforms like Google Play Protect, Microsoft Defender, Amazon Web Services (AWS), Apple App Store, OpenAI Plugin Stores, Hugging Face Spaces, and GitHub, alongside emerging initiatives like the SAFE Framework and AI-driven anomaly detection. We conclude with practical recommendations for responsible and transparent LLM deployment and trustworthy AI, including model watermarking, adversarial defense, and cross-industry collaboration, setting a new benchmark for rigorous, holistic cybersecurity research at the intersection of AI and threat defense, and offering a roadmap for secure, scalable LLM systems that serves as a critical reference for researchers, engineers, and security leaders navigating the complex challenges of AI-driven cybersecurity.

Figures

Figures reproduced from arXiv: 2607.06963 by Kiarash Ahi, Saeed Valizadeh.

Figure 1
Figure 1. Figure 1: Estimated annual global malware detections with LLM-assisted [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Categorization of explainability tools used in LLM-driven cybersecu [PITH_FULL_IMAGE:figures/full_fig_p005_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Architectural comparison between centralized and federated LLM [PITH_FULL_IMAGE:figures/full_fig_p006_3.png] view at source ↗
Figure 5
Figure 5. Figure 5: Timeline of emerging governance frameworks for dual-use LLMs, [PITH_FULL_IMAGE:figures/full_fig_p007_5.png] view at source ↗

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

74 extracted references · 74 canonical work pages · 5 internal anchors

  1. [1]

    GPT-4 Technical Report

    OpenAI, “GPT-4 Technical Report,”arXiv:2303.08774, 2023

  2. [2]

    Gemini Overview,

    Google AI Blog, “Gemini Overview,” Google LLC, 2023

  3. [3]

    Introducing Security Copilot,

    Microsoft, “Introducing Security Copilot,” Microsoft, 2023

  4. [4]

    Emerging Security Risks with AI,

    Gartner, “Emerging Security Risks with AI,”Gartner Report, 2023

  5. [5]

    Dynamic Analysis of Malicious Apps,

    S. Narayanan et al., “Dynamic Analysis of Malicious Apps,”IEEE Access, 2023

  6. [6]

    Automated Code Generation Security Risks,

    K. Pearce et al., “Automated Code Generation Security Risks,”IEEE S&P, 2022

  7. [7]

    Static Analysis Using LLMs,

    J. Chen et al., “Static Analysis Using LLMs,”IEEE Security & Privacy, 2023

  8. [8]

    Risks of LLM Data Leakage,

    N. Carlini et al., “Risks of LLM Data Leakage,”USENIX Security, 2021

  9. [9]

    Artificial Intelligence Act,

    European Commission, “Artificial Intelligence Act,”EU, 2023

  10. [11]

    Auto DevSecOps Powered by AI,

    GitLab, “Auto DevSecOps Powered by AI,”GitLab Docs, 2023

  11. [12]

    Secure Development Lifecycle,

    Microsoft Azure, “Secure Development Lifecycle,”Azure Blog, 2023

  12. [13]

    Expecting the Unexpected: Failure Modes of LLMs in Software Engineering,

    P. Vaithilingam et al., “Expecting the Unexpected: Failure Modes of LLMs in Software Engineering,”ICSE, 2022

  13. [14]

    Security Copilot Case Study,

    Microsoft, “Security Copilot Case Study,” Microsoft, 2023

  14. [15]

    Benchmarking LLM for Zero day Vulnerabilities,

    M. Lisha et al., “Benchmarking LLM for Zero day Vulnerabilities,” IEEE CONECCT, 2024

  15. [18]

    Why Should I Trust You? Explaining the Predictions of Any Classifier,

    M. T. Ribeiro et al., “Why Should I Trust You? Explaining the Predictions of Any Classifier,”KDD, 2016

  16. [19]

    Explainable Artificial Intelligence,

    W. Samek et al., “Explainable Artificial Intelligence,”Springer, 2021

  17. [20]

    Global Challenge for Safe and Secure LLMs Track 1

    X. Jia et al., “Global Challenge for Safe and Secure LLMs Track 1,” arXiv:2411.14502, 2024

  18. [21]

    Policy Enforcement in App Stores,

    X. Zhang et al., “Policy Enforcement in App Stores,”IEEE TSE, 2020

  19. [22]

    Static Android Malware Detection,

    R. Ghaffarinia et al., “Static Android Malware Detection,”Elsevier, 2022

  20. [23]

    Fake Review Detection,

    L. Jiang et al., “Fake Review Detection,”ACM CIKM, 2019

  21. [24]

    Top Cybersecurity Facts, Figures, Predictions, And Statistics For 2025,

    Cybersecurity Ventures, “Top Cybersecurity Facts, Figures, Predictions, And Statistics For 2025,”Cybercrime Magazine, 2025

  22. [25]

    Automated Vulnerability Detection,

    Amazon AWS, “Automated Vulnerability Detection,”A WS, 2023

  23. [26]

    Watsonx Security Applications,

    IBM Research, “Watsonx Security Applications,”IBM, 2023

  24. [27]

    AIP for Cybersecurity,

    Palantir, “AIP for Cybersecurity,”Palantir Technologies, 2023

  25. [28]

    AI Fairness Guidelines,

    IEEE Ethics, “AI Fairness Guidelines,”IEEE, 2023

  26. [29]

    AI Risk Management Framework,

    NIST, “AI Risk Management Framework,”NIST Special Publication, 2023

  27. [30]

    Global AI Security Standards,

    World Economic Forum, “Global AI Security Standards,”WEF, 2023

  28. [31]

    SAFE Framework Implementation,

    Google Security Blog, “SAFE Framework Implementation,”Google, 2023

  29. [32]

    Cybersecurity Almanac: 2024 Edition,

    Cybersecurity Ventures, “Cybersecurity Almanac: 2024 Edition,”Cyber- security V entures, Jan. 2, 2024

  30. [33]

    Security, privacy, and compliance for Gemini Code Assist Standard and Enterprise,

    Google Cloud, “Security, privacy, and compliance for Gemini Code Assist Standard and Enterprise,” 2025

  31. [34]

    Microsoft Security Copilot Frequently Asked Questions,

    Microsoft, “Microsoft Security Copilot Frequently Asked Questions,” 2025

  32. [35]

    Use CodeWhisperer to identify issues and use suggestions to improve code security in your IDE,

    Amazon Web Services, “Use CodeWhisperer to identify issues and use suggestions to improve code security in your IDE,” 2025

  33. [36]

    Building Production-Ready LLM Systems: Scaling, Moni- toring, and Deployment,

    R. Mulki, “Building Production-Ready LLM Systems: Scaling, Moni- toring, and Deployment,”Medium, May 2025

  34. [37]

    Fairness and Safety of LLMs,

    Palo Alto Networks, “Fairness and Safety of LLMs,” Jun. 2024

  35. [38]

    Data Privacy and Compliance for Large Language Models (LLMs),

    S. Mohindroo, “Data Privacy and Compliance for Large Language Models (LLMs),”Medium, Sep. 2024

  36. [39]

    What is Large Language Model (LLM) Security,

    Qualys, “What is Large Language Model (LLM) Security,” Apr. 2025

  37. [40]

    What Is Explainable AI (XAI)?,

    Palo Alto Networks, “What Is Explainable AI (XAI)?,” 2025

  38. [41]

    Fairness Constraints: Mechanisms for Fair Classi- fication,

    M. B. Zafar et al., “Fairness Constraints: Mechanisms for Fair Classi- fication,” inProc. 20th Int. Conf. Artif. Intell. Statist. (AISTATS), Fort Lauderdale, FL, USA, Apr. 2017, pp. 962–970

  39. [42]

    Barocas, M

    S. Barocas, M. Hardt, and A. Narayanan,Fairness and Machine Learn- ing, fairmlbook.org, 2019

  40. [43]

    K. Ahi et al., “GPU-Accelerated Feature Extraction for Real-Time Vi- sion AI and LLM Systems Efficiency: Autonomous Image Segmentation, Unsupervised Clustering, and Smart Pattern Recognition for Scalable AI Processing with 6.6×Faster Performance, 2.5×Higher Accuracy, and UX-Centric UI Boosting Human-in-the-Loop Productivity,”IEEE, ASMC, Albany, NY , May 2025

  41. [44]

    General Data Protection Regulation (GDPR),

    European Union, “General Data Protection Regulation (GDPR),” 2016

  42. [45]

    California Consumer Privacy Act (CCPA),

    State of California Department of Justice, “California Consumer Privacy Act (CCPA),” 2018

  43. [46]

    Beyond Accuracy: Behavioral Testing of NLP Models with CheckList,

    R. Ribeiro et al., “Beyond Accuracy: Behavioral Testing of NLP Models with CheckList,” inProc. 58th Annu. Meeting Assoc. Comput. Linguist. (ACL), Jul. 2020, pp. 4902–4912

  44. [47]

    Explainable Artificial Intelligence (XAI),

    D. Gunning, “Explainable Artificial Intelligence (XAI),” Defense Ad- vanced Research Projects Agency (DARPA), 2017

  45. [48]

    Why Should I Trust You?: Explaining the Predictions of Any Classifier,

    M. T. Ribeiro, S. Singh, and C. Guestrin, “Why Should I Trust You?: Explaining the Predictions of Any Classifier,” inProc. 22nd ACM SIGKDD Int. Conf. Knowl. Discov. Data Min., San Francisco, CA, USA, Aug. 2016, pp. 1135–1144

  46. [49]

    A Unified Approach to Interpreting Model Predictions,

    S. Lundberg and S.-I. Lee, “A Unified Approach to Interpreting Model Predictions,” inProc. 31st Int. Conf. Neural Inf. Process. Syst. (NIPS), Long Beach, CA, USA, Dec. 2017, pp. 4765–4774

  47. [50]

    Protecting the Whisper: A Security Assessment of Amazon CodeWhisperer’s Generated Code,

    A. Desai, M. L. Siddiq, and J. C. S. Santos, “Protecting the Whisper: A Security Assessment of Amazon CodeWhisperer’s Generated Code,” ResearchGate, May 2025

  48. [51]

    AI Privacy Risks and Mitigations – Large Language Models (LLMs),

    European Data Protection Board, “AI Privacy Risks and Mitigations – Large Language Models (LLMs),” Apr. 2025

  49. [52]

    Explainable AI in Cybersecurity: Bridging Transparency and Trust,

    J. Silva, “Explainable AI in Cybersecurity: Bridging Transparency and Trust,” inProc. IEEE Conf. Cybersecurity Innovations, 2025, pp. 78–83

  50. [53]

    CySecBench: A Benchmark Dataset for Evaluating Explainability in Security Contexts,

    A. Mishra, R. Kumar, and P. Singh, “CySecBench: A Benchmark Dataset for Evaluating Explainability in Security Contexts,”IEEE Trans. Info. F orensics Security, vol. 20, no. 3, pp. 456–468, 2025

  51. [54]

    CyberMentor: Enhancing Cyber- security Learning through Explainable AI,

    F. Wang, L. Zhao, and M. Chen, “CyberMentor: Enhancing Cyber- security Learning through Explainable AI,” inProc. IEEE Int. Conf. Emerging Trends in Cyber Training, 2025, pp. 102–107

  52. [55]

    Ethical Auditing in AI: The Role of Model Cards and the Cyber Kill Chain,

    R. Barrett, S. Lee, and T. Harmon, “Ethical Auditing in AI: The Role of Model Cards and the Cyber Kill Chain,”IEEE Trans. Technol. Soc., vol. 10, no. 2, pp. 123–132, 2023

  53. [56]

    A Framework for Ethical AI Compliance under the EU AI Act,

    P. Gupta, N. Sharma, and K. Desai, “A Framework for Ethical AI Compliance under the EU AI Act,” inProc. IEEE Workshop on AI Governance, 2023, pp. 44–49

  54. [57]

    Advances and Open Problems in Federated Learning,

    P. Kairouz, H. B. McMahan, B. Avent, A. Bellet, M. Bennis, A. Nedi ´c, and U. Ozdaglar, “Advances and Open Problems in Federated Learning,” F ound. Trends Mach. Learn., vol. 14, no. 1, pp. 1–210, 2021

  55. [58]

    Towards Federated Learning at Scale,

    K. Bonawitz, V . Ivanov, B. Kreuter, and S. Marcedone, “Towards Federated Learning at Scale,” inProc. SysML, 2019, pp. 1–12

  56. [59]

    Benchmarking LLMs for Zero Day Vulnerability Detection,

    M. Lisha, Y . Zhang, and C. Roberts, “Benchmarking LLMs for Zero Day Vulnerability Detection,” inProc. IEEE Conf. Emerging Technologies in Security, 2024, pp. 95–102

  57. [60]

    Cooperative Human–AI Collaboration for Secure Software Development,

    P. Vaithilingam, A. Deshmukh, and S. Patel, “Cooperative Human–AI Collaboration for Secure Software Development,” inProc. IEEE Int. Symp. Software Reliability Engineering, 2022, pp. 215–220

  58. [61]

    Toward Trustworthy AI Development: Mechanisms for Supporting Verifiable Claims

    M. Brundage, A. Avin, and S. Clark, “Accountability in AI: Structured Red Teaming and Model Evaluation Cards,”arXiv:2004.07213, 2020

  59. [62]

    Continual lifelong learning with neural networks: A review,

    G. I. Parisi, R. Kemker, J. L. Part, C. Kanan, and S. Wermter, “Continual lifelong learning with neural networks: A review,”Neural Networks, vol. 113, pp. 54–71, 2019. doi: 10.1016/j.neunet.2019.01.012

  60. [63]

    COVID-19's Unequal Toll: An assessment of small business impact disparities with respect to ethnorace in metropolitan areas in the US using mobility data

    S. Geller, M. Sivan, R. A. Shkoury, and Y . Elovici, “Cross-Modal Security: The Impact of Multi-Modal Foundation Models on Industrial Control Systems,”arXiv preprint arXiv:2405.11121, 2024

  61. [64]

    A Watermark for Large Language Models,

    J. Kirchenbauer, J. Geiping, Y . Wen, J. Katz, I. Miers, and T. Goldstein, “A Watermark for Large Language Models,” inProc. Int. Conf. on Machine Learning (ICML), 2023, pp. 11561–11575

  62. [65]

    State of the Phish Report,

    Proofpoint, “State of the Phish Report,” Proofpoint Inc., 2024

  63. [66]

    The Double-Edged Sword: How Generative AI is Reshaping Cyber Threats,

    Check Point Research, “The Double-Edged Sword: How Generative AI is Reshaping Cyber Threats,” Check Point Research, 2024

  64. [67]

    Parameter identification in PDEs by the solution of monotone inclusion problems

    N. Carlini et al., “Poisoning Language Models During Instruction Tuning,”arXiv preprint arXiv:2403.04557, 2024. 10

  65. [68]

    OW ASP Top 10 for Large Language Model Applications,

    OW ASP Foundation, “OW ASP Top 10 for Large Language Model Applications,” OW ASP, 2023

  66. [69]

    Navigating the Intersection of AI and Cybersecurity,

    (ISC)², “Navigating the Intersection of AI and Cybersecurity,” (ISC)² White Paper, 2024

  67. [70]

    AI and Cybersecurity: The Evolving Landscape,

    SANS Institute, “AI and Cybersecurity: The Evolving Landscape,” SANS White Paper, 2024

  68. [71]

    K. Ahi, “AI-powered end-to-end product lifecycle: UX-centric human- in-the-loop system boosting reviewer productivity by 82% and ac- celerating decision-making via real-time anomaly detection and data refinement with GPU-accelerated computer vision, edge computing, and scalable cloud,” inProc. SPIE, vol. 12782, 2025, Art. no. 1278210. doi: 10.1117/12.1278210

  69. [72]

    Interim Measures for the Man- agement of Generative Artificial Intelligence Services,

    Cyberspace Administration of China, “Interim Measures for the Man- agement of Generative Artificial Intelligence Services,” Beijing, China, 2023

  70. [73]

    AI Strategy 2022,

    Cabinet Office, Government of Japan, “AI Strategy 2022,” Tokyo, Japan, 2022

  71. [74]

    National Strategy for Artificial Intelligence,

    Ministry of Science and ICT, Republic of Korea, “National Strategy for Artificial Intelligence,” Seoul, Korea, 2023

  72. [75]

    Model AI Governance Framework,

    Infocomm Media Development Authority (IMDA) Singapore, “Model AI Governance Framework,” 2023

  73. [76]

    Database of National AI Strategies and Policies,

    OECD.AI Policy Observatory, “Database of National AI Strategies and Policies,” OECD, 2023

  74. [77]

    Recommendation on the Ethics of Artificial Intelligence,

    UNESCO, “Recommendation on the Ethics of Artificial Intelligence,” Paris, France, 2021. Dr. Kiarash Ahiholds M.Sc. and Ph.D. degrees in Electrical and Computer Engineering from Leibniz University Hannover, Germany, and the University of Connecticut, USA, respectively. Dr. Ahi is a 0→1 product leader, pioneering scientist, distin- guished researcher, seria...