pith. sign in

arxiv: 2509.06921 · v2 · submitted 2025-09-08 · 💻 cs.CR · cs.AI

Neuro-Symbolic AI for Cybersecurity: State of the Art, Challenges, and Opportunities

Safayat Bin Hakim , Muhammad Adil , Alvaro Velasquez , Shouhuai Xu , Houbing Herbert Song This is my paper

Pith reviewed 2026-05-18 18:00 UTC · model grok-4.3

classification 💻 cs.CR cs.AI
keywords neuro-symbolic AIcybersecuritysystematic reviewmulti-agent systemscausal reasoningknowledge-guided learningintrusion detectiondual-use analysis
0
0 comments X

The pith

Neuro-symbolic AI combines learning with logical reasoning to outperform single-method approaches in cybersecurity tasks.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This review examines 103 publications on neuro-symbolic AI for cybersecurity through April 2026. It organizes the work into a three-tier taxonomy of deep integration, structured interaction, and contextual baselines, viewed through a Grounding-Instructibility-Alignment lens. The synthesis shows that multi-agent and structured-integration designs handle complex scenarios better than single-agent systems. Causal reasoning supports proactive defenses that go beyond pattern matching, while knowledge guidance raises data efficiency and explainability. The analysis covers intrusion detection, malware analysis, vulnerability discovery, and penetration testing, and it flags dual-use risks from advancing autonomous offensive tools alongside persistent gaps in evaluation standards and human collaboration.

Core claim

The paper establishes that deeper neuro-symbolic integration, especially via multi-agent and structured architectures, produces measurable gains in capability across cybersecurity domains, with causal reasoning enabling proactive rather than reactive defenses and knowledge-guided learning improving efficiency and transparency, while a dual-use review reveals autonomous offensive systems already achieving zero-day exploitation at lower cost.

What carries the argument

Three-tier taxonomy of deep integration, structured interaction, and contextual baselines, together with the Grounding-Instructibility-Alignment analytical lens.

If this is right

  • Multi-agent architectures will be required for effective handling of complex, multi-stage cyber threats.
  • Causal reasoning will shift defenses from correlation-based detection to proactive identification of attack chains.
  • Knowledge-guided learning will lower data requirements while raising the explainability of security decisions.
  • Integration depth will continue to correlate with capability improvements across intrusion detection, malware analysis, and penetration testing.
  • Autonomous offensive capabilities will advance rapidly, increasing the urgency of defensive alignment measures.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same integration patterns may transfer to other safety-critical domains such as autonomous systems or medical diagnostics where both pattern recognition and rule-based verification are needed.
  • Standardized benchmarks proposed in the roadmap could be tested first in open-source intrusion-detection environments to measure real deployment gains.
  • The dual-use findings imply that any public release of neuro-symbolic penetration tools should include built-in monitoring for misuse indicators.

Load-bearing premise

The 103 publications selected through April 2026 represent the full neuro-symbolic AI for cybersecurity literature without major selection or categorization bias.

What would settle it

A later survey that re-samples the literature with different inclusion criteria and finds no consistent performance edge for multi-agent or structured-integration architectures over single-agent baselines.

Figures

Figures reproduced from arXiv: 2509.06921 by Alvaro Velasquez, Houbing Herbert Song, Muhammad Adil, Safayat Bin Hakim, Shouhuai Xu.

Figure 1
Figure 1. Figure 1: Systematic literature review for paper selection and screening criteria, illustrating the process used to identify and select the 127 publications analyzed [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Publication trends in the 127-paper SLR corpus on NeSy AI in cybersecurity (2019–July 2025). (A) Per-year counts stacked by research theme (Defensive Applications, Offensive/Dual-Use, Frameworks & Architectures, Evaluation & Benchmarks). The 2025 bar reflects Jan– Jul observed data only (hatched); markers indicate simple full-year projections for context and are not used in the quantitative synthesis. (B) … view at source ↗
Figure 3
Figure 3. Figure 3: The G-I-A Framework for assessing NeSy cybersecurity systems. [PITH_FULL_IMAGE:figures/full_fig_p006_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Advanced symbolic reasoning foundations enabling sophisticated neuro-symbolic (NeSy) cybersecurity systems. [PITH_FULL_IMAGE:figures/full_fig_p008_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: SOTA NeSy integration strategies for cybersecurity applications, demonstrating bidirectional information flow, multi-agent architectures, and complementary capabilities supporting grounding, instructibility, and alignment objectives. [90]. The framework enables analysts to understand not only what happened during incidents, but also why specific attack steps succeeded and how different defensive configurat… view at source ↗
Figure 6
Figure 6. Figure 6: Multi-dimensional performance analysis of SOTA NeSy cybersecurity systems across defensive applications. (A) Detection accuracy improvements demonstrate consistent 10–50% gains across network intrusion detection, malware analysis, and security operations domains. (B) Cost-effectiveness analysis reveals 67% cost reduction with superior success rates for multi-agent NeSy systems achieving 53% zero-day exploi… view at source ↗
Figure 7
Figure 7. Figure 7: NeSy intrusion detection system architecture integrating neural pattern recognition with symbolic domain knowledge for explainable security alerts. when maintaining 0.5% false positive rates to simulate realistic operational environments and minimize analyst alert fatigue [120], [121], [136], [138], the baseline GNN’s true positive detection drops to zero. KnowGraph maintains robust 35% true positive rates… view at source ↗
Figure 8
Figure 8. Figure 8: Causal reasoning framework for cybersecurity attack analysis illustrating NeSy advantages over traditional correlation-based approaches through G-I-A integration. (A) Attack progression causal chain traces temporal relationships with probability quantification. (B) Counterfactual prevention analysis evaluates alternative defensive scenarios, suggesting how different security configurations could achieve up… view at source ↗
Figure 9
Figure 9. Figure 9: SOTA NeSy cybersecurity workflow from alert triage to response [PITH_FULL_IMAGE:figures/full_fig_p021_9.png] view at source ↗
Figure 10
Figure 10. Figure 10: SOTA NeSy Offensive Pipeline demonstrating multi-agent workflow from neural-enhanced reconnaissance and environment learning, through symbolic/game-theoretic planning and adaptive exploitation, to outcome-driven strategy refinement, all grounded in shared attack knowledge base while highlighting dual-use im￾plications requiring responsible development aligned with defensive cybersecurity objectives. ing a… view at source ↗
Figure 11
Figure 11. Figure 11: Comprehensive analysis of NeSy cybersecurity evaluation landscape revealing critical benchmark gaps constraining G-I-A framework operationalization [PITH_FULL_IMAGE:figures/full_fig_p024_11.png] view at source ↗
Figure 12
Figure 12. Figure 12: NeSy cybersecurity research landscape and maturity as￾sessment for 127 systems, plotted by research maturity level and performance impact score. System architectures are color-coded: or￾ange squares (multi-agent), blue circles (single-agent), green triangles (hybrid), and dark blue diamonds (traditional approaches). Multi￾agent architectures show a +12% average impact advantage over single-agent designs, … view at source ↗
Figure 13
Figure 13. Figure 13: Multi-agent NeSy architectures demonstrate consistent performance superiority across diverse cybersecurity applications. Performance improvements range from 14% in intrusion detection to 234% in penetration testing, with substantial cost reductions (67.6%) validating collaborative reasoning advantages over single￾agent approaches. Detection Accuracy Explainability Quality False Positive Reduction Zero-day… view at source ↗
Figure 14
Figure 14. Figure 14: Multi-dimensional performance analysis comparing Tra￾ditional AI Systems versus Advanced NeSy Systems across six key cybersecurity operational metrics. NeSy approaches demonstrate substantial advantages across all dimensions, with particularly strong improvements in explainability quality, false positive reduction, and cost effectiveness while supporting instructible adaptation and orga￾nizational alignme… view at source ↗
Figure 15
Figure 15. Figure 15: Strategic roadmap for NeSy cybersecurity advancement through G-I-A framework operationalization across three progressive development phases with critical research priorities. of knowledge utilization effectiveness while supporting evalu￾ation of grounding mechanisms ensuring proper understanding of cybersecurity concepts across organizational contexts. Logical rule components focusing on formal reasoning … view at source ↗
read the original abstract

Cybersecurity demands both rapid pattern recognition and deliberative reasoning, yet purely neural or purely symbolic approaches each address only one side of this duality. Neuro-Symbolic (NeSy) AI bridges this gap by integrating learning and logic within a unified framework. This systematic review analyzes 103 publications across the neural-symbolic integration spectrum in cybersecurity through April 2026, organizing them via a three-tier taxonomy -- deep integration, structured interaction, and contextual baselines -- and a Grounding-Instructibility-Alignment (G-I-A) analytical lens. We find that multi-agent and structured-integration architectures across the surveyed spectrum substantially outperform single-agent approaches in complex scenarios, causal reasoning enables proactive defense beyond correlation-based detection, and knowledge-guided learning improves both data efficiency and explainability. These findings span intrusion detection, malware analysis, vulnerability discovery, and autonomous penetration testing, revealing that integration depth often correlates with capability gains across domains. A first-of-its-kind dual-use analysis further shows that autonomous offensive systems in the broader survey corpus are already achieving notable zero-day exploitation success at significantly reduced cost, fundamentally reshaping threat landscapes. However, critical barriers persist: evaluation standardization remains nascent, computational costs constrain deployment, and effective human-AI collaboration is underexplored. We distill these findings into a prioritized research roadmap emphasizing community-driven benchmarks, responsible development practices, and defensive alignment to guide the next generation of NeSy cybersecurity systems.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The paper is a systematic review synthesizing 103 publications on neuro-symbolic AI for cybersecurity through April 2026. It introduces a three-tier taxonomy (deep integration, structured interaction, contextual baselines) and a Grounding-Instructibility-Alignment (G-I-A) lens to organize the literature across domains including intrusion detection, malware analysis, vulnerability discovery, and penetration testing. Central findings are that multi-agent and structured-integration approaches substantially outperform single-agent ones in complex scenarios, causal reasoning supports proactive defense, and knowledge-guided learning boosts data efficiency and explainability; a dual-use analysis highlights offensive zero-day capabilities, while noting barriers such as nascent evaluation standardization and proposing a research roadmap.

Significance. If the comparative synthesis holds after addressing evidence gaps, the work offers a timely organizing framework and prioritized roadmap for an emerging interdisciplinary area, potentially accelerating responsible integration of neural and symbolic methods in cybersecurity while flagging dual-use risks.

major comments (2)
  1. [Abstract] Abstract: The load-bearing claim that 'multi-agent and structured-integration architectures across the surveyed spectrum substantially outperform single-agent approaches in complex scenarios' (and parallel claims for causal reasoning and knowledge-guided learning) relies on cross-paper comparisons. However, the abstract itself states that 'evaluation standardization remains nascent' as a critical barrier, with no mention of explicit normalization, meta-regression, or restriction to shared benchmarks across the 103 works. This leaves open the possibility that observed differences arise from dataset choice, threat models, or metric selection rather than integration depth, directly weakening the inference from the three-tier taxonomy to capability gains.
  2. [Taxonomy and G-I-A lens sections] Taxonomy and G-I-A lens sections: The three-tier taxonomy plus G-I-A framework is presented as an unbiased and complete organizing structure, yet the abstract provides no quantitative details on selection criteria, inclusion/exclusion rules, or inter-rater reliability for categorizing the 103 publications. Without these, the representativeness assumption (that the corpus captures the full literature without significant selection or categorization bias) cannot be evaluated, undermining the generalizability of the performance and dual-use findings.
minor comments (2)
  1. [Abstract] Abstract: The cutoff date 'April 2026' is forward-looking relative to the arXiv identifier; clarify whether this reflects a projected search or requires updating.
  2. [References] Throughout: Ensure every one of the 103 surveyed works receives a clear citation in the reference list so readers can independently verify the synthesis and taxonomy assignments.

Simulated Author's Rebuttal

2 responses · 1 unresolved

We thank the referee for these constructive comments on our systematic review. They correctly identify areas where the abstract could better qualify our synthesis claims and provide transparency on review methods. We respond to each point below and indicate planned revisions.

read point-by-point responses

  1. Referee: [Abstract] Abstract: The load-bearing claim that 'multi-agent and structured-integration architectures across the surveyed spectrum substantially outperform single-agent approaches in complex scenarios' (and parallel claims for causal reasoning and knowledge-guided learning) relies on cross-paper comparisons. However, the abstract itself states that 'evaluation standardization remains nascent' as a critical barrier, with no mention of explicit normalization, meta-regression, or restriction to shared benchmarks across the 103 works. This leaves open the possibility that observed differences arise from dataset choice, threat models, or metric selection rather than integration depth, directly weakening the inference from the three-tier taxonomy to capability gains.

    Authors: We agree that the nascent state of evaluation standardization limits the strength of cross-paper inferences, as we already note in the barriers discussion. Our abstract claims summarize observed trends reported across the primary studies rather than claiming meta-analytic rigor. We will revise the abstract to qualify the statements as 'synthesized trends from the surveyed literature, subject to the limitations of heterogeneous benchmarks' and will add an explicit caveat in the results section about potential confounding by dataset and metric choices. This change will be incorporated in the revised manuscript. revision: yes

  2. Referee: [Taxonomy and G-I-A lens sections] Taxonomy and G-I-A lens sections: The three-tier taxonomy plus G-I-A framework is presented as an unbiased and complete organizing structure, yet the abstract provides no quantitative details on selection criteria, inclusion/exclusion rules, or inter-rater reliability for categorizing the 103 publications. Without these, the representativeness assumption (that the corpus captures the full literature without significant selection or categorization bias) cannot be evaluated, undermining the generalizability of the performance and dual-use findings.

    Authors: The full manuscript contains a Methods section detailing the search strategy, inclusion/exclusion criteria (peer-reviewed works 2015–2026 on NeSy cybersecurity applications), and the process for applying the taxonomy and G-I-A lens. We will add a concise summary of these elements to the abstract for self-containment. However, formal inter-rater reliability statistics were not computed in the original review. revision: partial

standing simulated objections not resolved
  • Absence of pre-computed inter-rater reliability metrics for the categorization of the 103 publications

Circularity Check

0 steps flagged

No circularity: survey synthesizes external literature without internal derivations or self-referential reductions

full rationale

This is a systematic literature review that organizes and summarizes findings from 103 external publications using a three-tier taxonomy and G-I-A lens. No equations, fitted parameters, predictions, or first-principles derivations exist in the provided text. Central claims about multi-agent outperformance, causal reasoning benefits, and knowledge-guided improvements are explicitly framed as observations drawn from the surveyed corpus rather than constructed from the paper's own inputs or self-citations. The acknowledged lack of evaluation standardization is noted as a limitation but does not create a circular reduction; the synthesis remains dependent on independent external sources. No load-bearing step reduces to a self-definition, fitted input renamed as prediction, or author-specific uniqueness theorem.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

The paper relies on standard systematic review practices and domain assumptions about cybersecurity tasks; no new free parameters, axioms, or invented entities are introduced.

pith-pipeline@v0.9.0 · 5799 in / 1203 out tokens · 45530 ms · 2026-05-18T18:00:48.898962+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. CyberCane: Neuro-Symbolic RAG for Privacy-Preserving Phishing Detection with Formal Ontology Reasoning

    cs.CR 2026-04 unverdicted novelty 6.0

    Neuro-symbolic RAG framework with formal ontology achieves 78.6-point recall improvement on AI-generated phishing threats while keeping precision above 98% and false positive rate at 0.16% under privacy constraints.

Reference graph

Works this paper leans on

218 extracted references · 218 canonical work pages · cited by 1 Pith paper · 4 internal anchors

  1. [1]

    2025 global threat landscape report,

    F. FortiGuard Labs, “2025 global threat landscape report,”Technical Report, 2025

    work page 2025

  2. [2]

    Generative ai in cybersecurity: A comprehensive review of llm applications and vulnerabilities,

    M. A. Ferrag, F. Alwahedi, A. Battah, B. Cherif, A. Mechri, N. Ti- hanyi, T. Bisztray, and M. Debbah, “Generative ai in cybersecurity: A comprehensive review of llm applications and vulnerabilities,”Internet of Things and Cyber-Physical Systems, vol. 5, pp. 1–46, 2025

    work page 2025

  3. [3]

    When llms meet cybersecurity: A systematic literature review,

    J. Zhang, H. Bu, H. Wenet al., “When llms meet cybersecurity: A systematic literature review,”Cybersecurity, vol. 8, p. 55, 2025

    work page 2025

  4. [4]

    From vulnerability to defense: The role of large language models in enhancing cybersecurity,

    W. Kasri, Y . Himeur, H. A. Alkhazaleh, S. Tarapiah, S. Atalla, W. Man- soor, and H. Al-Ahmad, “From vulnerability to defense: The role of large language models in enhancing cybersecurity,”Computation, vol. 13, no. 2, p. 30, 2025

    work page 2025

  5. [5]

    Arms race in adversarial malware detection: A survey,

    D. Li, Q. Li, Y . F. Ye, and S. Xu, “Arms race in adversarial malware detection: A survey,”ACM Comput. Surv., vol. 55, no. 1, 2023

    work page 2023

  6. [6]

    Rodriguez, R

    M. Rodriguez, R. A. Popa, L. Liang, A. Wang, M. Rahtz, A. Kaska- soli, A. Dafoe, and F. Flynn, “A framework for evaluating emerging cyberattack capabilities of ai,”arXiv preprint arXiv:2503.11917, 2025

    work page arXiv 2025

  7. [7]

    the winning worker cost

    R. Fang, R. Bindu, A. Gupta, Q. Zhan, and D. Kang, “Teams of llm agents can exploit zero-day vulnerabilities,”arXiv preprint arXiv:2406.01637, 2024

    work page arXiv 2024

  8. [8]

    Vulnbot: Autonomous penetration testing for a multi-agent collaborative framework,

    H. Kong, D. Hu, J. Ge, L. Li, T. Li, and B. Wu, “Vulnbot: Autonomous penetration testing for a multi-agent collaborative framework,”arXiv preprint arXiv:2501.13411, 2025

    work page arXiv 2025

  9. [9]

    Machine learning-enabled iot security: Open issues and challenges under advanced persistent threats,

    Z. Chen, J. Liu, Y . Shen, M. Simsek, B. Kantarci, H. T. Mouftah, and P. Djukic, “Machine learning-enabled iot security: Open issues and challenges under advanced persistent threats,”ACM Computing Surveys, vol. 55, no. 5, pp. 105:1–105:37, 2022

    work page 2022

  10. [10]

    From zero-shot machine learning to zero-day attack detection,

    M. Sarhan, S. Layeghy, M. Gallagheret al., “From zero-shot machine learning to zero-day attack detection,”International Journal of Infor- mation Security, vol. 22, pp. 947–959, 2023

    work page 2023

  11. [11]

    A review of machine learning-based zero-day attack detection: Challenges and future directions,

    Y . Guo, “A review of machine learning-based zero-day attack detection: Challenges and future directions,”Computer Communications, vol. 198, pp. 175–185, 2023

    work page 2023

  12. [12]

    A defensive framework against adver- sarial attacks on machine learning-based network intrusion detection systems,

    B. Tafreshian and S. Zhang, “A defensive framework against adver- sarial attacks on machine learning-based network intrusion detection systems,” inIEEE TrustCom, 2024, pp. 2436–2441

    work page 2024

  13. [13]

    Constrained network adversarial attacks: Validity, robustness, and transferability,

    A. Grini, O. Taheri, B. El Khamlichi, and A. El Fallah-Seghrouchni, “Constrained network adversarial attacks: Validity, robustness, and transferability,”arXiv preprint arXiv:2505.01328, 2025

    work page arXiv 2025

  14. [14]

    Adversarial ml threat matrix (atlas),

    M. Corporation, L. Wong, K. Manville, and ramtherunner, “Adversarial ml threat matrix (atlas),”Technical Report, 2020

    work page 2020

  15. [15]

    A survey on neural networks for (cyber-) security and (cyber-) security of neural networks,

    M. Pawlicki, R. Kozik, and M. Chora ´s, “A survey on neural networks for (cyber-) security and (cyber-) security of neural networks,”Neural Computing and Applications, vol. 500, no. C, pp. 1075–1087, 2022

    work page 2022

  16. [16]

    Neural- symbolic integration and the semantic web,

    P. Hitzler, F. Bianchi, M. Ebrahimi, and M. K. Sarker, “Neural- symbolic integration and the semantic web,”Semantic Web, vol. 11, no. 1, pp. 3–11, 2020

    work page 2020

  17. [17]

    Towards data-and knowledge-driven ai: A survey on neuro-symbolic computing,

    W. Wang, Y . Yang, and F. Wu, “Towards data-and knowledge-driven ai: A survey on neuro-symbolic computing,”IEEE TPAMI, vol. 47, no. 2, pp. 878–899, 2024

    work page 2024

  18. [18]

    Neuro-symbolic artificial intelligence: A survey,

    B. Bhuyan, A. Ramdane-Cherif, R. Tomaret al., “Neuro-symbolic artificial intelligence: A survey,”Neural Computing and Applications, vol. 36, pp. 12 809–12 844, 2024

    work page 2024

  19. [19]

    Neuro-symbolic ai in 2024: A systematic review.arXiv preprint arXiv:2501.05435, 2025

    B. C. Colelough and W. Regli, “Neuro-symbolic ai in 2024: A systematic review,”arXiv preprint arXiv:2501.05435, 2025

    work page arXiv 2024

  20. [20]

    Explain- able ai for cybersecurity automation, intelligence and trustworthiness in digital twin: Methods, taxonomy, challenges and prospects,

    I. H. Sarker, H. Janicke, A. Mohsin, A. Gill, and L. Maglaras, “Explain- able ai for cybersecurity automation, intelligence and trustworthiness in digital twin: Methods, taxonomy, challenges and prospects,”ICT Express, vol. 10, no. 4, pp. 935–958, 2024

    work page 2024

  21. [21]

    Building trustworthy neurosymbolic ai sys- tems: Consistency, reliability, explainability, and safety,

    M. Gaur and A. Sheth, “Building trustworthy neurosymbolic ai sys- tems: Consistency, reliability, explainability, and safety,”AI Magazine, vol. 45, no. 1, pp. 139–155, 2024

    work page 2024

  22. [22]

    Neurosymbolic ai as an antithesis to scaling laws,

    A. Velasquez, N. Bhatt, U. Topcu, Z. Wang, K. Sycara, S. Stepputtis, S. Neema, and G. Vallabha, “Neurosymbolic ai as an antithesis to scaling laws,”PNAS Nexus, vol. 4, no. 5, p. pgaf117, 2025

    work page 2025

  23. [23]

    Causal neurosymbolic ai: A syn- ergy between causality and neurosymbolic methods,

    U. Jaimini, C. Henson, and A. Sheth, “Causal neurosymbolic ai: A syn- ergy between causality and neurosymbolic methods,”IEEE Intelligent Systems, vol. 39, no. 3, pp. 13–19, 2024

    work page 2024

  24. [24]

    Causality for trustworthy artificial intelligence: Status, challenges and perspectives,

    A. Rawal, A. Raglin, D. B. Rawat, B. M. Sadler, and J. McCoy, “Causality for trustworthy artificial intelligence: Status, challenges and perspectives,”ACM Computing Surveys, vol. 57, no. 6, p. 146, 2025

    work page 2025

  25. [25]

    Adapt: A game-theoretic and neuro- symbolic framework for automated distributed adaptive penetration testing,

    H. Lei, Y . Ge, and Q. Zhu, “Adapt: A game-theoretic and neuro- symbolic framework for automated distributed adaptive penetration testing,” inIEEE MILCOM, 2024

    work page 2024

  26. [26]

    Converging paradigms: The synergy of symbolic and con- nectionist ai in llm-empowered autonomous agents,

    H. Xiong, Z. Wang, X. Li, J. Bian, Z. Xie, S. Mumtaz, and L. E. Barnes, “Converging paradigms: The synergy of symbolic and con- nectionist ai in llm-empowered autonomous agents,”arXiv preprint arXiv:2407.08516, 2024

    work page arXiv 2024

  27. [27]

    Prompt injection 2.0: Hybrid ai threats,

    J. McHugh, K. ˇSekrst, and J. Cefalu, “Prompt injection 2.0: Hybrid ai threats,”arXiv preprint arXiv:2507.13169, 2025

    work page arXiv 2025

  28. [28]

    Ai cyber risk benchmark: Automated exploitation capabilities,

    D. Ristea, V . Mavroudis, and C. Hicks, “Ai cyber risk benchmark: Automated exploitation capabilities,”arXiv preprint arXiv:2410.21939, 2024

    work page arXiv 2024

  29. [29]

    Cve-bench: A benchmark for ai agents’ ability to exploit real-world web application vulnerabilities,

    Y . Zhu, A. Kellermann, D. Bowman, P. Li, A. Gupta, A. Danda, R. Fang, C. Jensen, E. Ihli, J. Benn, J. Geronimo, A. Dhir, S. Rao, K. Yu, T. Stone, and D. Kang, “Cve-bench: A benchmark for ai agents’ ability to exploit real-world web application vulnerabilities,” inICML, 2025

    work page 2025

  30. [30]

    A survey on verification and validation, testing and evaluations 37 of neurosymbolic artificial intelligence,

    J. Renkhoff, K. Feng, M. Meier-Doernberg, A. Velasquez, and H. H. Song, “A survey on verification and validation, testing and evaluations 37 of neurosymbolic artificial intelligence,”IEEE TAI, vol. 5, no. 8, pp. 3765–3779, 2024

    work page 2024

  31. [31]

    Towards cognitive ai systems: Workload and characterization of neuro-symbolic ai,

    Z. Wan, C.-K. Liu, H. Yang, R. Raj, C. Li, H. You, Y . Fu, C. Wan, A. Samajdar, and Y . C. Lin, “Towards cognitive ai systems: Workload and characterization of neuro-symbolic ai,” inIEEE ISPASS, 2024, pp. 268–279

    work page 2024

  32. [32]

    Surveying neuro-symbolic approaches for reliable artificial intelligence of things,

    Z. Lu, I. Afridi, H. J. Kang, I. Ruchkin, and X. Zheng, “Surveying neuro-symbolic approaches for reliable artificial intelligence of things,” Journal of Reliable Intelligent Environments, vol. 10, no. 3, pp. 257– 279, 2024

    work page 2024

  33. [33]

    Neuro-symbolic ai for military applications,

    D. H. Hagos and D. B. Rawat, “Neuro-symbolic ai for military applications,”IEEE TAI, vol. 5, no. 12, pp. 6012–6026, 2024

    work page 2024

  34. [34]

    Mitre att&ck: State of the art and way forward,

    B. Al-Sada, A. Sadighian, and G. Oligeri, “Mitre att&ck: State of the art and way forward,”ACM Computing Surveys, vol. 57, no. 1, pp. 12:1–12:37, 2024

    work page 2024

  35. [35]

    Mitre att&ck labeling of cyber threat intelligence via llm,

    T. O’Brien, “Mitre att&ck labeling of cyber threat intelligence via llm,” Technical Report, 2025

    work page 2025

  36. [36]

    A survey on cybersecurity knowledge graph construction,

    X. Zhao, R. Jiang, Y . Han, A. Li, and Z. Peng, “A survey on cybersecurity knowledge graph construction,”Computers & Security, vol. 136, p. 103524, 2024

    work page 2024

  37. [37]

    Enhancing cybersecurity through autonomous knowledge graph construction by integrating heterogeneous data sources,

    H. Alharbi, A. Hur, H. Alkahtani, and H. F. Ahmad, “Enhancing cybersecurity through autonomous knowledge graph construction by integrating heterogeneous data sources,”PeerJ Computer Science, vol. 11, p. e2768, 2025

    work page 2025

  38. [38]

    Crucialg: Reconstruct integrated attack scenario graphs by cyber threat intelligence reports,

    W. Cheng, T. Zhu, T. Chen, Q. Yuan, J. Ying, H. Li, C. Xiong, M. Li, M. Lv, and Y . Chen, “Crucialg: Reconstruct integrated attack scenario graphs by cyber threat intelligence reports,”IEEE TDSC, pp. 1–17, 2025

    work page 2025

  39. [39]

    Scientific procedures and rationales for systematic literature reviews (spar-4-slr),

    J. Paul, W. M. Lim, A. O’Cass, A. W. Hao, and S. Bresciani, “Scientific procedures and rationales for systematic literature reviews (spar-4-slr),” International Journal of Consumer Studies, vol. 45, no. 4, pp. O1–O14, 2021

    work page 2021

  40. [40]

    Anthropomorphism and consumer behaviour: A spar-4-slr protocol compliant hybrid review,

    F. M. Khan, M. Anas, and S. M. F. Uddin, “Anthropomorphism and consumer behaviour: A spar-4-slr protocol compliant hybrid review,” International Journal of Consumer Studies, 2023

    work page 2023

  41. [41]

    From statistical relational to neurosymbolic artificial intelligence: A survey,

    G. Marra, S. Duman ˇci´c, R. Manhaeve, and L. De Raedt, “From statistical relational to neurosymbolic artificial intelligence: A survey,” Artificial Intelligence, vol. 328, p. 104062, 2024

    work page 2024

  42. [42]

    Logicity: Advancing neuro-symbolic ai with abstract urban simulation,

    B. Li, Z. Li, Q. Du, J. Luo, W. Wang, Y . Xie, S. Stepputtis, C. Wang, K. Sycara, P. Ravikumaret al., “Logicity: Advancing neuro-symbolic ai with abstract urban simulation,”NeurIPS, vol. 37, pp. 69 840–69 864, 2024

    work page 2024

  43. [43]

    Explainable intrusion detection systems (x-ids): A survey of current methods, challenges, and opportunities,

    S. Neupane, J. Ables, W. Anderson, S. Mittal, S. Rahimi, and I. Ban- icescu, “Explainable intrusion detection systems (x-ids): A survey of current methods, challenges, and opportunities,”IEEE Access, vol. 10, pp. 112 392–112 415, 2022

    work page 2022

  44. [44]

    A neuro-symbolic classifier with optimized satisfiability for monitoring security alerts in network traffic,

    D. Onchis, C. Istin, and E. Hogea, “A neuro-symbolic classifier with optimized satisfiability for monitoring security alerts in network traffic,” Applied Sciences, vol. 12, no. 22, p. 11502, 2022

    work page 2022

  45. [45]

    Managing concept drift in online intrusion detection systems with active learning,

    F. Camarda, A. De Paola, S. Drago, P. Ferraro, and G. Lo Re, “Managing concept drift in online intrusion detection systems with active learning,” inCEUR Workshop, vol. 3962, 2025

    work page 2025

  46. [46]

    Dimensions of Neural-symbolic Integration - A Structured Survey

    S. Bader and P. Hitzler, “Dimensions of neural-symbolic integration: A structured survey,”arXiv preprint arXiv:cs/0511042, 2005

    work page internal anchor Pith review Pith/arXiv arXiv 2005

  47. [47]

    Neural-symbolic learning and reasoning: A survey and interpretation,

    T. R. Besold, A. d’Avila Garcez, S. Bader, H. Bowman, P. Domingos, P. Hitzler, K.-U. K¨uhnberger, P. M. V . Lima, L. de Penning, G. Pinkas, H. Poon, and G. Zaverucha, “Neural-symbolic learning and reasoning: A survey and interpretation,” inNeuro-Symbolic AI, 2021, pp. 1–51

    work page 2021

  48. [48]

    Neuro symbolic reasoning and learning,

    P. Shakarian, G. I. Simari, C. Baral, B. Xi, and L. Pokala, “Neuro symbolic reasoning and learning,”Book, 2023

    work page 2023

  49. [49]

    Handbook on neurosymbolic ai and knowledge graphs,

    P. Hitzler, A. Dalal, M. S. Mahdavinejad, and S. S. Norouzi, “Handbook on neurosymbolic ai and knowledge graphs,”Book, 2025

    work page 2025

  50. [50]

    The role of foundation models in neuro-symbolic learning and reasoning,

    D. Cunnington, M. Law, J. Lobo, and A. Russo, “The role of foundation models in neuro-symbolic learning and reasoning,” inNeSy, 2024, pp. 84–100

    work page 2024

  51. [51]

    Neuro-symbolic methods for trustworthy ai: A systematic review,

    C. Michel-Del ´etie and M. K. Sarker, “Neuro-symbolic methods for trustworthy ai: A systematic review,”Neurosymbolic Artificial Intelli- gence, 2024

    work page 2024

  52. [52]

    Knowgraph: Knowledge-enabled anomaly detection via logical reasoning on graph data,

    A. Zhou, X. Xu, R. Raghunathan, A. Lal, X. Guan, B. Yu, and B. Li, “Knowgraph: Knowledge-enabled anomaly detection via logical reasoning on graph data,” inACM CCS, 2024, pp. 168–182

    work page 2024

  53. [53]

    Hierarchical multi-agent reinforcement learning for cyber network defense,

    A. V . Singh, E. Rathbun, E. Graham, L. Oakley, S. Boboila, A. Oprea, and P. Chin, “Hierarchical multi-agent reinforcement learning for cyber network defense,”arXiv preprint arXiv:2410.17351, 2024

    work page arXiv 2024

  54. [54]

    On the use of neurosymbolic ai for defending against cyber attacks,

    G. Grov, J. Halvorsen, M. W. Eckhoff, B. J. Hansen, M. Eian, and V . Mavroeidis, “On the use of neurosymbolic ai for defending against cyber attacks,” inNeural-Symbolic Learning and Reasoning, 2024, pp. 119–140

    work page 2024

  55. [55]

    Neurosymbolic learning and domain knowledge-driven explainable ai for enhanced iot network attack detection and response,

    C. S. Kalutharage, X. Liu, and C. Chrysoulas, “Neurosymbolic learning and domain knowledge-driven explainable ai for enhanced iot network attack detection and response,”Computers & Security, vol. 151, p. 104318, 2025

    work page 2025

  56. [56]

    Grounding methods for neural-symbolic ai,

    R. C. Ontiveros, F. Giannini, M. Gori, G. Marra, and M. Dili- genti, “Grounding methods for neural-symbolic ai,”arXiv preprint arXiv:2507.08216, 2025

    work page arXiv 2025

  57. [57]

    Softened symbol grounding for neuro-symbolic systems,

    Z. Li, Y . Yao, T. Chen, J. Xu, C. Cao, X. Ma, and J. L ¨u, “Softened symbol grounding for neuro-symbolic systems,” inICLR, 2023

    work page 2023

  58. [58]

    Can causal (and counterfac- tual) reasoning improve privacy threat modelling?

    R. Naidu and N. Kagalwalla, “Can causal (and counterfac- tual) reasoning improve privacy threat modelling?”arXiv preprint arXiv:2207.09746, 2022

    work page arXiv 2022

  59. [59]

    Neurosymbolic artificial intelligence for robust network intru- sion detection: From scratch to transfer learning,

    H. T. T. Tran, J. Sander, A. Cohen, B. Jalaian, and N. D. Bas- tian, “Neurosymbolic artificial intelligence for robust network intru- sion detection: From scratch to transfer learning,”arXiv preprint arXiv:2506.04454, 2025

    work page arXiv 2025

  60. [60]

    Ltl verification of mem- oryful neural agents,

    M. Hosseini, A. Lomuscio, and N. Paoletti, “Ltl verification of mem- oryful neural agents,” inAAMAS, 2025

    work page 2025

  61. [61]

    Nature’s insight: A novel framework and comprehensive analysis of agentic reasoning through the lens of neuroscience,

    Z. Liu, H. Li, J. Lu, G. Ma, X. Hong, G. Iacca, A. Kumar, S. Tang, and L. Wang, “Nature’s insight: A novel framework and comprehensive analysis of agentic reasoning through the lens of neuroscience,”arXiv preprint arXiv:2505.05515, 2025

    work page arXiv 2025

  62. [62]

    End-to-end neuro-symbolic reinforcement learning with textual explanations,

    L. Luo, G. Zhang, H. Xu, Y . Yang, C. Fang, and Q. Li, “End-to-end neuro-symbolic reinforcement learning with textual explanations,” in ICML, 2024, pp. 33 533–33 557

    work page 2024

  63. [63]

    Out-of-distribution detection for neurosymbolic autonomous cyber agents,

    A. Samaddar, N. Potteiger, and X. Koutsoukos, “Out-of-distribution detection for neurosymbolic autonomous cyber agents,” inIEEE ICAIC, 2025

    work page 2025

  64. [64]

    Knowledge-enhanced neurosymbolic artificial intelligence for cyber- security and privacy,

    A. Piplai, A. Kotal, S. Mohseni, M. Gaur, S. Mittal, and A. Joshi, “Knowledge-enhanced neurosymbolic artificial intelligence for cyber- security and privacy,”IEEE IC, vol. 27, no. 5, pp. 43–48, 2023

    work page 2023

  65. [65]

    Improving network threat detection by knowledge graph, large language model, and imbalanced learning,

    L. Zhang, Q. Zhu, H. Ray, and Y . Xie, “Improving network threat detection by knowledge graph, large language model, and imbalanced learning,”arXiv preprint arXiv:2501.16393, 2025

    work page arXiv 2025

  66. [66]

    Building a cybersecurity knowledge graph with cybergraph,

    P. Falcarin and F. Dainese, “Building a cybersecurity knowledge graph with cybergraph,” inACM/IEEE EnCyCriS, 2024, pp. 29–36

    work page 2024

  67. [67]

    Cybersecurity knowledge graphs,

    L. F. Sikos, “Cybersecurity knowledge graphs,”Knowledge and Infor- mation Systems, vol. 65, no. 9, pp. 3511–3531, 2023

    work page 2023

  68. [68]

    A synergistic approach in network intrusion detection by neurosymbolic ai,

    A. Bizzarri, C.-E. Yu, B. Jalaian, F. Riguzzi, and N. D. Bastian, “A synergistic approach in network intrusion detection by neurosymbolic ai,”arXiv preprint arXiv:2406.00938, 2024

    work page arXiv 2024

  69. [69]

    Am- pere: Amr-aware prefix for generation-based event argument extraction model,

    I.-H. Hsu, Z. Xie, K.-H. Huang, P. Natarajan, and N. Peng, “Am- pere: Amr-aware prefix for generation-based event argument extraction model,”arXiv preprint arXiv:2305.16734, 2023

    work page arXiv 2023

  70. [70]

    Neurosymbolic ai for reasoning over knowledge graphs: A survey,

    L. N. DeLong, R. F. Mir, and J. D. Fleuriot, “Neurosymbolic ai for reasoning over knowledge graphs: A survey,”IEEE TNNLS, vol. 36, no. 5, pp. 7822–7842, 2024

    work page 2024

  71. [71]

    Knowledge graph reasoning for cyber attack detection,

    E. Gilliard, J. Liu, and A. A. Aliyu, “Knowledge graph reasoning for cyber attack detection,”IET Communications, vol. 18, no. 4, pp. 297– 308, 2024

    work page 2024

  72. [72]

    Graph neural networks embedded with domain knowledge for cyber threat intelligence entity and relationship mining,

    G. Liu, K. Lu, and S. Pi, “Graph neural networks embedded with domain knowledge for cyber threat intelligence entity and relationship mining,”PeerJ Computer Science, vol. 11, p. e2769, 2025

    work page 2025

  73. [73]

    Actionable cyber threat intelligence using knowledge graphs and large language models,

    R. Fieblinger, M. T. Alam, and N. Rastogi, “Actionable cyber threat intelligence using knowledge graphs and large language models,” in IEEE EuroS&PW, 2024, pp. 100–111

    work page 2024

  74. [74]

    Learning guided automated reasoning: A brief survey,

    L. Blaauwbroeket al., “Learning guided automated reasoning: A brief survey,” inLogics and Type Systems in Theory and Practice, 2024, pp. 71–92

    work page 2024

  75. [75]

    First experiments with neural cvc5,

    J. Piepenbrock, M. Janota, J. Urban, and J. Jakub ˚uv, “First experiments with neural cvc5,” inEPiC Series in Computing, vol. 100, 2023, pp. 249–264

    work page 2023

  76. [76]

    Graph2tac: Online representation learning of formal math concepts,

    L. Blaauwbroek, M. Ol ˇs´ak, J. Rute, F. I. S. Massolo, J. Piepenbrock, and V . Pestun, “Graph2tac: Online representation learning of formal math concepts,” inICML, 2024

    work page 2024

  77. [77]

    Nesyc: A neuro- symbolic continual learner for complex embodied tasks in open do- mains,

    W. Choi, J. Park, S. Ahn, D. Lee, and H. Woo, “Nesyc: A neuro- symbolic continual learner for complex embodied tasks in open do- mains,” inICLR, 2025

    work page 2025

  78. [78]

    Learning neuro-symbolic relational transition models for bilevel planning,

    R. Chitnis, T. Silver, J. B. Tenenbaum, T. Lozano-P ´erez, and L. P. Kaelbling, “Learning neuro-symbolic relational transition models for bilevel planning,” inIEEE IROS, 2022, pp. 4166–4173

    work page 2022

  79. [79]

    Hierarchical multi- agent reinforcement learning for autonomous cyber defense in coalition networks,

    T. H ¨urten, J. F. Loevenich, F. Spelter, E. Adler, J. Braun, L. Moxon, Y . Gourlet, T. Lefeuvre, and R. R. F. Lopes, “Hierarchical multi- agent reinforcement learning for autonomous cyber defense in coalition networks,” inIEEE MILCOM, 2024, pp. 176–181. 38

    work page 2024

  80. [80]

    A neuro- symbolic artificial intelligence network intrusion detection system,

    A. Bizzarri, B. Jalaian, F. Riguzzi, and N. D. Bastian, “A neuro- symbolic artificial intelligence network intrusion detection system,” in IEEE ICCCN, 2024, pp. 1–9

    work page 2024

Showing first 80 references.