An Organization-Scoped LLM Agent Runtime Architecture for Regulated Cybersecurity Operations
This architecture aims to provide a secure, auditable, and integrated platform for regulated cybersecurity operations, specifically for financial security operations centers (SOCs) and compliance workflows, by enabling LLM agents to operate within organizational policy and existing infrastructure. It is an incremental step towards more robust LLM agent deployment in sensitive domains.
This paper proposes an organization-scoped LLM agent runtime architecture designed for regulated cybersecurity operations, addressing the lack of a system that enforces organization-level scope across various agent functions while integrating with existing security information and event management (SIEM) and extended detection and response (XDR) stacks. The architecture introduces a typed Security Context, a shared Runtime Core, specialist subagents, and a governed Tool Adapter Layer to manage SIEM/XDR interactions, along with structured findings, human-in-the-loop gates, and append-only audit capabilities.
Regulated cybersecurity workflows lack a runtime substrate that enforces organization-level scope across retrieval, tool calls, memory, findings, reports, and audit while remaining model-agnostic and locally deployable. Recent large language model (LLM) agent systems report strong results on isolated cybersecurity tasks, yet they do not by themselves define an auditable platform architecture for regulated security operations centre (SOC) and compliance workflows, where a single analyst may trigger actions that bind the organization, and where the runtime must integrate with existing SIEM/XDR stacks as a primary source of context and alert-driven triggers rather than operate as a standalone analytical layer. This paper proposes an organization-scoped LLM agent runtime architecture for financial cybersecurity. The contribution is a typed Security Context that is created at every entry point, including SIEM/XDR notifications ingested as first-class triggers, and enforced at every component boundary, combined with a shared Runtime Core, logical specialist subagents, a governed Tool Adapter Layer exposing SIEM/XDR query, enrichment, and response primitives under uniform policy and audit, structured findings with evidence references, tiered human-in-the-loop (HITL) gates, and append-only audit. Model Context Protocol (MCP), extended telemetry, digital twins for pentesting, graph retrieval, and federated knowledge sharing are treated as optional extension paths rather than mandatory runtime assumptions. We describe an implementable slice as the architecture's testability surface, and we propose a falsifiable evaluation plan with metric-level pass criteria for architecture readiness, security-policy enforcement, evidence traceability, output quality, and operational observability.