{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,1]],"date-time":"2025-12-01T07:00:10Z","timestamp":1764572410745,"version":"3.46.0"},"reference-count":33,"publisher":"Springer Science and Business Media LLC","issue":"6","license":[{"start":{"date-parts":[[2025,10,30]],"date-time":"2025-10-30T00:00:00Z","timestamp":1761782400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,10,30]],"date-time":"2025-10-30T00:00:00Z","timestamp":1761782400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,12]]},"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>Cybersecurity and artificial intelligence (AI) increasingly intersect as organizations grapple with sophisticated cyber threats and expanding digital landscapes. Incident response teams traditionally rely on structured procedures to identify, manage, and mitigate cyber incidents. Our work explores the effectiveness of generative AI, specifically Large Language Models (LLMs), within cybersecurity, focusing primarily on incident response processes. Experimental evaluations demonstrate that specific LLMs exhibit distinct strengths suitable for different stages of incident management. GPT-4o and GPT-3.5 show high clarity, consistency and coherence, making them appropriate for real-time containment, isolation, eradication and recovery tasks. Conversely, models such as GPT-o1 and GPT-4 offer superior reasoning capabilities and conciseness, better supporting incident preparation, post-incident analysis, vulnerability assessment and training development. Key limitations pertaining to current LLM implementations are identified, particularly token context constraints in addition to a discussion about ethical considerations regarding reliance on AI responses, including potential impacts on workforce skills and organizational security posture.<\/jats:p>","DOI":"10.1007\/s10207-025-01144-7","type":"journal-article","created":{"date-parts":[[2025,10,30]],"date-time":"2025-10-30T08:10:04Z","timestamp":1761811804000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Analysing the role of LLMs in cybersecurity incident management"],"prefix":"10.1007","volume":"24","author":[{"given":"Gavin","family":"Jones","sequence":"first","affiliation":[]},{"given":"Dimitrios","family":"Kasimatis","sequence":"additional","affiliation":[]},{"given":"Nikolaos","family":"Pitropakis","sequence":"additional","affiliation":[]},{"given":"Richard","family":"Macfarlane","sequence":"additional","affiliation":[]},{"given":"William J.","family":"Buchanan","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,10,30]]},"reference":[{"key":"1144_CR1","doi-asserted-by":"publisher","first-page":"102334","DOI":"10.1016\/j.ijinfomgt.2021.102334","volume":"59","author":"A Naseer","year":"2021","unstructured":"Naseer, A., Naseer, H., Ahmad, A., Maynard, S.B., Siddiqui, A.M.: Real-time analytics, incident response process agility and enterprise cybersecurity performance:a contingent resource-based analysis. International Journal of Information Management 59, 102334 (2021). https:\/\/doi.org\/10.1016\/j.ijinfomgt.2021.102334","journal-title":"International Journal of Information Management"},{"key":"1144_CR2","doi-asserted-by":"publisher","first-page":"100,063","DOI":"10.1016\/J.DIM.2023.100063","volume":"8","author":"I Jada","year":"2024","unstructured":"Jada, I., Mayayise, T.O.: The impact of artificial intelligence on organisational cyber security:an outcome of a systematic literature review. Data and Information Management 8, 100,063 (2024). https:\/\/doi.org\/10.1016\/J.DIM.2023.100063","journal-title":"Data and Information Management"},{"key":"1144_CR3","doi-asserted-by":"publisher","first-page":"395","DOI":"10.1093\/oso\/9780198250791.003.0016","volume-title":"Intelligent Machinery (1948)","author":"A Turing","year":"2004","unstructured":"Turing, A.: Intelligent Machinery (1948), pp. 395\u2013432. Oxford University PressOxford (2004). https:\/\/doi.org\/10.1093\/oso\/9780198250791.003.0016 . (https:\/\/academic.oup.com\/book\/42030\/chapter\/355746030)"},{"key":"1144_CR4","unstructured":"EU: Artificial intelligence act (2024)"},{"key":"1144_CR5","doi-asserted-by":"publisher","first-page":"102122","DOI":"10.1016\/j.cose.2020.102122","volume":"101","author":"A Ahmad","year":"2021","unstructured":"Ahmad, A., Maynard, S.B., Desouza, K.C., Kotsias, J., Whitty, M.T., Baskerville, R.L.: How can organizations develop situation awareness for incident response:a case study of management practice. Computers and Security 101, 102122 (2021). https:\/\/doi.org\/10.1016\/j.cose.2020.102122","journal-title":"Computers and Security"},{"key":"1144_CR6","doi-asserted-by":"crossref","unstructured":"Cichonski, P., Millar, T., Grance, T., Scarfone, K.: Computer security incident handling guide:Recommendations of the national institute of standards and technology (2012)","DOI":"10.6028\/NIST.SP.800-61r2"},{"key":"1144_CR7","doi-asserted-by":"publisher","first-page":"102435","DOI":"10.1016\/j.ijinfomgt.2021.102435","volume":"62","author":"Y He","year":"2022","unstructured":"He, Y., Zamani, E.D., Lloyd, S., Luo, C.: Agile incident response (air):improving the incident response process in healthcare. International Journal of Information Management 62, 102435 (2022). https:\/\/doi.org\/10.1016\/j.ijinfomgt.2021.102435","journal-title":"International Journal of Information Management"},{"key":"1144_CR8","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1080\/0960085X.2022.2088414","volume":"32","author":"J Kotsias","year":"2023","unstructured":"Kotsias, J., Ahmad, A., Scheepers, R.: Adopting and integrating cyber-threat intelligence in a commercial organisation. Eur. J. Inf. Syst. 32, 35\u201351 (2023). https:\/\/doi.org\/10.1080\/0960085X.2022.2088414","journal-title":"Eur. J. Inf. Syst."},{"issue":"1","key":"1144_CR9","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1007\/s12599-023-00834-7","volume":"66","author":"S Feuerriegel","year":"2024","unstructured":"Feuerriegel, S., Hartmann, J., Janiesch, C., Zschech, P.: Generative ai. Business & Information Systems Engineering 66(1), 111\u2013126 (2024)","journal-title":"Business & Information Systems Engineering"},{"issue":"2","key":"1144_CR10","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1007\/s12599-023-00795-x","volume":"65","author":"T Teubner","year":"2023","unstructured":"Teubner, T., Flath, C.M., Weinhardt, C., Van Der Aalst, W., Hinz, O.: Welcome to the era of chatgpt et al. the prospects of large language models. Business & Information Systems Engineering 65(2), 95\u2013101 (2023)","journal-title":"Business & Information Systems Engineering"},{"key":"1144_CR11","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1016\/j.neures.2024.06.003","volume":"215","author":"R Wang","year":"2025","unstructured":"Wang, R., Chen, Z.S.: Large-scale foundation models and generative ai for bigdata neuroscience. Neurosci. Res. 215, 3\u201314 (2025)","journal-title":"Neurosci. Res."},{"issue":"1","key":"1144_CR12","doi-asserted-by":"publisher","first-page":"141","DOI":"10.1038\/s43856-023-00370-1","volume":"3","author":"J Clusmann","year":"2023","unstructured":"Clusmann, J., Kolbinger, F.R., Muti, H.S., Carrero, Z.I., Eckardt, J.N., Laleh, N.G., L\u00f6ffler, C.M.L., Schwarzkopf, S.C., Unger, M., Veldhuizen, G.P., et al.: The future landscape of large language models in medicine. Communications medicine 3(1), 141 (2023)","journal-title":"Communications medicine"},{"key":"1144_CR13","doi-asserted-by":"publisher","first-page":"101,861","DOI":"10.1016\/j.inffus.2023.101861","volume":"99","author":"J Koco\u0144","year":"2023","unstructured":"Koco\u0144, J., Cichecki, I., Kaszyca, O., Kochanek, M., Szyd\u0142o, D., Baran, J., Bielaniewicz, J., Gruza, M., Janz, A., Kanclerz, K., et al.: Chatgpt:jack of all trades, master of none. Information Fusion 99, 101,861 (2023)","journal-title":"Information Fusion"},{"key":"1144_CR14","doi-asserted-by":"publisher","unstructured":"Scott, J., Kyobe, M.: Trends in cybersecurity management issues related to human behaviour and machine learning. In: International Conference on Electrical, Computer, and Energy Technologies, ICECET 2021. Institute of Electrical and Electronics Engineers Inc. (2021). https:\/\/doi.org\/10.1109\/ICECET52533.2021.9698626","DOI":"10.1109\/ICECET52533.2021.9698626"},{"key":"1144_CR15","first-page":"83","volume":"2018","author":"M Rege","year":"2018","unstructured":"Rege, M., Mbah, R.B.K.: Machine learning for cyber defense and attack. Data Analytics 2018, 83 (2018)","journal-title":"Data Analytics"},{"key":"1144_CR16","doi-asserted-by":"crossref","unstructured":"Noever, D.: Can large language models find and fix vulnerable software? (2023)","DOI":"10.5121\/ijaia.2023.14301"},{"key":"1144_CR17","unstructured":"Cheshkov, A., Zadorozhny, P., Levichev, R.: Evaluation of chatgpt model for vulnerability detection. arXiv:2304.07232 (2023)"},{"key":"1144_CR18","first-page":"387","volume-title":"International Conference on Data Intelligence and Cognitive Informatics","author":"G Marvin","year":"2023","unstructured":"Marvin, G., Hellen, N., Jjingo, D., Nakatumba-Nabende, J.: Prompt engineering in large language models. In: International Conference on Data Intelligence and Cognitive Informatics, pp. 387\u2013402. Springer (2023)"},{"key":"1144_CR19","unstructured":"Naveed, H., Khan, A.U., Qiu, S., Saqib, M., Anwar, S., Usman, M., Akhtar, N., Barnes, N., Mian, A.: A comprehensive overview of large language models. ACM Transactions on Intelligent Systems and Technology (2023)"},{"key":"1144_CR20","doi-asserted-by":"publisher","first-page":"102720","DOI":"10.1016\/j.acalib.2023.102720","volume":"49","author":"LS Lo","year":"2023","unstructured":"Lo, L.S.: The clear path:a framework for enhancing information literacy through prompt engineering. Journal of Academic Librarianship 49, 102720 (2023). https:\/\/doi.org\/10.1016\/j.acalib.2023.102720","journal-title":"Journal of Academic Librarianship"},{"key":"1144_CR21","unstructured":"Lewis, P., Perez, E., Piktus, A., Petroni, F., Karpukhin, V., Goyal, N., K\u00fcttler, H., Lewis, M., Yih, W.T., Rockt\u00e4schel, T., Riedel, S., Kiela, D.: Retrieval-augmented generation for knowledge-intensive nlp tasks (2020). https:\/\/github.com\/huggingface\/transformers\/blob\/master\/"},{"key":"1144_CR22","unstructured":"Solaiman, I., Brundage, M., Jack, O., Openai, C., Openai, A.A., Herbert-Voss, A., Openai, J.W., Openai, A.R., Openai, G.K., Wook, J., Openai, K., Kreps, S., Politiwatch, M.M., Newhouse, A., Blazakis, J., Mcguffie, K., Wang, J.: Openai report release strategies and the social impacts of language models (2019)"},{"key":"1144_CR23","unstructured":"Gao, Y., Xiong, Y., Gao, X., Jia, K., Pan, J., Bi, Y., Dai, Y., Sun, J., Wang, H., Wang, H.: Retrieval-augmented generation for large language models: A survey. 2(1) (2023) arXiv:2312.10997"},{"key":"1144_CR24","doi-asserted-by":"crossref","unstructured":"Cuconasu, F., Trappolini, G., Siciliano, F., Filice, S., Campagnano, C., Maarek, Y., Tonellotto, N., Silvestri, F.: The power of noise: Redefining retrieval for rag systems. In: Proceedings of the 47th International ACM SIGIR Conference on Research and Development in Information Retrieval, pp. 719\u2013729 (2024)","DOI":"10.1145\/3626772.3657834"},{"key":"1144_CR25","unstructured":"Hays, S., White, J.: Employing llms for incident response planning and review. arXiv:2403.01271 (2024)"},{"key":"1144_CR26","first-page":"1","volume-title":"2025 13th International Symposium on Digital Forensics and Security (ISDFS)","author":"Z Liu","year":"2025","unstructured":"Liu, Z.: Autobnb: Multi-agent incident response with large language models. In: 2025 13th International Symposium on Digital Forensics and Security (ISDFS), pp. 1\u20136. IEEE (2025)"},{"key":"1144_CR27","first-page":"1877","volume":"33","author":"T Brown","year":"2020","unstructured":"Brown, T., Mann, B., Ryder, N., Subbiah, M., Kaplan, J.D., Dhariwal, P., Neelakantan, A., Shyam, P., Sastry, G., Askell, A., et al.: Language models are few-shot learners. Adv. Neural. Inf. Process. Syst. 33, 1877\u20131901 (2020)","journal-title":"Adv. Neural. Inf. Process. Syst."},{"issue":"4","key":"1144_CR28","doi-asserted-by":"publisher","first-page":"102,720","DOI":"10.1016\/j.acalib.2023.102720","volume":"49","author":"LS Lo","year":"2023","unstructured":"Lo, L.S.: The clear path:a framework for enhancing information literacy through prompt engineering. The Journal of Academic Librarianship 49(4), 102,720 (2023)","journal-title":"The Journal of Academic Librarianship"},{"key":"1144_CR29","unstructured":"Zhang, T., Kishore, V., Wu, F., Weinberger, K.Q., Artzi, Y.: Bertscore: Evaluating text generation with bert. arXiv:1904.09675 (2019)"},{"key":"1144_CR30","doi-asserted-by":"publisher","first-page":"103,139","DOI":"10.1016\/j.cose.2023.103139","volume":"128","author":"H Mouratidis","year":"2023","unstructured":"Mouratidis, H., Islam, S., Santos-Olmo, A., Sanchez, L.E., Ismail, U.M.: Modelling language for cyber security incident handling for critical infrastructures. Computers & Security 128, 103,139 (2023)","journal-title":"Computers & Security"},{"key":"1144_CR31","unstructured":"explosion: spacy: Industrial-strength nlp. https:\/\/github.com\/explosion\/spaCy (2025)"},{"key":"1144_CR32","first-page":"46595","volume":"36","author":"L Zheng","year":"2023","unstructured":"Zheng, L., Chiang, W.L., Sheng, Y., Zhuang, S., Wu, Z., Zhuang, Y., Lin, Z., Li, Z., Li, D., Xing, E., et al.: Judging llm-as-a-judge with mt-bench and chatbot arena. Adv. Neural. Inf. Process. Syst. 36, 46595\u201346623 (2023)","journal-title":"Adv. Neural. Inf. Process. Syst."},{"key":"1144_CR33","doi-asserted-by":"publisher","first-page":"1","DOI":"10.4018\/ijsppc.320225","volume":"15","author":"G Sebastian","year":"2023","unstructured":"Sebastian, G.: Do chatgpt and other ai chatbots pose a cybersecurity risk? International Journal of Security and Privacy in Pervasive Computing 15, 1\u201311 (2023). https:\/\/doi.org\/10.4018\/ijsppc.320225","journal-title":"International Journal of Security and Privacy in Pervasive Computing"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01144-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-01144-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01144-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,1]],"date-time":"2025-12-01T06:55:26Z","timestamp":1764572126000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-01144-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,30]]},"references-count":33,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2025,12]]}},"alternative-id":["1144"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-01144-7","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"type":"print","value":"1615-5262"},{"type":"electronic","value":"1615-5270"}],"subject":[],"published":{"date-parts":[[2025,10,30]]},"assertion":[{"value":"27 June 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"19 October 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"30 October 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"228"}}