CyberAId: AI-Driven Cybersecurity for Financial Service Providers
CyberAId: AI-Driven Cybersecurity for Financial Service Providers
The paper presents CyberAId, a hybrid multi-agent AI platform designed to enhance cybersecurity for European financial institutions under regulatory frameworks like DORA, NIS2, and the EU AI Act. The core argument is that current security operations are limited by reasoning capacity, not data or staffing, and that narrow LLM wins on isolated tasks do not constitute a deployable platform. CyberAId addresses this by combining specialist LLM subagents with classical SIEM/XDR telemetry, ensuring high-throughput ingestion and deterministic detection while leveraging LLMs for cross-domain synthesis, regulatory mapping, and natural-language interaction.
The platform features a Main Agent/CRA coordination layer, a Reporting capability, and eight specialist agents (Threat Intelligence, Vulnerability Assessment, Compliance Verification, Behavioural Analysis, Incident Response, Forensic Analysis, DevSecOps/Code Analysis). It operates under bounded human-in-the-loop autonomy with three tiers of escalation, and incorporates partitioned RAG, federated cross-institutional knowledge sharing, and optional capability packs including digital twin adversarial validation, eBPF kernel telemetry, and quantum token authentication. The system is validated across four financial use cases: client impersonation, anti-money laundering, retail banking incident response, and high-frequency trading resilience. The paper identifies skill-based agent adaptation as the most promising research direction for continuously refining collective defence across deployments.
Highlights
- 1Proposes CyberAId, a hybrid multi-agent platform for financial cybersecurity that combines LLM-based reasoning with classical SIEM/XDR telemetry.
- 2Introduces four falsifiable design principles: hybrid grounding, specialisation and composition, federated knowledge sharing, and architectural trust.
- 3Addresses regulatory compliance (DORA, NIS2, EU AI Act) as a first-class requirement, with built-in audit trails and human-in-the-loop tiers.
- 4Validates the platform across four financial use cases: client impersonation, AML, retail banking incident response, and high-frequency trading resilience.
- 5Identifies skill-based agent adaptation as a key research direction for continuously refined collective defence.
Methods
- MHybrid multi-agent architecture with a Main Agent/CRA coordination layer, specialist subagents (TIA, VAA, CVA, BAA, IRA, FAA, DCA), and a Reporting capability.
- MPartitioned RAG with hybrid dense-sparse retrieval and graph traversal over CVE-CWE-CAPEC-ATT&CK chains.
- MFederated cross-institutional knowledge sharing using secure multi-party computation, secure aggregation, and differential privacy.
- MOptional capability packs: digital twin adversarial validation, eBPF-based kernel telemetry, and quantum token authentication.
Results
- RThe platform is model-agnostic and on-premise deployable, ensuring data residency under DORA, NIS2, and GDPR.
- RBounded autonomy with three HITL tiers (autonomous, confidence-gated, explicit approval) implements EU AI Act Article 14 oversight.
- RFederated knowledge sharing allows smaller institutions to inherit detection capability from larger participants without exporting customer data.
- RSkill-based agent adaptation enables composable, versioned, and signed specialisation packages that can be refined via federated learning.
- RThe architecture closes the analytical loop by writing back detection rules, enrichment fields, and SOAR playbooks to the SIEM.
Analyze Paper
Generate insights from "CyberAId: AI-Driven Cybersecurity for Financial Service Prov...".