Like a Hammer, It Can Build, It Can Break: Large Language Model Uses, Perceptions, and Adoption in Cybersecurity Operations on Reddit
- lab CatalyzeX
- lab DagsHub
- lab Gotit.pub
- lab Hugging Face
- lab ScienceCast
- lab arXivLabs
- location Reddit
- person Souradip Nath
Security practitioners are adopting large language models for low-risk, productivity-oriented cybersecurity tasks, but persistent reliability and verification concerns sharply limit the autonomy they grant these tools, according to a new study analyzing discussions on Reddit [1]. The study, led by Souradip Nath and submitted to arXiv on 11 April 2026, examined 892 posts from three cybersecurity-focused forums on Reddit, spanning December 2022 to September 2025 [1][2]. Researchers used qualitative coding and statistical analysis to map how practitioners discuss LLM tools across three dimensions: the specific tools and use cases cited, the perceived advantages and disadvantages, and broader patterns of adoption and expected industry impact [1][2]. The work addresses what the authors describe as a "limited empirical understanding of how such tools are used, perceived, and adopted by real-world security practitioners" [2]. The findings reveal a clear, pragmatic split. Practitioners report meaningful gains in efficiency and effectiveness when LLMs are integrated into their workflows [1][2]. These gains are most pronounced in independent, low-risk applications where the cost of an error is contained [1][2]. However, the study documents persistent issues with reliability, the overhead required to verify LLM outputs, and direct security risks introduced by the tools themselves [1][2]. These factors "sharply constrain the autonomy granted to LLM tools" [2]. Alongside this grassroots, individual use, the research highlights an active interest in enterprise-grade, security-focused LLM platforms [1][2]. This dual dynamic—independent tinkering for productivity and a demand for hardened, commercially supported systems—reflects a workforce navigating the tension between a powerful new capability and the non-negotiable requirements of operational security. The paper, revised on 15 June 2026, also provides recommendations for developing and adopting LLM tools in ways that protect both organizations and the practitioners themselves [1][2].
applicationcommentaryresearch-paper
Background sources we checked (6)
- arxiv.org ↗ Large language models (LLMs) have recently emerged as promising tools for augmenting Security Operations Center (SOC) workflows, with vendors increasingly marketing autonomous AI solutions for SOCs. However, there remains a limited empirical understanding of how such tools are us…
- arxiv.org ↗ CatalyzeX Code Finder for Papers (What is CatalyzeX?) ... DagsHub Toggle ... DagsHub (What is DagsHub?)…
- arxiv.org ↗ With the creation of new datasets, the question arises of whether the data in them is complementary to other datasets for training ML models (see recent reviews for a perspective of catalysts informatics22, 23, 24). This is especially important when consolidating data with a vari…
- arxiv.org ↗ CatalyzeX Code Finder for Papers (What is CatalyzeX?) ... DagsHub Toggle ... DagsHub (What is DagsHub?)…
- en.wikipedia.org ↗ Sustainable Development Goals (abbr. SDGs) were adopted in 2015 by all United Nations (UN) members for the 2030 Agenda for Sustainable Development. The aim of the 17 global goals is "peace and prosperity for people and the planet", tackling climate change, and working to preserv…
- en.wikipedia.org ↗ In molecular biology, a transcription factor (TF) (or sequence-specific DNA-binding factor) is a protein that controls the rate of transcription of genetic information from DNA to messenger RNA, by binding to DNA sequences. Specificity can be due to sequence motifs, or epigenetic…