Go to ICLR 2026 Conference homepagePolar: Automating Cyber Threat Prioritization through LLM-Powered Assessment
Keywords: Large Language Models, Cybersecurity, Threat Prioritization, Vulnerability Assessment, Automated Security Analysis, Cyber Threat Intelligence, CVSS Scoring
TL;DR: We develop an LLM-based system to automate cyber threat prioritization and conduct extensive experiments to show it's effectiveness
Abstract: The rapid expansion of the cyber threat landscape, with over 11,000 new vulnerabilities reported in 2024 alone, has intensified the need for effective threat prioritization. Existing approaches, from rule-based systems to machine learning models, struggle with scalability, distribution shift, and context-independent scoring, often mis-ranking threats in dynamic exploitation environments. In this work, we present POLAR, an LLM-based framework that automates cyber threat prioritization across four sequential stages: Triage, Static Analysis, Exploitation Analysis, and Mitigation Recommendation. POLAR leverages LLM reasoning to transform unstructured threat intelligence into structured severity metrics, forecast exploitation likelihood using temporal narratives, and generate prioritized mitigation strategies. Through extensive evaluations, we highlight that POLAR not only improves prioritization accuracy for various cyber threats in the wild but also provides instructive outputs that assist analyst decision-making, which bridges the gap between automated threat hunting and real-world security practices.
Primary Area: applications to robotics, autonomy, planning
Submission Number: 14989
Loading