The Paradigm of Hallucinations in AI-driven cybersecurity systems: Understanding taxonomy, classification outcomes, and mitigations

The adoption of AI to solve cybersecurity problems is occurring exponentially. However, AI-driven cybersecurity systems face significant challenges due to the impact of hallucinations in Large Language Models (LLMs). In AI-driven cybersecurity systems, hallucinations refer to instances when an AI model generates fabricated, inaccurate, and misleading information that impacts the security posture of organizations. This failure to recognize and misreport security threats identifies benign activities as malicious, invents insights not grounded to actual cyber threats, and causes real threats to go undetected due to erroneous interpretations. Hallucinations are a critical problem in AI-driven cybersecurity because they can lead to severe vulnerabilities, erode trust in automated systems, and divert resources to address non-existent threats. In cybersecurity, where real-time, accurate insights are vital, hallucinated outputs—such as mistakenly generated alerts, can cause a misallocation of time and resources. It is crucial to address hallucinations by improving LLM accuracy, grounding outputs in real-time data, and implementing human oversight mechanisms to ensure that AI-based cybersecurity systems remain trustworthy, reliable, and capable of defending against sophisticated threats. We present a taxonomy of hallucinations in LLMs for cybersecurity, including mapping LLM responses to classification outcomes (confusion matrix components). Finally, we discuss mitigation strategies to combat hallucinations.