Large language models (LLMs) have recently emerged as promising tools for augmenting Security Operations Center (SOC) workflows, with vendors increasingly marketing autonomous AI solutions for SOCs. However, there remains a limited empirical understanding of how such tools are used, perceived, and adopted by real-world security practitioners. To address this gap, we conduct a mixed-methods analysis of discussions in cybersecurity-focused forums to learn how a diverse group of practitioners use and perceive modern LLM tools for security operations. More specifically, we analyzed 892 posts between December 2022 and September 2025 from three cybersecurity-focused forums on Reddit, and, using a combination of qualitative coding and statistical analysis, examined how security practitioners discuss LLM tools across three dimensions: (1) their stated tools and use cases, (2) the perceived pros and cons of each tool across a set of critical factors, and (3) their adoption of such tools and the expected impacts on the cybersecurity industry and individual analysts. Overall, our findings reveal nuanced patterns in LLM tools adoption, highlighting independent use of LLMs for low-risk, productivity-oriented tasks, alongside active interest around enterprise-grade, security-focused LLM platforms. Although practitioners report meaningful gains in efficiency and effectiveness in LLM-assisted workflows, persistent issues with reliability, verification overheads, and security risks sharply constrain the autonomy granted to LLM tools. Based on these results, we also provide recommendations for developing and adopting LLM tools to ensure the security of organizations and the safety of cybersecurity practitioners.

翻译：大语言模型（LLM）近期已成为增强安全运营中心（SOC）工作流的有前景工具，供应商正越来越多地向SOC推广自主AI解决方案。然而，对于真实安全从业者如何实际使用、认知和采纳此类工具，仍缺乏实证理解。为填补这一空白，我们对网络安全论坛中的讨论进行混合方法分析，以了解多样化从业者群体如何认知和使用现代LLM工具进行安全运营。具体而言，我们分析了2022年12月至2025年9月期间Reddit上三个网络安全论坛的892条帖子，结合定性编码与统计分析，从三个维度考察安全从业者如何讨论LLM工具：（1）其提到的工具和用例；（2）在一组关键因素上对每种工具的感知利弊；（3）对此类工具的采纳情况，以及对网络安全行业和个体分析师预期产生的影响。总体而言，我们的研究结果揭示了LLM工具采纳中的细微模式：一方面强调为低风险、生产力导向型任务独立使用LLM，另一方面对企业级、安全聚焦的LLM平台表现出积极兴趣。尽管从业者报告了LLM辅助工作流在效率和效果上的显著提升，但可靠性、验证开销和安全隐患等持续存在的问题严重限制了授予LLM工具的自主权。基于这些结果，我们还为开发和采纳LLM工具提供建议，以确保组织安全及网络安全从业者的人身安全。