Regulated cybersecurity workflows lack a runtime substrate that enforces organization-level scope across retrieval, tool calls, memory, findings, reports, and audit while remaining model-agnostic and locally deployable. Recent large language model (LLM) agent systems report strong results on isolated cybersecurity tasks, yet they do not by themselves define an auditable platform architecture for regulated security operations centre (SOC) and compliance workflows, where a single analyst may trigger actions that bind the organization, and where the runtime must integrate with existing SIEM/XDR stacks as a primary source of context and alert-driven triggers rather than operate as a standalone analytical layer. This paper proposes an organization-scoped LLM agent runtime architecture for financial cybersecurity. The contribution is a typed Security Context that is created at every entry point, including SIEM/XDR notifications ingested as first-class triggers, and enforced at every component boundary, combined with a shared Runtime Core, logical specialist subagents, a governed Tool Adapter Layer exposing SIEM/XDR query, enrichment, and response primitives under uniform policy and audit, structured findings with evidence references, tiered human-in-the-loop (HITL) gates, and append-only audit. Model Context Protocol (MCP), extended telemetry, digital twins for pentesting, graph retrieval, and federated knowledge sharing are treated as optional extension paths rather than mandatory runtime assumptions. We describe an implementable slice as the architecture's testability surface, and we propose a falsifiable evaluation plan with metric-level pass criteria for architecture readiness, security-policy enforcement, evidence traceability, output quality, and operational observability.

翻译：受监管的网络安全工作流缺乏一种运行时基座，该基座能在检索、工具调用、记忆、发现、报告和审计等环节强制实施组织层级范围，同时保持模型无关性与本地可部署性。近期的大语言模型智能体系统在孤立的网络安全任务上取得了显著成果，但它们自身并未为受监管的安全运营中心与合规工作流定义一套可审计的平台架构——在该类工作流中，单个分析师可能触发约束组织的行动，且运行时必须与现有SIEM/XDR栈集成作为上下文与告警驱动触发器的首要来源，而非作为独立分析层运行。本文针对金融网络安全领域提出了一个组织范围的大语言模型智能体运行时架构。核心贡献包括：一种类型化的安全上下文，该上下文在每个入口点（包括作为一级触发器摄入的SIEM/XDR通知）被创建，并在每个组件边界强制实施；配合共享的运行时核心、逻辑专业子智能体、受治理的工具适配层（在统一策略与审计下暴露SIEM/XDR查询、富化及响应原语）、带证据引用的结构化发现、分层人机协同门控机制及仅追加审计。模型上下文协议、扩展遥测、渗透测试数字孪生、图检索及联邦知识共享被作为可选扩展路径而非强制性运行时前提。我们描述了一个可实现切片作为架构的可测试性表面，并提出一个包含指标级通过标准的可证伪评估方案，用于架构就绪度、安全策略执行、证据可追溯性、输出质量及运行可观测性的验证。