European financial institutions face mounting regulatory pressure while their security operations centres remain constrained not by data or staffing but by reasoning capacity: enterprise SIEMs cover only a fraction of MITRE ATT&CK techniques, two thirds of SOC teams cannot keep pace with alert volumes, and the majority of breaches are preceded by alerts that are generated but never investigated. Frontier large language models now achieve state-of-the-art results on isolated cybersecurity tasks (one-day vulnerability exploitation, code-level patching, intrusion detection) yet no narrow win constitutes a platform that can compose across functions, persist multi-tenant state, map findings to regulatory regimes and survive an audit. This position paper argues that the right unit of construction is a hybrid multi-agent system in which specialised LLM subagents reason over classical SIEM/XDR telemetry rather than replacing it, share accumulated agent state across institutions through privacy-preserving federation, and can connect to complementary capability packs such as quantum-based authentication, digital twins for adversarial validation, and eBPF-based kernel telemetry. We present CyberAId, a model-agnostic, on-premise-deployable platform in which a Main Agent coordination layer, a Reporting capability, and specialist subagents operate within a shared runtime under bounded human-in-the-loop autonomy, organised around four falsifiable design principles, and aligned with relevant regulations. CyberAId will be validated at four representative financial use cases (client impersonation, anti-money-laundering for payment service providers, retail-banking incident response, and high-frequency-trading resilience) and propose skill-based agent adaptation as the most promising research direction for turning each deployment into a contribution to a continuously refined collective defence.

翻译：欧洲金融机构面临日益增长的监管压力，而其安全运营中心受限的并非数据或人员，而是推理能力：企业SIEM仅覆盖MITRE ATT&CK技术的一小部分，三分之二的SOC团队无法跟上告警数量，大多数入侵事件发生前已有告警生成但未被调查。前沿大语言模型在孤立的网络安全任务（一日漏洞利用、代码级修补、入侵检测）上已取得最优结果，但任何单一领域的突破都无法构成一个能够跨功能组合、持久化多租户状态、将发现映射至监管框架并通过审计的平台。本文主张正确的构建单元是一个混合多智能体系统，其中专门的LLM子智能体在经典SIEM/XDR遥测数据（而非替代它）上进行推理，通过隐私保护联邦跨机构共享累积的智能体状态，并可连接至互补能力包（如基于量子认证、数字孪生对抗验证及基于eBPF的内核遥测）。我们提出CyberAId——一个模型无关、可本地部署的平台，其主智能体协调层、报告能力及专家子智能体在受限人类参与自主性下运行于共享运行时环境中，围绕四个可证伪设计原则组织，并符合相关法规。CyberAId将在四个代表性金融用例（客户冒充、支付服务提供商反洗钱、零售银行事件响应及高频交易弹性）上进行验证，并提议基于技能的智能体适应作为最有前景的研究方向，使每次部署都能为持续完善的集体防御做出贡献。