![[2602.19844] LLM-enabled Applications Require System-Level Threat Monitoring](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2602.19844] LLM-enabled Applications Require System-Level Threat Monitoring
Summary
The paper discusses the need for system-level threat monitoring in LLM-enabled applications, highlighting security challenges and advocating for comprehensive monitoring mechanisms.
Why It Matters
As LLMs become integral to software applications, understanding and mitigating security risks is crucial. This paper emphasizes that existing defenses are insufficient, and proactive monitoring is essential for reliable deployment and incident response.
Key Takeaways
- LLM-enabled applications introduce new reliability challenges and security risks.
- Current defenses are inadequate; system-level threat monitoring is essential.
- Proactive incident response frameworks are necessary for trustworthy LLM deployment.
Computer Science > Cryptography and Security arXiv:2602.19844 (cs) [Submitted on 23 Feb 2026] Title:LLM-enabled Applications Require System-Level Threat Monitoring Authors:Yedi Zhang, Haoyu Wang, Xianglin Yang, Jin Song Dong, Jun Sun View a PDF of the paper titled LLM-enabled Applications Require System-Level Threat Monitoring, by Yedi Zhang and 4 other authors View PDF Abstract:LLM-enabled applications are rapidly reshaping the software ecosystem by using large language models as core reasoning components for complex task execution. This paradigm shift, however, introduces fundamentally new reliability challenges and significantly expands the security attack surface, due to the non-deterministic, learning-driven, and difficult-to-verify nature of LLM behavior. In light of these emerging and unavoidable safety challenges, we argue that such risks should be treated as expected operational conditions rather than exceptional events, necessitating a dedicated incident-response perspective. Consequently, the primary barrier to trustworthy deployment is not further improving model capability but establishing system-level threat monitoring mechanisms that can detect and contextualize security-relevant anomalies after deployment -- an aspect largely underexplored beyond testing or guardrail-based defenses. Accordingly, this position paper advocates systematic and comprehensive monitoring of security threats in LLM-enabled applications as a prerequisite for reliable operation and a...