ALUSKORT: A HIERARCHICAL MULTI-AGENT COGNITIVE ARCHITECTURE FOR AUTONOMOUS SECURITY OPERATIONS

Security Operations Centers (SOCs) are overwhelmed by escalating alert volumes, creating a critical need for autonomous workflows that accelerate incident response. We present ALUSKORT, a hierarchical multi-agent framework designed to automate the full incident investigation lifecycle by uniquely combining deterministic guardrails with a sequence of LLM-driven reasoning agents. The framework proves how a smaller, domain-specific open-source model—in this case, a quantized 8B-parameter Foundation-Sec-8B—can be successfully steered by a structured, guardrail-driven pipeline to perform sophisticated reasoning on commodity hardware (a single GPU). A comprehensive, multi-faceted evaluation—testing for factual accuracy, context-aware prioritization, safety, and reasoning quality—confirmed the framework's effectiveness. The system produced high-quality investigative artifacts, with a panel of three LLMs assigning consensus scores of 13.33–16.33/20. Critically, our work reveals key insights for practical implementation. Performance profiling measured the core reasoning pipeline's average latency (from IOC extraction to question generation) at 428.78 seconds (approx. 7 minutes), and identified a clear optimization target in the IOC extraction phase (78.1% of this time). Furthermore, our analysis of prompt architecture showed that a base model's attention can be more than doubled through structural optimization. Ultimately, ALUSKORT provides a reproducible blueprint for building effective, safe, and accessible autonomous capabilities to address the escalating challenges faced by modern Security Operations Centers.