LLMs and Cyber Attribution: Cutting Through the Noise
If you work in incident response or threat intelligence, you have probably felt the firehose. Alerts, logs, takedown notices, paste sites then someone asks, “Who did this?” Large Language Models (LLMs) promise relief: they read fast, summarize well, and speak fluent acronym. But attribution is not just reading; it is judgment under uncertainty. Used wisely, LLMs accelerate that judgment. Used carelessly, they accelerate misattribution. This post walks through how LLMs really change attribution what they are great at, where they can hurt you, and a pragmatic checklist to keep your conclusions defensible.
Why is attribution hard (and why LLMs feel helpful)
Attribution is never a single artifact or smoking gun. It is a bundle of clues: infrastructure, TTPs, malware lineage, victimology, and geopolitical context woven into a confidence statement, not a courtroom verdict [1]. Practitioners use structured models to keep analysis comparable across cases: the Diamond Model (adversary, infrastructure, capability, victim) and the MITRE ATT&CK technique lexicon provide a shared language [2][3].
LLMs look tailor-made for the messy part: turning mountains of unstructured text (IR notes, intel reports, OSINT) into cleaner, comparable pieces. That is compression with provenance. Compression with provenance can be a force multiplier.
Where LLMs actually shine
1) Faster triage and synthesis
Give an LLM a pile of incident notes and open-source reporting, and it can produce a tight “what we know” summary ideally with ATT&CK technique IDs and Diamond-Model mapping in-line. That creates a shared picture early and surfaces the gaps you still need to task (forensics here, HUMINT there) [2][3].
2) Patterning TTPs across cases
When you normalize free text into ATT&CK techniques (e.g., T1059, T1566), you can compare cases over time. Correlation is not attribution, but recurring technique constellations often sharpen or weaken hypotheses about likely actors [1][3].
3) Clearer reporting for stakeholders
LLMs are strong editors. Draft a decision brief with alternatives considered and explicit confidence language, then have humans verify citations and artifacts. You get faster, clearer updates without dumbing things down [1].
Where LLMs can burn you
A) Hallucinated evidence
Models sometimes invent package names, IOCs, or citations. Attackers already exploit this with “slopsquatting” registering fake packages that models hallucinate, polluting supply chains and misleading investigations [6]. If that fantasy IOC sneaks into your case, it echoes through tooling and intel sharing.
B) Prompt injection and jailbreaks
LLM-integrated workflows can be steered by malicious content: a booby-trapped web page or document pushes the model to omit counter-hypotheses or leak context. OWASP’s GenAI guidance and NIST’s AI RMF both call this out as a first-class risk and offer mitigations like content isolation, output validation, and allow-lists [4][5].
C) Over-reliance on model prose
Attribution discipline demands competing hypotheses, explicit confidence, and multiple independent strands of corroboration. If uncited model output starts to feel like “the answer,” you are skipping the tradecraft the field depends on [1].
A very real 2025 signal
Package-hallucination attacks (“slopsquatting”) show how hallucinated libraries can lead teams to non-existent packages that attackers then register and weaponize. It is a supply-chain booby trap born from LLM failure modes and it directly contaminates the evidence base analysts rely on [6].
A defensibility checklist for LLM-assisted attribution
1) Provenance or it did not happen
• Every claim links to a verifiable artifact: log snippet, PCAP excerpt, signed intel report, or reproducible query.
• LLM-derived facts without citations are hypotheses, not evidence.
• Prefer retrieval-augmented generation (RAG) against vetted corpora (internal CTI, curated reports), not the open web [1][3].
2) Structure for auditability
• Map observations to ATT&CK technique IDs and Diamond-Model facets.
• Keep prompt/output logs for chain-of-custody; use conservative temperatures for analysis.
• Make the model show its work with bullet rationales linked to sources [2][3].
3) Model-security basics
• Apply OWASP GenAI and NIST AI RMF controls: isolate untrusted content, validate outputs, enforce domain allow-lists for retrieval, and sandbox risky tool calls [4][5].
4) Hallucination hygiene
• Auto-validate any package the model suggests; if it is new, sandbox first.
• Treat new IOCs from a model as unconfirmed until corroborated via independent telemetry.
• Maintain a “fantasy IOC” quarantine list to prevent re-ingestion loops [6].
5) Human tradecraft stays in charge
• Use Analysis of Competing Hypotheses (ACH) or similar methods to check bias.
• State confidence (high/medium/low) with rationale and key disconfirming facts.
• Let LLMs propose; humans decide [1].
Bottom line
LLMs are accelerants. Point them at the right problems summarization, normalization, and drafting and you will move faster with fewer dropped threads. Point them at the answer, and they will hand you something confident-sounding that may not survive scrutiny. In the attribution game, speed is great; defensibility is non-negotiable.
Edited By: Windhya Rankothge, PhD, Canadian Institute for Cybersecurity
References:
[1] Rid, T., & Buchanan, B. (2015). Attributing Cyber Attacks. Journal of Strategic Studies. https://doi.org/10.1080/01402390.2014.977382
[2] Caltagirone, S., Pendergast, A., & Betz, C. (2013). The Diamond Model of Intrusion Analysis. https://www.threatintel.academy/wp-content/uploads/2020/07/diamond_summary.pdf
[3] MITRE ATT&CK®. MITRE Corporation. https://attack.mitre.org/
[4] OWASP (2024–2025). Top 10 for LLM/GenAI Applications. https://owasp.org/www-project-top-10-for-large-language-model-applications
[5] NIST (2023). AI Risk Management Framework (AI RMF 1.0). https://www.nist.gov/itl/ai-risk-management-framework
[6] Vaidotas Šedys (2025). ‘Mitigating the risks of package hallucination and 'slopsquatting'. TechRadar Pro. https://www.techradar.com/pro/mitigating-the-risks-of-package-hallucination-and-slopsquatting