MobiLLM: An Agentic AI Framework for Closed-Loop Threat Mitigation in 6G Open RANs

• URL: http://arxiv.org/abs/2509.21634v2
• Date: Fri, 03 Oct 2025 17:43:57 GMT
• Title: MobiLLM: An Agentic AI Framework for Closed-Loop Threat Mitigation in 6G Open RANs
• Authors: Prakhar Sharma, Haohuang Wen, Vinod Yegneswaran, Ashish Gehani, Phillip Porras, Zhiqiang Lin,
• Abstract summary: We present an agentic AI framework for fully automated, end-to-end threat mitigation in 6G O-RAN environments.<n> MobiLLM orchestrates security through a modular multi-agent system powered by Large Language Models.<n>Initial evaluations demonstrate that MobiLLM can effectively identify and orchestrate complex mitigation strategies.
• Score: 13.455356391515913
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The evolution toward 6G networks is being accelerated by the Open Radio Access Network (O-RAN) paradigm -- an open, interoperable architecture that enables intelligent, modular applications across public telecom and private enterprise domains. While this openness creates unprecedented opportunities for innovation, it also expands the attack surface, demanding resilient, low-cost, and autonomous security solutions. Legacy defenses remain largely reactive, labor-intensive, and inadequate for the scale and complexity of next-generation systems. Current O-RAN applications focus mainly on network optimization or passive threat detection, with limited capability for closed-loop, automated response. To address this critical gap, we present an agentic AI framework for fully automated, end-to-end threat mitigation in 6G O-RAN environments. MobiLLM orchestrates security workflows through a modular multi-agent system powered by Large Language Models (LLMs). The framework features a Threat Analysis Agent for real-time data triage, a Threat Classification Agent that uses Retrieval-Augmented Generation (RAG) to map anomalies to specific countermeasures, and a Threat Response Agent that safely operationalizes mitigation actions via O-RAN control interfaces. Grounded in trusted knowledge bases such as the MITRE FiGHT framework and 3GPP specifications, and equipped with robust safety guardrails, MobiLLM provides a blueprint for trustworthy AI-driven network security. Initial evaluations demonstrate that MobiLLM can effectively identify and orchestrate complex mitigation strategies, significantly reducing response latency and showcasing the feasibility of autonomous security operations in 6G.

Related papers

• Just Ask: Curious Code Agents Reveal System Prompts in Frontier LLMs [65.6660735371212]
  We present textbftextscJustAsk, a framework that autonomously discovers effective extraction strategies through interaction alone.<n>It formulates extraction as an online exploration problem, using Upper Confidence Bound--based strategy selection and a hierarchical skill space spanning atomic probes and high-level orchestration.<n>Our results expose system prompts as a critical yet largely unprotected attack surface in modern agent systems.
  arXiv  Detail & Related papers  (2026-01-29T03:53:25Z)
• ComAgent: Multi-LLM based Agentic AI Empowered Intelligent Wireless Networks [62.031889234230725]
  6G networks rely on complex cross-layer optimization.<n> manually translating high-level intents into mathematical formulations remains a bottleneck.<n>We present ComAgent, a multi-LLM agentic AI framework.
  arXiv  Detail & Related papers  (2026-01-27T13:43:59Z)
• ORCA -- An Automated Threat Analysis Pipeline for O-RAN Continuous Development [57.61878484176942]
  Open-Radio Access Network (O-RAN) integrates numerous software components in a cloud-like deployment, opening the radio access network to previously unconsidered security threats.<n>Current vulnerability assessment practices often rely on manual, labor-intensive, and subjective investigations, leading to inconsistencies in the threat analysis.<n>We propose an automated pipeline that leverages Natural Language Processing (NLP) to minimize human intervention and associated biases.
  arXiv  Detail & Related papers  (2026-01-20T07:31:59Z)
• Advancing LLM-Based Security Automation with Customized Group Relative Policy Optimization for Zero-Touch Networks [56.2003512635877]
  6G Zero-Touch Networks (ZTNs) represent a transformative paradigm toward fully automated and intelligent network management.<n>Security automation aims to enable intelligent security management across dynamic and complex environments.
  arXiv  Detail & Related papers  (2025-12-10T10:04:11Z)
• Zero-Trust Strategies for O-RAN Cellular Networks: Principles, Challenges and Research Directions [9.311361097270153]
  Zero-Trust Architecture (ZTA) has emerged as a promising security paradigm that discards implicit trust assumptions.<n>ZTA mandates comprehensive and fine-grained security mechanisms across both control and user planes to contain adversarial movements.<n>This paper explores the adoption of ZTA in the context of 5G and beyond, with a particular focus on Open-RAN (O-RAN) as an architectural enabler.
  arXiv  Detail & Related papers  (2025-11-23T18:25:19Z)
• OpenAgentSafety: A Comprehensive Framework for Evaluating Real-World AI Agent Safety [58.201189860217724]
  We introduce OpenAgentSafety, a comprehensive framework for evaluating agent behavior across eight critical risk categories.<n>Unlike prior work, our framework evaluates agents that interact with real tools, including web browsers, code execution environments, file systems, bash shells, and messaging platforms.<n>It combines rule-based analysis with LLM-as-judge assessments to detect both overt and subtle unsafe behaviors.
  arXiv  Detail & Related papers  (2025-07-08T16:18:54Z)
• Seven Security Challenges That Must be Solved in Cross-domain Multi-agent LLM Systems [16.838103835766066]
  Large language models (LLMs) are rapidly evolving into autonomous agents that cooperate across organizational boundaries.<n>This position paper maps the security agenda for cross-domain multi-agent LLM systems.
  arXiv  Detail & Related papers  (2025-05-28T18:19:03Z)
• RedTeamLLM: an Agentic AI framework for offensive security [0.0]
  We propose and evaluate RedTeamLLM, an integrated architecture with a comprehensive security model for automatization of pentest tasks.<n>RedTeamLLM follows three key steps: summarizing, reasoning and act, which embed its operational capacity.<n> Evaluation is performed through the automated resolution of a range of entry-level, but not trivial, CTF challenges.
  arXiv  Detail & Related papers  (2025-05-11T09:19:10Z)
• AgentVigil: Generic Black-Box Red-teaming for Indirect Prompt Injection against LLM Agents [54.29555239363013]
  We propose a generic black-box fuzzing framework, AgentVigil, to automatically discover and exploit indirect prompt injection vulnerabilities.<n>We evaluate AgentVigil on two public benchmarks, AgentDojo and VWA-adv, where it achieves 71% and 70% success rates against agents based on o3-mini and GPT-4o.<n>We apply our attacks in real-world environments, successfully misleading agents to navigate to arbitrary URLs, including malicious sites.
  arXiv  Detail & Related papers  (2025-05-09T07:40:17Z)
• An LLM-based Self-Evolving Security Framework for 6G Space-Air-Ground Integrated Networks [49.605335601285496]
  6G space-air-ground integrated networks (SAGINs) offer ubiquitous coverage for various mobile applications.<n>We propose a novel security framework for SAGINs based on Large Language Models (LLMs)<n>Our framework produces highly accurate security strategies that remain robust against a variety of unknown attacks.
  arXiv  Detail & Related papers  (2025-05-06T04:14:13Z)
• Integrated LLM-Based Intrusion Detection with Secure Slicing xApp for Securing O-RAN-Enabled Wireless Network Deployments [2.943640991628177]
  The Open Radio Access Network (O-RAN) architecture is reshaping telecommunications by promoting openness, flexibility, and intelligent closed-loop optimization.<n>This research explores using large language models (LLMs) to generate security recommendations based on the temporal traffic patterns of connected UEs.
  arXiv  Detail & Related papers  (2025-04-01T01:45:07Z)
• Artificial Intelligence Empowered Multiple Access for Ultra Reliable and Low Latency THz Wireless Networks [76.89730672544216]
  Terahertz (THz) wireless networks are expected to catalyze the beyond fifth generation (B5G) era. To satisfy the ultra-reliability and low-latency demands of several B5G applications, novel mobility management approaches are required. This article presents a holistic MAC layer approach that enables intelligent user association and resource allocation, as well as flexible and adaptive mobility management.
  arXiv  Detail & Related papers  (2022-08-17T03:00:24Z)
• Network and Physical Layer Attacks and countermeasures to AI-Enabled 6G O-RAN [1.7811776494967646]
  This paper examines the security implications of AI-driven 6G radio access networks (RANs) The Open RAN (O-RAN) describes an industry-driven open architecture and interfaces for building next generation RANs with AI control.
  arXiv  Detail & Related papers  (2021-06-01T16:36:37Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.