Using lightweight LLMs to cut incident response times and reduce hallucinations - Help Net Security

Researchers from the University of Melbourne and Imperial College London have introduced a novel approach to incident response planning using LLMs, designed to reduce hallucinations and improve reliability. Their three-step method combines instruction fine-tuning on historical incidents, retrieval-augmented generation for up-to-date intelligence, and decision-theoretic planning to filter out ineffective actions. Unlike costly frontier models, the lightweight system runs locally on commodity hardware, integrates seamlessly into existing SOC workflows, and shortens recovery times by up to 22 per cent. The team has open-sourced the model, code, and training data, positioning this as a practical, cost-effective decision-support tool that strengthens resilience without replacing human oversight.