Paper Number
ECIS2026-1624
Paper Type
SP
Abstract
Organisations are beginning to use large language models (LLMs) to support assessment activities, including the elicitation of operational and managerial information needed for security evaluations. Yet it is unclear whether current LLM-based system architectures can meet the functional and security requirements needed for trustworthy assessment assistants. This short paper reports work in progress that investigates this question through a systematic review of LLM-based system architectures published in 2025. Nine systems were considered and mapped against the requirements model for AI-supported systems. The results demonstrate strong functional coverage but offer little support for lifecycle governance or security safeguards. Software-as-a-Service (SaaS) and hybrid deployments dominate, inherently limiting the implementation of key controls. The study identifies structural gaps in current architectures and motivates the need for a framework linking architectural choices to requirement fulfilment.
Recommended Citation
Ekeh, Ijeoma Faustina; Antipenko, Vjatšeslav; and Matulevicius, Raimundas, "Towards Secure AI-Driven Security Assessment" (2026). ECIS 2026 Proceedings. 6.
https://aisel.aisnet.org/ecis2026/security/security/6
Towards Secure AI-Driven Security Assessment
Organisations are beginning to use large language models (LLMs) to support assessment activities, including the elicitation of operational and managerial information needed for security evaluations. Yet it is unclear whether current LLM-based system architectures can meet the functional and security requirements needed for trustworthy assessment assistants. This short paper reports work in progress that investigates this question through a systematic review of LLM-based system architectures published in 2025. Nine systems were considered and mapped against the requirements model for AI-supported systems. The results demonstrate strong functional coverage but offer little support for lifecycle governance or security safeguards. Software-as-a-Service (SaaS) and hybrid deployments dominate, inherently limiting the implementation of key controls. The study identifies structural gaps in current architectures and motivates the need for a framework linking architectural choices to requirement fulfilment.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.