Cyber Watch: A Zero-LLM Agentic Pipeline and Comprehensive Platform for Real-Time Cybersecurity Anomaly Detection

The escalating sophistication of modern cyber threats such as zero-day exploits and polymorphic malware necessitates advanced real-time detection and response mechanisms. While Large Language Models provide powerful reasoning capabilities for threat intelligence and contextual analysis, they introduce major limitations including high inference latency, expensive API dependency, and lack of deterministic explainability, making them unsuitable for split-second automated incident response systems. This paper introduces Cyber Watch, a production-ready Security Operations Center platform powered by a novel “Zero-LLM” agentic architecture. The proposed system replaces generative AI with Lang Graph-orchestrated deterministic NLP rules, Random Forest classifiers, PyTorch Neural Networks, and Explainable Decision Trees to achieve enterprise-grade autonomous threat analysis and mitigation. The architecture achieves sub-200 millisecond threat mitigation, real-time telemetry broadcasting, automated firewall response, and explainable threat analysis without relying on external generative AI APIs. Cyber Watch integrates Fast API backend middleware, a React frontend dashboard, and WebSocket telemetry infrastructure to provide scalable and responsive cybersecurity operations. Experimental results demonstrate high detection accuracy on the NSL-KDD dataset, secure log processing, automated mitigation execution, and UI broadcast latency below 50 milliseconds. The research proves that enterprise-grade autonomous security systems can achieve advanced AI-agent routing and real-time defense without the operational drawbacks of generative language models.