Submitted:
21 April 2026
Posted:
22 April 2026
You are already at the latest version
Abstract
Manual compliance auditing in cloud environments consumes up to 40% of IT security budgets annually, yet existing approaches verify control presence rather than effectiveness, leaving institutions vulnerable to adversarial evasion. This paper presents an AI-augmented hybrid ML–LLM compliance auditing system evaluated on a national cybersecurity standards framework (143 controls, 200,000 training events). The system combines multi-label XGBoost classification with LLM-based semantic log analysis, grounded in a formal effectiveness model. Key findings: XGBoost achieves 99.88% F1 after 5% domain fine-tuning but collapses to 7.98% zero-shot, a 92-point generalization gap bridged by the hybrid LLM path; adversarial validation exposes effectiveness deficits invisible to checkbox auditing (SI-3: 20%detection rate; SI-10: 32% XSS bypass); GPT-4o-mini achieves 93.5% zero-shot accuracy across four log types (n=200), while Llama-3.2-3B on CPU-only hardware achieves 84.0%, validating on-premise deployment viability. A vocabulary-coverage gating router achieves 94.5% accuracy at $0.15/10K logs. The system runs at 2.0 CPU cores, $50/month, producing audit reports in 0.77s, demonstrating that effectiveness-based compliance auditing is accessible without enterprise-grade infrastructure.
Keywords:
compliance auditing
; cybersecurity standards
; machine learning
; XGBoost
; large language models
; log analysis
; multi-label classification
; hybrid cloud security
; generalization gap
; adversarial security
Copyright: This open access article is published under a Creative Commons CC BY 4.0 license, which permit the free download, distribution, and reuse, provided that the author and preprint are cited in any reuse.
