This work addresses the absence of an organization-level agent runtime architecture in financial cybersecurity workflows that supports both model-agnostic operation and on-premises deployment, thereby hindering consistent enforcement of security policies across retrieval, tool invocation, and auditing stages. To bridge this gap, the paper proposes a novel architecture featuring a typed security context propagated throughout the entire workflow, integrated with SIEM/XDR systems as contextual data sources. The design incorporates a managed tool adaptation layer, structured evidence referencing, and a hierarchical human-agent collaboration mechanism. Key innovations include a shared runtime core, logically specialized sub-agents, append-only auditing, and optional extensions such as graph-based retrieval and MCP protocol support. The study defines testable architectural slices and establishes a falsifiable evaluation framework encompassing policy enforcement, evidence traceability, output quality, and observability.

Regulated cybersecurity workflows lack a runtime substrate that enforces organization-level scope across retrieval, tool calls, memory, findings, reports, and audit while remaining model-agnostic and locally deployable. Recent large language model (LLM) agent systems report strong results on isolated cybersecurity tasks, yet they do not by themselves define an auditable platform architecture for regulated security operations centre (SOC) and compliance workflows, where a single analyst may trigger actions that bind the organization, and where the runtime must integrate with existing SIEM/XDR stacks as a primary source of context and alert-driven triggers rather than operate as a standalone analytical layer. This paper proposes an organization-scoped LLM agent runtime architecture for financial cybersecurity. The contribution is a typed Security Context that is created at every entry point, including SIEM/XDR notifications ingested as first-class triggers, and enforced at every component boundary, combined with a shared Runtime Core, logical specialist subagents, a governed Tool Adapter Layer exposing SIEM/XDR query, enrichment, and response primitives under uniform policy and audit, structured findings with evidence references, tiered human-in-the-loop (HITL) gates, and append-only audit. Model Context Protocol (MCP), extended telemetry, digital twins for pentesting, graph retrieval, and federated knowledge sharing are treated as optional extension paths rather than mandatory runtime assumptions. We describe an implementable slice as the architecture's testability surface, and we propose a falsifiable evaluation plan with metric-level pass criteria for architecture readiness, security-policy enforcement, evidence traceability, output quality, and operational observability.