This study addresses the dual-use ethical risks of large language models (LLMs) in offensive cybersecurity applications—such as penetration testing and adversary emulation. Methodologically, it conducts a systematic analysis of 15 LLM security studies using bibliometric analysis, qualitative coding, and ethical discourse analysis—marking the first dual-track (quantitative and qualitative) empirical assessment of ethical practices in this domain. Results show that 86.6% of studies explicitly engage with dual-use concerns, primarily motivated by “democratized penetration testing” and “defender preparedness”; however, standardized ethical disclosure practices remain absent despite widespread ethical awareness. Based on these findings, the paper proposes a novel three-dimensional ethical communication evaluation framework—comprising Motivation, Mitigation Measures, and Limitations—to guide responsible AI security research. This framework establishes the first empirically grounded benchmark and methodological foundation for ethical governance in AI-driven offensive security research.

Large Language Models (LLMs) have rapidly evolved over the past few years and are currently evaluated for their efficacy within the domain of offensive cyber-security. While initial forays showcase the potential of LLMs to enhance security research, they also raise critical ethical concerns regarding the dual-use of offensive security tooling. This paper analyzes a set of papers that leverage LLMs for offensive security, focusing on how ethical considerations are expressed and justified in their work. The goal is to assess the culture of AI in offensive security research regarding ethics communication, highlighting trends, best practices, and gaps in current discourse. We provide insights into how the academic community navigates the fine line between innovation and ethical responsibility. Particularly, our results show that 13 of 15 reviewed prototypes (86.6%) mentioned ethical considerations and are thus aware of the potential dual-use of their research. Main motivation given for the research was allowing broader access to penetration-testing as well as preparing defenders for AI-guided attackers.