Agentic AI and Large Language Models for Autonomous IoT Cybersecurity: A Systematic Survey, Taxonomy, and Research Roadmap

Conventional signature-based defenses no longer protect the heterogeneous, large-scale infrastructures that the Internet of Things (IoT) now constitutes. Large language models (LLMs) and agentic artificial intelligence (AI)—systems that autonomously perceive, reason, plan, and act—open a path to self-defending IoT ecosystems, but the integrating literature remains fragmented. Within the IEEE Xplore, ACM Digital Library, and MDPI literature, this survey is, to the best of our knowledge, among the first systematic reviews of agentic AI and LLM-driven approaches for autonomous IoT cybersecurity. Following a PRISMA 2020 protocol, we analyze 153 peer-reviewed studies published between 2020 and 2026 in IEEE Xplore, the ACM Digital Library, and MDPI journals. We organize the corpus along a four-pillar taxonomy: agent architecture (single- vs. multi-agent), reasoning strategy (chain-of-thought, ReAct, plan-and-solve, tool use), action scope (detection, response, threat hunting, vulnerability discovery, deception), and deployment topology (edge, fog, cloud). We synthesize four flagship application domains, consolidate datasets and benchmarks, and analyze open challenges including hallucination, prompt-injection robustness, explainability, privacy, latency, and governance. A 2026 research roadmap identifies federated agentic learning, verifiable autonomous reasoning, trustworthy multi-agent collaboration, and resource-hardened edge agents as high-priority directions. A companion reproducibility kit—prompt templates, reference single- and multi-agent loops, and an Edge-IIoTset-style evaluation harness, released as illustrative scaffolding rather than a validated framework—is released publicly and archived on Zenodo (DOI 10.5281/zenodo.20726552).