AI-Augmented Compliance Auditing for Cloud Systems: A Hybrid ML–LLM Approach

Manual compliance auditing in cloud environments consumes up to 40% of IT security budgets annually, yet existing approaches verify control presence rather than effectiveness, leaving institutions vulnerable to adversarial evasion. This paper presents an AI-augmented hybrid ML–LLM compliance auditing system evaluated on a national cybersecurity standards framework (143 controls, 200,000 training events). The system combines multi-label XGBoost classification with LLM-based semantic log analysis, grounded in a formal effectiveness model. Key findings: XGBoost achieves 99.88% F1 after 5% domain fine-tuning but collapses to 7.98% zero-shot, a 92-point generalization gap bridged by the hybrid LLM path; adversarial validation exposes effectiveness deficits invisible to checkbox auditing (SI-3: 20%detection rate; SI-10: 32% XSS bypass); GPT-4o-mini achieves 93.5% zero-shot accuracy across four log types (n=200), while Llama-3.2-3B on CPU-only hardware achieves 84.0%, validating on-premise deployment viability. A vocabulary-coverage gating router achieves 94.5% accuracy at $0.15/10K logs. The system runs at 2.0 CPU cores, $50/month, producing audit reports in 0.77s, demonstrating that effectiveness-based compliance auditing is accessible without enterprise-grade infrastructure.