ICAD-LLM: One-for-All Anomaly Detection via In-Context Learning with Large Language Models

Authors

  • Zhongyuan Wu School of Computer Science and Engineering, Beihang University, Beijing, China MOE Engineering Research Center of Advanced Computer Application Technology, Beihang University, China
  • Jingyuan Wang School of Computer Science and Engineering, Beihang University, Beijing, China School of Economics and Management, Beihang University, Beijing, China MOE Engineering Research Center of Advanced Computer Application Technology, Beihang University, China MIIT Key Laboratory of Data Intelligence and Management, Beihang University, Beijing, China
  • Zexuan Cheng School of Computer Science and Engineering, Beihang University, Beijing, China MOE Engineering Research Center of Advanced Computer Application Technology, Beihang University, China
  • Yilong Zhou School of Computer Science and Engineering, Beihang University, Beijing, China MOE Engineering Research Center of Advanced Computer Application Technology, Beihang University, China
  • Weizhi Wang School of Computer Science and Engineering, Beihang University, Beijing, China MOE Engineering Research Center of Advanced Computer Application Technology, Beihang University, China
  • Juhua Pu School of Computer Science and Engineering, Beihang University, Beijing, China MOE Engineering Research Center of Advanced Computer Application Technology, Beihang University, China
  • Chao Li School of Computer Science and Engineering, Beihang University, Beijing, China MOE Engineering Research Center of Advanced Computer Application Technology, Beihang University, China
  • Changqing Ma Capinfo Co., Ltd.

DOI:

https://doi.org/10.1609/aaai.v40i19.38632

Abstract

Anomaly detection (AD) is a fundamental task of critical importance across numerous domains. Current systems increasingly operate in rapidly evolving environments that generate diverse yet interconnected data modalities—such as time series, system logs, and tabular records—as exemplified by modern IT systems. Effective AD methods in such environments must therefore possess two critical capabilities: (1) the ability to handle heterogeneous data formats within a unified framework, allowing the model to process and detect multiple modalities in a consistent manner during anomalous events; (2) a strong generalization ability to quickly adapt to new scenarios without extensive retraining. However, most existing methods fall short of these requirements, as they typically focus on single modalities and lack the flexibility to generalize across domains. To address this gap, we introduce a novel paradigm: In-Context Anomaly Detection (ICAD), where anomalies are defined by their dissimilarity to a relevant reference set of normal samples. Under this paradigm, we propose ICAD-LLM, a unified AD framework leveraging Large Language Models' in-context learning abilities to process heterogeneous data within a single model. Extensive experiments demonstrate that ICAD-LLM achieves competitive performance with task-specific AD methods and exhibits strong generalization to previously unseen tasks, which substantially reduces deployment costs and enables rapid adaptation to new environments. To the best of our knowledge, ICAD-LLM is the first model capable of handling anomaly detection tasks across diverse domains and modalities.
AAAI-26 / IAAI-26 / EAAI-26 Proceedings Cover

Downloads

Published

2026-03-14

How to Cite

Wu, Z., Wang, J., Cheng, Z., Zhou, Y., Wang, W., Pu, J., … Ma, C. (2026). ICAD-LLM: One-for-All Anomaly Detection via In-Context Learning with Large Language Models. Proceedings of the AAAI Conference on Artificial Intelligence, 40(19), 15986–15994. https://doi.org/10.1609/aaai.v40i19.38632

Issue

Vol. 40 No. 19: AAAI-26 Technical Tracks 19

Section

AAAI Technical Track on Data Mining & Knowledge Management III