The air terminals’ operational technology (OT) and information technology (IT) environments generate petabytes of heterogeneous log and telemetry data every day across dozens of subsystems passenger management, baggage handling, air traffic coordination and perimeter security. Signature-based intrusion detection systems (IDS) and rule-based Security Information and Event Management (SIEM) are unable to capture today’s contextual and multi-source threat patterns that target critical infrastructure (aviation). This paper proposes and evaluates a GenAI-driven anomaly detection framework based on fine-tuned Large Language Models (LLMs), specifically GPT-4 and a domain-adapted BERT variant, as the analytical and core of an automated threat-hunting pipeline. The framework incorporates structured (e.g SQL audit logs, SCADA telemetry) and unstructured data (e.g syslog, event narrative), performs semantic correlation across multiple log sources and enables real-time generation of natural language threat-hunt hypotheses. Our hybrid ensemble is evaluated on a synthesised airport log dataset derived from three international airports (2021-2023) achieves precision of 88–91%, recall of 84–89% and F1-score of 86–90%. Furthermore, the system reduces Mean Time to Detect (MTTD) from 42 minutes to 7 minutes and Mean Time to Respond (MTTR) from 96 minutes to 16 minutes. The rate of false positives has decreased to 3.9% compared to 28.4%. The results show that threat hunting enhanced with LLMs is significantly better than traditional approaches at detecting more while creating less work for analysts.