Calibrating Trust in AI-Driven Cyber Defenses: Human Reliance, Resistance, and Decision Dynamics

Open Access
Article
Conference Proceedings
Authors: Vangelis MalamasDimitris Koutras
Abstract

AI-supported cybersecurity tools are increasingly embedded in operational environments, yet an important question remains underexplored: how do human analysts decide when to trust, doubt, or challenge automated recommendations? While prior research addresses trust in automation broadly, studies grounded in security operations remain limited. In Security Operations Centers (SOCs), analysts process high volumes of alerts under time pressure, while automated outputs vary in reliability. These conditions influence how trust develops, but their combined effects are rarely examined systematically. This paper approaches trust as a dynamic process that evolves during real investigative work. The study adopts a mixed-method research design combining controlled experiments with qualitative analysis. Simulated SOC scenarios allow participants to interact with an AI-based alert triage tool while their behavior and interpretations are observed. Results indicate that small interface design elements—such as explanation phrasing and the frequency of high-confidence alerts—can significantly influence analyst behavior, shaping patterns of over-reliance or persistent skepticism. The findings inform design principles for AI-driven cybersecurity systems that support balanced human–AI collaboration.

Keywords: Human–AI Interaction, Trust Calibration, Cybersecurity Operations, Decision-making, Automation Reliance

DOI: 10.54941/ahfe1007412

Cite this paper
Downloads
0
Visits
1
Download PDF

More from this volume

Privileged Learning for Instance Representation in Cognitive Models of Phishing DecisionsGoverning the human factor in cybersecurity: A regulatory perspective
View all articles in Human Factors in Cybersecurity