Calibrating Trust in AI-Driven Cyber Defenses: Human Reliance, Resistance, and Decision Dynamics
Abstract
AI-supported cybersecurity tools are increasingly embedded in operational environments, yet an important question remains underexplored: how do human analysts decide when to trust, doubt, or challenge automated recommendations? While prior research addresses trust in automation broadly, studies grounded in security operations remain limited. In Security Operations Centers (SOCs), analysts process high volumes of alerts under time pressure, while automated outputs vary in reliability. These conditions influence how trust develops, but their combined effects are rarely examined systematically. This paper approaches trust as a dynamic process that evolves during real investigative work. The study adopts a mixed-method research design combining controlled experiments with qualitative analysis. Simulated SOC scenarios allow participants to interact with an AI-based alert triage tool while their behavior and interpretations are observed. Results indicate that small interface design elements—such as explanation phrasing and the frequency of high-confidence alerts—can significantly influence analyst behavior, shaping patterns of over-reliance or persistent skepticism. The findings inform design principles for AI-driven cybersecurity systems that support balanced human–AI collaboration.
Keywords: Human–AI Interaction, Trust Calibration, Cybersecurity Operations, Decision-making, Automation Reliance
DOI: 10.54941/ahfe1007412
Cite this paper
More from this volume
- A Human Factors-Cyber-Safety Framework for Risk and Requirements in Critical Infrastructure
- Cognitive Load and Compliance: A Human-Centric Framework for NIS2 in Latvian SMEs
- Eye tracking study to analyze context encoding during phishing decision making
- Enhancing Cybersecurity Learning Through Online Platforms and Gamified Approaches
- Privileged Learning for Instance Representation in Cognitive Models of Phishing Decisions
- Governing the human factor in cybersecurity: A regulatory perspective
- Assessing Trust in Digital Service Engineering: An Empirical Case Study of Public CCTV Analytics in Germany
- Simulating the Threat: A Phishing Campaign to Enhance Cyber Resilience in a Large Organization
- Micro-Decisions Under Time Pressure and Dark Patterns in Digital Interfaces
- Designing an AI-Driven Framework for Human-Centered Cybersecurity Practices
- Beyond Security Awareness: A Scoping Review of Human Factors in SME Cyber Resilience Frameworks (2018-2026)
- The Human Factor in Cyber Resilience: Behavioural, Organisational and Sociotechnical Perspectives


AHFE Open Access