{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,6]],"date-time":"2026-06-06T16:04:15Z","timestamp":1780761855375,"version":"3.54.1"},"reference-count":146,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,3,29]],"date-time":"2026-03-29T00:00:00Z","timestamp":1774742400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc\/4.0\/"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Information and Software Technology"],"published-print":{"date-parts":[[2026,7]]},"DOI":"10.1016\/j.infsof.2026.108132","type":"journal-article","created":{"date-parts":[[2026,3,28]],"date-time":"2026-03-28T16:12:38Z","timestamp":1774714358000},"page":"108132","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":1,"special_numbering":"C","title":["AI in control: Rethinking cybersecurity compliance and auditing"],"prefix":"10.1016","volume":"195","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-3545-7820","authenticated-orcid":false,"given":"Fatma Yasmine","family":"Loumachi","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8487-3535","authenticated-orcid":false,"given":"Marcio J.","family":"Lacerda","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Karim","family":"Ouazzane","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6659-9245","authenticated-orcid":false,"given":"Asma","family":"Adnane","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2026-4412","authenticated-orcid":false,"given":"Oksana","family":"Adamyk","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"78","reference":[{"key":"10.1016\/j.infsof.2026.108132_b1","doi-asserted-by":"crossref","unstructured":"D. Itani, R. Itani, A.A. Eltweri, A. Faccia, L. Wanganoo, Enhancing Cybersecurity Through Compliance and Auditing: A Strategic Approach to Resilience, in: 2024 2nd International Conference on Cyber Resilience, ICCR, 2024, pp. 1\u201310.","DOI":"10.1109\/ICCR61006.2024.10532959"},{"key":"10.1016\/j.infsof.2026.108132_b2","doi-asserted-by":"crossref","DOI":"10.1016\/j.ijcip.2023.100613","article-title":"A forensics and compliance auditing framework for critical infrastructure protection","volume":"42","author":"Henriques","year":"2023","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"10.1016\/j.infsof.2026.108132_b3","series-title":"Payment card industry data security standard (PCI dss) v4.0.1","author":"PCI DSS v4.0.1","year":"2024"},{"key":"10.1016\/j.infsof.2026.108132_b4","series-title":"Information technology \u2014 Security techniques \u2014 Information security management systems \u2014 requirements","author":"ISO\/IEC","year":"2022"},{"key":"10.1016\/j.infsof.2026.108132_b5","series-title":"NIST special publication 800-53 revision 5 update 1: Security and privacy controls for information systems and organizations","author":"National Institute of Standards and Technology","year":"2025"},{"key":"10.1016\/j.infsof.2026.108132_b6","series-title":"ISO 19011:2018 - Guidelines for auditing management systems","author":"International Organization for Standardization","year":"2018"},{"key":"10.1016\/j.infsof.2026.108132_b7","series-title":"International standard on auditing 500: Audit evidence","author":"ISA","year":"2009"},{"key":"10.1016\/j.infsof.2026.108132_b8","article-title":"The promise of automated compliance checking","volume":"5","author":"Amor","year":"2021","journal-title":"Dev. Built Environ."},{"key":"10.1016\/j.infsof.2026.108132_b9","doi-asserted-by":"crossref","DOI":"10.1016\/j.ssci.2023.106348","article-title":"Audit masquerade: How audits provide comfort rather than treatment for serious safety problems","volume":"169","author":"Hutchinson","year":"2024","journal-title":"Saf. Sci."},{"key":"10.1016\/j.infsof.2026.108132_b10","series-title":"Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)","author":"European Parliament and Council of the European Union","year":"2016"},{"key":"10.1016\/j.infsof.2026.108132_b11","series-title":"Analyzing the Interplay Between Regulatory Compliance and Cybersecurity","author":"Marotta","year":"2020"},{"key":"10.1016\/j.infsof.2026.108132_b12","doi-asserted-by":"crossref","DOI":"10.1007\/s10115-025-02429-y","article-title":"Artificial intelligence and machine learning in cybersecurity: a deep dive into state-of-the-art techniques and future paradigms","volume":"67","author":"Mohamed","year":"2025","journal-title":"Knowl. Inf. Syst."},{"key":"10.1016\/j.infsof.2026.108132_b13","series-title":"33rd USENIX Security Symposium (USENIX Security 24)","first-page":"847","article-title":"PentestGPT: Evaluating and harnessing large language models for automated penetration testing","author":"Deng","year":"2024"},{"key":"10.1016\/j.infsof.2026.108132_b14","series-title":"Proceedings of the Thirty-Third AAAI Conference on Artificial Intelligence (AAAI-19)","first-page":"1409","article-title":"A deep neural network for unsupervised anomaly detection and diagnosis in multivariate time series data","author":"Zhang","year":"2019"},{"issue":"2","key":"10.1016\/j.infsof.2026.108132_b15","doi-asserted-by":"crossref","DOI":"10.1016\/j.jsis.2024.101885","article-title":"Responsible artificial intelligence governance: A review and research framework","volume":"34","author":"Papagiannidis","year":"2025","journal-title":"J. Strateg. Inf. Syst."},{"issue":"3","key":"10.1016\/j.infsof.2026.108132_b16","doi-asserted-by":"crossref","DOI":"10.1111\/soc4.12627","article-title":"Organizational theory: From classical sociology to the 1970s","volume":"13","author":"Haveman","year":"2019","journal-title":"Sociol. Compass"},{"key":"10.1016\/j.infsof.2026.108132_b17","series-title":"M-25-21: Accelerating federal use of AI through innovation, governance, and public trust","author":"of Management","year":"2025"},{"key":"10.1016\/j.infsof.2026.108132_b18","series-title":"Proceedings of the 4th ACM Conference on Equity and Access in Algorithms, Mechanisms, and Optimization","first-page":"1","article-title":"From transparency to accountability and back: A discussion of access and evidence in AI auditing","author":"Cen","year":"2024"},{"key":"10.1016\/j.infsof.2026.108132_b19","series-title":"Ethics Guidelines for Trustworthy AI","author":"High-Level Expert Group on Artificial Intelligence","year":"2019"},{"key":"10.1016\/j.infsof.2026.108132_b20","doi-asserted-by":"crossref","DOI":"10.1016\/j.compeleceng.2024.109643","article-title":"Security, privacy, and robustness for trustworthy AI systems: A review","volume":"119","author":"Saeed","year":"2024","journal-title":"Comput. Electr. Eng."},{"key":"10.1016\/j.infsof.2026.108132_b21","doi-asserted-by":"crossref","first-page":"214","DOI":"10.4236\/tel.2025.151013","article-title":"Enhancing transparency and efficiency in auditing and regulatory compliance with disruptive technologies","volume":"15","author":"Thanasas","year":"2025","journal-title":"Theor. Econ. Lett."},{"key":"10.1016\/j.infsof.2026.108132_b22","doi-asserted-by":"crossref","unstructured":"W. Wang, S.M. Sadjadi, N. Rishe, A Survey of Major Cybersecurity Compliance Frameworks, in: 2024 IEEE 10th Conference on Big Data Security on Cloud (BigDataSecurity), 2024, pp. 23\u201334.","DOI":"10.1109\/BigDataSecurity62737.2024.00013"},{"issue":"1","key":"10.1016\/j.infsof.2026.108132_b23","article-title":"Convergence and divergence of regulatory compliance and cybersecurity","volume":"22","author":"Marotta","year":"2021","journal-title":"Issues Inf. Syst."},{"key":"10.1016\/j.infsof.2026.108132_b24","series-title":"Anomaly","author":"NIST Computer Security Resource Center","year":"2025"},{"key":"10.1016\/j.infsof.2026.108132_b25","series-title":"Behavioral Anomaly Detection","author":"NIST Computer Security Resource Center","year":"2025"},{"key":"10.1016\/j.infsof.2026.108132_b26","series-title":"Idea and Methods of Legal Research","first-page":"143","article-title":"Doctrinal legal research as a means of synthesizing facts, thoughts, and legal principles","author":"Bhat","year":"2020"},{"key":"10.1016\/j.infsof.2026.108132_b27","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.iotcps.2025.01.001","article-title":"Generative AI in cybersecurity: A comprehensive review of LLM applications and vulnerabilities","volume":"5","author":"Ferrag","year":"2025","journal-title":"Internet Things Cyber-Phys. Syst."},{"key":"10.1016\/j.infsof.2026.108132_b28","doi-asserted-by":"crossref","DOI":"10.1016\/j.inffus.2025.103347","article-title":"Transformers and large language models for efficient intrusion detection systems: A comprehensive survey","volume":"124","author":"Kheddar","year":"2025","journal-title":"Inf. Fusion"},{"key":"10.1016\/j.infsof.2026.108132_b29","first-page":"1","article-title":"Reinforcement-Learning-Based intrusion detection in communication networks: A review","author":"Kheddar","year":"2024","journal-title":"IEEE Commun. Surv. Tutor."},{"issue":"6","key":"10.1016\/j.infsof.2026.108132_b30","doi-asserted-by":"crossref","DOI":"10.1145\/3638240","article-title":"A survey of recent advances in deep learning models for detecting malware in desktop and mobile platforms","volume":"56","author":"Maniriho","year":"2024","journal-title":"ACM Comput. Surv."},{"issue":"9","key":"10.1016\/j.infsof.2026.108132_b31","doi-asserted-by":"crossref","first-page":"3511","DOI":"10.1007\/s10115-023-01860-3","article-title":"Cybersecurity knowledge graphs","volume":"65","author":"Sikos","year":"2023","journal-title":"Knowl. Inf. Syst."},{"issue":"4","key":"10.1016\/j.infsof.2026.108132_b32","doi-asserted-by":"crossref","first-page":"5115","DOI":"10.1109\/TNSM.2023.3282740","article-title":"A survey on explainable artificial intelligence for cybersecurity","volume":"20","author":"Rjoub","year":"2023","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"10.1016\/j.infsof.2026.108132_b33","doi-asserted-by":"crossref","DOI":"10.1016\/j.comnet.2022.109032","article-title":"A survey on deep learning for cybersecurity: Progress, challenges, and opportunities","volume":"212","author":"Macas","year":"2022","journal-title":"Comput. Netw."},{"key":"10.1016\/j.infsof.2026.108132_b34","series-title":"Toward Trustworthy AI Development: Mechanisms for Supporting Verifiable Claims","author":"Brundage","year":"2020"},{"key":"10.1016\/j.infsof.2026.108132_b35","series-title":"AI in Control: Rethinking Cybersecurity Compliance and Auditing","author":"AIinControl2025","year":"2025"},{"issue":"5","key":"10.1016\/j.infsof.2026.108132_b36","doi-asserted-by":"crossref","first-page":"656","DOI":"10.1017\/S1471068420000356","article-title":"White-box induction from SVM models: Explainable AI with logic programming","volume":"20","author":"Shakerin","year":"2020","journal-title":"Theory Pract. Log. Program."},{"key":"10.1016\/j.infsof.2026.108132_b37","doi-asserted-by":"crossref","first-page":"82","DOI":"10.1016\/j.inffus.2019.12.012","article-title":"Explainable artificial intelligence (XAI): Concepts, taxonomies, opportunities and challenges toward responsible AI","volume":"58","author":"Arrieta","year":"2020","journal-title":"Inf. Fusion"},{"key":"10.1016\/j.infsof.2026.108132_b38","series-title":"Advances in Neural Information Processing Systems","first-page":"4917","article-title":"K-Nearest neighbors: From global to local","volume":"Vol. 29","author":"Anava","year":"2016"},{"key":"10.1016\/j.infsof.2026.108132_b39","series-title":"Proceedings of the 2022 IEEE 38th International Conference on Data Engineering","first-page":"2562","article-title":"Dynamic model tree for interpretable data stream learning","author":"Haug","year":"2022"},{"issue":"10","key":"10.1016\/j.infsof.2026.108132_b40","doi-asserted-by":"crossref","first-page":"36","DOI":"10.1145\/3233231","article-title":"The mythos of model interpretability","volume":"61","author":"Lipton","year":"2018","journal-title":"Commun. ACM"},{"key":"10.1016\/j.infsof.2026.108132_b41","series-title":"Advances in Artificial Intelligence \u2014 IBERAMIA 2002","first-page":"765","article-title":"Adaptive Bayes","author":"Gama","year":"2002"},{"key":"10.1016\/j.infsof.2026.108132_b42","doi-asserted-by":"crossref","unstructured":"J. Rosaler, D. Desai, B. Sarmah, D. Vamvourellis, D. Onay, S. Pasquali, D. Mehta, Enhanced Local Explainability and Trust Scores with Random Forest Proximities, in: Proceedings of the 5th ACM International Conference on AI in Finance, ICAIF\u201924, 2024, pp. 521\u2013529.","DOI":"10.1145\/3677052.3698615"},{"key":"10.1016\/j.infsof.2026.108132_b43","series-title":"Towards deep symbolic reinforcement learning","author":"Garnelo","year":"2016"},{"key":"10.1016\/j.infsof.2026.108132_b44","series-title":"Proceedings of the 38th International Conference on Machine Learning (ICML 2021)","first-page":"5979","article-title":"Discovering symbolic policies with deep reinforcement learning","volume":"Vol. 139","author":"Landajuela","year":"2021"},{"key":"10.1016\/j.infsof.2026.108132_b45","doi-asserted-by":"crossref","unstructured":"J. Guo, J. Cheng, J. Cleland-Huang, Semantically Enhanced Software Traceability Using Deep Learning Techniques, in: 2017 IEEE\/ACM 39th International Conference on Software Engineering, ICSE, 2017, pp. 3\u201314.","DOI":"10.1109\/ICSE.2017.9"},{"issue":"7553","key":"10.1016\/j.infsof.2026.108132_b46","doi-asserted-by":"crossref","first-page":"436","DOI":"10.1038\/nature14539","article-title":"Deep learning","volume":"521","author":"LeCun","year":"2015","journal-title":"Nature"},{"issue":"3","key":"10.1016\/j.infsof.2026.108132_b47","doi-asserted-by":"crossref","first-page":"250","DOI":"10.1038\/s42256-023-00620-w","article-title":"Evaluation of Post-hoc interpretability methods in Time-Series classification","volume":"5","author":"Turb\u00e9","year":"2023","journal-title":"Nat. Mach. Intell."},{"issue":"6","key":"10.1016\/j.infsof.2026.108132_b48","doi-asserted-by":"crossref","DOI":"10.1145\/3698826","article-title":"Provenance-Enabled explainable AI","volume":"2","author":"Zhang","year":"2024","journal-title":"Proc. ACM Manag. Data"},{"key":"10.1016\/j.infsof.2026.108132_b49","doi-asserted-by":"crossref","first-page":"146","DOI":"10.1016\/j.inffus.2017.10.006","article-title":"A survey on deep learning for big data","volume":"42","author":"Zhang","year":"2018","journal-title":"Inf. Fusion"},{"key":"10.1016\/j.infsof.2026.108132_b50","series-title":"Deep learning: A critical appraisal","author":"Marcus","year":"2018"},{"key":"10.1016\/j.infsof.2026.108132_b51","series-title":"The consciousness prior","author":"Bengio","year":"2019"},{"key":"10.1016\/j.infsof.2026.108132_b52","series-title":"Proceedings of the Thirty-Third AAAI Conference on Artificial Intelligence (AAAI-19)","first-page":"3019","article-title":"Belief change and Non-Monotonic reasoning sans compactness","author":"Ribeiro","year":"2019"},{"key":"10.1016\/j.infsof.2026.108132_b53","series-title":"Formal Ontology in Information Systems (FOIS 2024)","first-page":"223","article-title":"Full traceability and provenance for knowledge graphs","volume":"Vol. 394","author":"Dibowski","year":"2024"},{"issue":"1","key":"10.1016\/j.infsof.2026.108132_b54","first-page":"419","article-title":"Completeness guarantees for incomplete ontology reasoners: theory and practice","volume":"43","author":"Grau","year":"2012","journal-title":"J. Artif. Int. Res."},{"key":"10.1016\/j.infsof.2026.108132_b55","series-title":"VEL: A formally verified reasoner for OWL2 EL profile","author":"Ileri","year":"2024"},{"issue":"3","key":"10.1016\/j.infsof.2026.108132_b56","doi-asserted-by":"crossref","first-page":"215","DOI":"10.1016\/0004-3702(83)90008-5","article-title":"The epistemology of a rule-based expert system \u2014a framework for explanation","volume":"20","author":"Clancey","year":"1983","journal-title":"Artificial Intelligence"},{"key":"10.1016\/j.infsof.2026.108132_b57","series-title":"Second Generation Expert Systems","first-page":"543","article-title":"Explanation in second generation expert systems","author":"Swartout","year":"1993"},{"key":"10.1016\/j.infsof.2026.108132_b58","series-title":"Machine Intelligence","first-page":"463","article-title":"Some philosophical problems from the standpoint of artificial intelligence","volume":"Vol. 4","author":"McCarthy","year":"1969"},{"key":"10.1016\/j.infsof.2026.108132_b59","series-title":"The Semantic Web. Latest Advances and New Domains","first-page":"104","article-title":"Large scale Rule-Based reasoning using a Laptop","author":"Peters","year":"2015"},{"issue":"1","key":"10.1016\/j.infsof.2026.108132_b60","doi-asserted-by":"crossref","first-page":"107","DOI":"10.1007\/s10994-006-5833-1","article-title":"Markov logic networks","volume":"62","author":"Richardson","year":"2006","journal-title":"Mach. Learn."},{"key":"10.1016\/j.infsof.2026.108132_b61","series-title":"Theory, Practice, and Applications of Rules on the Web","first-page":"1","article-title":"Probabilistic soft logic: A scalable approach for Markov random fields over Continuous-Valued variables","author":"Getoor","year":"2013"},{"key":"10.1016\/j.infsof.2026.108132_b62","series-title":"Proceedings of the 36th AAAI Conference on Artificial Intelligence (AAAI 2022)","first-page":"10060","article-title":"Inference and learning with model uncertainty in probabilistic logic programs","volume":"Vol. 36","author":"Verreet","year":"2022"},{"key":"10.1016\/j.infsof.2026.108132_b63","doi-asserted-by":"crossref","DOI":"10.1016\/j.enbuild.2025.116246","article-title":"Explainable AI framework for reliable and transparent automated energy management in buildings","volume":"347","author":"Teixeira","year":"2025","journal-title":"Energy Build."},{"issue":"3","key":"10.1016\/j.infsof.2026.108132_b64","doi-asserted-by":"crossref","first-page":"275","DOI":"10.1016\/j.eng.2019.12.014","article-title":"Progress in neural NLP: Modeling, learning, and reasoning","volume":"6","author":"Zhou","year":"2020","journal-title":"Engineering"},{"key":"10.1016\/j.infsof.2026.108132_b65","series-title":"Advances in Neural Information Processing Systems","first-page":"3111","article-title":"Distributed representations of words and phrases and their compositionality","volume":"Vol. 26","author":"Mikolov","year":"2013"},{"key":"10.1016\/j.infsof.2026.108132_b66","series-title":"Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long and Short Papers)","first-page":"4171","article-title":"BERT: Pre-training of deep bidirectional transformers for language understanding","author":"Devlin","year":"2019"},{"key":"10.1016\/j.infsof.2026.108132_b67","series-title":"Advances in Neural Information Processing Systems","first-page":"1877","article-title":"Language models are Few-Shot learners","volume":"Vol. 33","author":"Brown","year":"2020"},{"key":"10.1016\/j.infsof.2026.108132_b68","series-title":"Advances in Neural Information Processing Systems","first-page":"5998","article-title":"Attention is all you need","volume":"Vol. 30","author":"Vaswani","year":"2017"},{"key":"10.1016\/j.infsof.2026.108132_b69","series-title":"Proceedings of the 39th International Conference on Machine Learning (ICML 2022)","first-page":"7281","article-title":"Rethinking Attention-Model explainability through faithfulness violation test","volume":"Vol. 162","author":"Liu","year":"2022"},{"key":"10.1016\/j.infsof.2026.108132_b70","series-title":"Proceedings of the 58th Annual Meeting of the Association for Computational Linguistics","first-page":"5454","article-title":"Language (technology) is power: A critical survey of \u201cBias\u201d in NLP","author":"Blodgett","year":"2020"},{"key":"10.1016\/j.infsof.2026.108132_b71","series-title":"Proceedings of the 58th Annual Meeting of the Association for Computational Linguistics","first-page":"8342","article-title":"Don\u2019t stop pretraining: Adapt language models to domains and tasks","author":"Gururangan","year":"2020"},{"key":"10.1016\/j.infsof.2026.108132_b72","series-title":"Advances in Neural Information Processing Systems","first-page":"3788","article-title":"End-to-end differentiable proving","volume":"Vol. 30","author":"Rockt\u00e4schel","year":"2017"},{"key":"10.1016\/j.infsof.2026.108132_b73","series-title":"Proceedings of the 35th International Conference on Machine Learning","first-page":"5502","article-title":"A semantic loss function for deep learning with symbolic knowledge","volume":"Vol. 80","author":"Xu","year":"2018"},{"key":"10.1016\/j.infsof.2026.108132_b74","series-title":"Harnessing deep neural networks with logic rules","author":"Hu","year":"2020"},{"issue":"5","key":"10.1016\/j.infsof.2026.108132_b75","doi-asserted-by":"crossref","first-page":"2039","DOI":"10.1007\/s11257-024-09417-x","article-title":"Recommender systems based on neuro-symbolic knowledge graph embeddings encoding first-order logic rules","volume":"34","author":"Spillo","year":"2024","journal-title":"User Model. User-Adapt. Interact."},{"issue":"6","key":"10.1016\/j.infsof.2026.108132_b76","doi-asserted-by":"crossref","first-page":"737","DOI":"10.1007\/s42979-023-02177-2","article-title":"Integrating a Rule-Based approach to malware detection with an LSTM-Based feature selection technique","volume":"4","author":"Bhardwaj","year":"2023","journal-title":"SN Comput. Sci."},{"key":"10.1016\/j.infsof.2026.108132_b77","series-title":"Findings of the Association for Computational Linguistics: EMNLP 2022","first-page":"2159","article-title":"A Neural-Symbolic approach to natural language understanding","author":"Liu","year":"2022"},{"key":"10.1016\/j.infsof.2026.108132_b78","series-title":"Proceedings of the 40th International Conference on Machine Learning","first-page":"1801","article-title":"Interpretable Neural-Symbolic concept reasoning","volume":"Vol. 202","author":"Barbiero","year":"2023"},{"key":"10.1016\/j.infsof.2026.108132_b79","series-title":"Neuro-symbolic AI: Explainability, challenges, and future trends","author":"Zhang","year":"2024"},{"key":"10.1016\/j.infsof.2026.108132_b80","series-title":"Hierarchical Neuro-Symbolic decision transformer","author":"Baheri","year":"2025"},{"key":"10.1016\/j.infsof.2026.108132_b81","doi-asserted-by":"crossref","DOI":"10.1016\/j.artint.2021.103649","article-title":"Logic tensor networks","volume":"303","author":"Badreddine","year":"2022","journal-title":"Artificial Intelligence"},{"issue":"4","key":"10.1016\/j.infsof.2026.108132_b82","doi-asserted-by":"crossref","DOI":"10.1016\/j.ipm.2025.104127","article-title":"Neurosymbolic graph enrichment for grounded world models","volume":"62","author":"De Giorgis","year":"2025","journal-title":"Inf. Process. Manage."},{"key":"10.1016\/j.infsof.2026.108132_b83","series-title":"Advances in Neural Information Processing Systems 31 (NeurIPS 2018)","first-page":"1031","article-title":"Neural-Symbolic VQA: Disentangling reasoning from vision and language understanding","author":"Yi","year":"2018"},{"issue":"5","key":"10.1016\/j.infsof.2026.108132_b84","doi-asserted-by":"crossref","first-page":"739","DOI":"10.1017\/S1471068422000229","article-title":"A Neuro-Symbolic ASP pipeline for visual question answering","volume":"22","author":"Eiter","year":"2022","journal-title":"Theory Pract. Log. Program."},{"issue":"1","key":"10.1016\/j.infsof.2026.108132_b85","doi-asserted-by":"crossref","first-page":"26786","DOI":"10.1038\/s41598-025-07533-1","article-title":"A novel ensemble wasserstein GAN framework for effective anomaly detection in industrial internet of things environments","volume":"15","author":"Riaz","year":"2025","journal-title":"Sci. Rep."},{"key":"10.1016\/j.infsof.2026.108132_b86","series-title":"Precise recovery of latent vectors from generative adversarial networks","author":"Lipton","year":"2017"},{"key":"10.1016\/j.infsof.2026.108132_b87","series-title":"Advances in Neural Information Processing Systems 27 (NeurIPS 2014)","first-page":"2672","article-title":"Generative adversarial nets","author":"Goodfellow","year":"2014"},{"key":"10.1016\/j.infsof.2026.108132_b88","series-title":"Advances in Neural Information Processing Systems","first-page":"12104","article-title":"Training generative adversarial networks with limited data","volume":"Vol. 33","author":"Karras","year":"2020"},{"key":"10.1016\/j.infsof.2026.108132_b89","series-title":"Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing and the 9th International Joint Conference on Natural Language Processing (EMNLP-IJCNLP)","first-page":"11","article-title":"Attention is not not explanation","author":"Wiegreffe","year":"2019"},{"key":"10.1016\/j.infsof.2026.108132_b90","series-title":"Advances in Neural Information Processing Systems","first-page":"29106","article-title":"Chain of thoughtlessness? An analysis of CoT in planning","volume":"Vol. 37","author":"Stechly","year":"2024"},{"key":"10.1016\/j.infsof.2026.108132_b91","series-title":"Retrieval-Augmented generation for large language models: A survey","author":"Gao","year":"2024"},{"key":"10.1016\/j.infsof.2026.108132_b92","series-title":"Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP","first-page":"204","article-title":"LLM-Based Fine-Grained ABAC policy generation","author":"Mai","year":"2025"},{"key":"10.1016\/j.infsof.2026.108132_b93","series-title":"Proceedings of the 30th International Conference on Intelligent User Interfaces","first-page":"277","article-title":"CLEAR: Towards contextual LLM-Empowered privacy policy analysis and risk generation for large language model applications","author":"Chen","year":"2025"},{"key":"10.1016\/j.infsof.2026.108132_b94","doi-asserted-by":"crossref","DOI":"10.1016\/j.eswa.2025.128404","article-title":"AgentAI: A comprehensive survey on autonomous agents in distributed AI for industry 4.0","volume":"291","author":"Piccialli","year":"2025","journal-title":"Expert Syst. Appl."},{"key":"10.1016\/j.infsof.2026.108132_b95","series-title":"From LLM reasoning to autonomous AI agents: A comprehensive review","author":"Ferrag","year":"2025"},{"key":"10.1016\/j.infsof.2026.108132_b96","article-title":"Blockchain technology in supply chain management: Innovations, applications, and challenges","volume":"18","author":"Kumar","year":"2025","journal-title":"Telemat. Inform. Rep."},{"key":"10.1016\/j.infsof.2026.108132_b97","article-title":"From smart legal contracts to contracts on blockchain: An empirical investigation","volume":"55","author":"Bassan","year":"2024","journal-title":"Comput. Law Secur. Rev."},{"key":"10.1016\/j.infsof.2026.108132_b98","series-title":"Advances in Cryptology \u2013 CRYPTO 2015","first-page":"503","article-title":"Predicate encryption for circuits from LWE","author":"Gorbunov","year":"2022"},{"key":"10.1016\/j.infsof.2026.108132_b99","series-title":"16th USENIX Symposium on Networked Systems Design and Implementation","first-page":"95","article-title":"Monoxide: Scale out blockchains with asynchronous consensus zones","author":"Wang","year":"2019"},{"key":"10.1016\/j.infsof.2026.108132_b100","article-title":"A survey on scalable consensus algorithms for blockchain technology","volume":"3","author":"Jain","year":"2025","journal-title":"Cyber Secur. Appl."},{"key":"10.1016\/j.infsof.2026.108132_b101","series-title":"Data Privacy Management, Cryptocurrencies and Blockchain Technology","first-page":"233","article-title":"A minimal core calculus for solidity contracts","author":"Bartoletti","year":"2019"},{"key":"10.1016\/j.infsof.2026.108132_b102","series-title":"Proceedings of the 2021 ACM Conference on Fairness, Accountability, and Transparency (FAccT \u201921)","first-page":"758","article-title":"Outlining traceability: A principle for operationalizing accountability in computing systems","author":"Kroll","year":"2021"},{"issue":"5","key":"10.1016\/j.infsof.2026.108132_b103","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3236009","article-title":"A survey of methods for explaining Black Box models","volume":"51","author":"Guidotti","year":"2018","journal-title":"ACM Comput. Surv."},{"issue":"5","key":"10.1016\/j.infsof.2026.108132_b104","doi-asserted-by":"crossref","first-page":"206","DOI":"10.1038\/s42256-019-0048-x","article-title":"Stop explaining black box machine learning models for high stakes decisions and use interpretable models instead","volume":"1","author":"Rudin","year":"2019","journal-title":"Nat. Mach. Intell."},{"key":"10.1016\/j.infsof.2026.108132_b105","doi-asserted-by":"crossref","unstructured":"L.H. Gilpin, D. Bau, B.Z. Yuan, A. Bajwa, M. Specter, L. Kagal, Explaining Explanations: An Overview of Interpretability of Machine Learning, in: 2018 IEEE 5th International Conference on Data Science and Advanced Analytics, DSAA, 2018, pp. 80\u201389.","DOI":"10.1109\/DSAA.2018.00018"},{"issue":"1","key":"10.1016\/j.infsof.2026.108132_b106","first-page":"9","article-title":"Artificial intelligence as evidence","volume":"19","author":"Grimm","year":"2021","journal-title":"Northwest. J. Technol. Intellect. Prop."},{"issue":"4","key":"10.1016\/j.infsof.2026.108132_b107","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2523813","article-title":"A survey on concept drift adaptation","volume":"46","author":"Gama","year":"2014","journal-title":"ACM Comput. Surv."},{"key":"10.1016\/j.infsof.2026.108132_b108","series-title":"Artificial intelligence risk management framework (AI RMF) 1.0","author":"National Institute of Standards and Technology (NIST)","year":"2023"},{"key":"10.1016\/j.infsof.2026.108132_b109","series-title":"ISO\/IEC 42001:2023 - information technology \u2014 Artificial intelligence \u2014 Management system","author":"International Organization for Standardization","year":"2023"},{"key":"10.1016\/j.infsof.2026.108132_b110","series-title":"A survey on explainable deep reinforcement learning","author":"Cheng","year":"2025"},{"issue":"4","key":"10.1016\/j.infsof.2026.108132_b111","doi-asserted-by":"crossref","first-page":"6822","DOI":"10.1109\/JIOT.2019.2912022","article-title":"Machine Learning-Based network vulnerability analysis of industrial internet of things","volume":"6","author":"Zolanvari","year":"2019","journal-title":"IEEE Internet Things J."},{"key":"10.1016\/j.infsof.2026.108132_b112","doi-asserted-by":"crossref","first-page":"129064","DOI":"10.1109\/ACCESS.2024.3421989","article-title":"A Coverage-Guided fuzzing method for automatic software vulnerability detection using reinforcement Learning-Enabled Multi-Level input mutation","volume":"12","author":"Pham","year":"2024","journal-title":"IEEE Access"},{"issue":"2","key":"10.1016\/j.infsof.2026.108132_b113","doi-asserted-by":"crossref","first-page":"6472","DOI":"10.1109\/TTE.2024.3510458","article-title":"Vulnerability assessment and detection of stealthy sequential cyberattacks in hybrid tracked vehicles","volume":"11","author":"Muriithi","year":"2025","journal-title":"IEEE Trans. Transp. Electrif."},{"issue":"5","key":"10.1016\/j.infsof.2026.108132_b114","doi-asserted-by":"crossref","first-page":"2469","DOI":"10.1109\/TDSC.2019.2954088","article-title":"Software vulnerability discovery via learning Multi-Domain knowledge bases","volume":"18","author":"Lin","year":"2021","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"issue":"7","key":"10.1016\/j.infsof.2026.108132_b115","doi-asserted-by":"crossref","first-page":"8033","DOI":"10.1109\/JIOT.2025.3541090","article-title":"Effectively detecting software vulnerabilities via leveraging features on program slices","volume":"12","author":"Zhang","year":"2025","journal-title":"IEEE Internet Things J."},{"key":"10.1016\/j.infsof.2026.108132_b116","doi-asserted-by":"crossref","first-page":"64446","DOI":"10.1109\/ACCESS.2024.3396410","article-title":"DB-CBIL: A DistilBert-based transformer hybrid model using CNN and BiLSTM for software vulnerability detection","volume":"12","author":"Bahaa","year":"2024","journal-title":"IEEE Access"},{"key":"10.1016\/j.infsof.2026.108132_b117","doi-asserted-by":"crossref","first-page":"149817","DOI":"10.1109\/ACCESS.2025.3602292","article-title":"A Knowledge-Driven approach to threat validation and security reasoning in modular systems","volume":"13","author":"Pandolfo","year":"2025","journal-title":"IEEE Access"},{"key":"10.1016\/j.infsof.2026.108132_b118","series-title":"Proceedings of the 21st International Conference on Predictive Models and Data Analytics in Software Engineering","first-page":"65","article-title":"Efficient adaptation of large language models for smart contract vulnerability detection","author":"Sikder","year":"2025"},{"issue":"3","key":"10.1016\/j.infsof.2026.108132_b119","doi-asserted-by":"crossref","first-page":"219","DOI":"10.1007\/s42797-021-00025-1","article-title":"Design of a dynamic and self-adapting system, supported with artificial intelligence, machine learning and real-time intelligence for predictive cyber risk analytics in extreme environments 2013 cyber risk in the colonisation of Mars","volume":"2","author":"Radanliev","year":"2020","journal-title":"Saf. Extrem. Environ."},{"key":"10.1016\/j.infsof.2026.108132_b120","doi-asserted-by":"crossref","unstructured":"S.-H. Park, J.-W. Jung, S.-W. Lee, Multi-perspective APT Attack Risk Assessment Framework using Risk-Aware Problem Domain Ontology, in: 2021 IEEE 29th International Requirements Engineering Conference Workshops, REW, 2021, pp. 400\u2013405.","DOI":"10.1109\/REW53955.2021.00071"},{"key":"10.1016\/j.infsof.2026.108132_b121","series-title":"Optimization in Artificial Intelligence and Data Sciences","first-page":"199","article-title":"Risk assessment in transactions under threat as partially observable Markov decision process","volume":"Vol. 8","author":"Vassilev","year":"2022"},{"issue":"6","key":"10.1016\/j.infsof.2026.108132_b122","doi-asserted-by":"crossref","DOI":"10.3390\/buildings14061561","article-title":"Cyber risk assessment framework for the construction industry using machine learning techniques","volume":"14","author":"Yao","year":"2024","journal-title":"Buildings"},{"key":"10.1016\/j.infsof.2026.108132_b123","series-title":"Software security mapping framework: Operationalization of security requirements","author":"Lee","year":"2025"},{"key":"10.1016\/j.infsof.2026.108132_b124","series-title":"Automated compliance blueprint optimization with artificial intelligence","author":"Adebayo","year":"2022"},{"key":"10.1016\/j.infsof.2026.108132_b125","doi-asserted-by":"crossref","unstructured":"L. Elluri, A. Nagar, K.P. Joshi, An Integrated Knowledge Graph to Automate GDPR and PCI DSS Compliance, in: 2018 IEEE International Conference on Big Data (Big Data), 2018, pp. 1266\u20131271.","DOI":"10.1109\/BigData.2018.8622236"},{"key":"10.1016\/j.infsof.2026.108132_b126","series-title":"Proceedings of the 6th Joint International Conference on Data Science & Management of Data (10th ACM IKDD CODS and 28th COMAD)","first-page":"167","article-title":"Towards automated assessment of organizational cybersecurity posture in cloud","author":"Bar-Haim","year":"2023"},{"key":"10.1016\/j.infsof.2026.108132_b127","series-title":"Neuro-Symbolic AI for compliance checking of electrical control panels","author":"Barbara","year":"2023"},{"key":"10.1016\/j.infsof.2026.108132_b128","doi-asserted-by":"crossref","first-page":"880","DOI":"10.1016\/j.procs.2025.03.113","article-title":"Using machine learning to analyze and detect anomalies in SELinux security policies","volume":"257","author":"Jain","year":"2025","journal-title":"Procedia Comput. Sci."},{"key":"10.1016\/j.infsof.2026.108132_b129","article-title":"Automated cybersecurity compliance and threat response using AI, blockchain and smart contracts","author":"Alevizos","year":"2024","journal-title":"Int. J. Inf. Technol."},{"key":"10.1016\/j.infsof.2026.108132_b130","article-title":"Hierarchical reinforcement learning for efficient and effective automated penetration testing of large networks","author":"Ghanem","year":"2022","journal-title":"J. Intell. Inf. Syst."},{"key":"10.1016\/j.infsof.2026.108132_b131","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2024.104140","article-title":"PenGym: Realistic training environment for reinforcement learning pentesting agents","volume":"148","author":"Nguyen","year":"2025","journal-title":"Comput. Secur."},{"issue":"18","key":"10.1016\/j.infsof.2026.108132_b132","doi-asserted-by":"crossref","DOI":"10.3390\/s23188014","article-title":"Generative adversarial network (GAN)-Based autonomous penetration testing for web applications","volume":"23","author":"Chowdhary","year":"2023","journal-title":"Sensors"},{"issue":"2","key":"10.1016\/j.infsof.2026.108132_b133","doi-asserted-by":"crossref","DOI":"10.3390\/computers14020067","article-title":"Advancing cyber incident timeline analysis through Retrieval-Augmented generation and large language models","volume":"14","author":"Loumachi","year":"2025","journal-title":"Computers"},{"key":"10.1016\/j.infsof.2026.108132_b134","doi-asserted-by":"crossref","first-page":"153349","DOI":"10.1109\/ACCESS.2019.2946978","article-title":"Digital forensics architecture for evidence collection and provenance preservation in IaaS cloud environment using SDN and blockchain technology","volume":"7","author":"Pourvahab","year":"2019","journal-title":"IEEE Access"},{"key":"10.1016\/j.infsof.2026.108132_b135","series-title":"2019 IEEE Conference on Network Softwarization (NetSoft)","first-page":"110","article-title":"Blockchain solutions for forensic evidence preservation in IoT environments","author":"Brotsis","year":"2019"},{"key":"10.1016\/j.infsof.2026.108132_b136","doi-asserted-by":"crossref","first-page":"131605","DOI":"10.1109\/ACCESS.2024.3460428","article-title":"Cybersecurity anomaly detection: AI and ethereum blockchain for a secure and tamperproof IoHT data management","volume":"12","author":"Olawale","year":"2024","journal-title":"IEEE Access"},{"key":"10.1016\/j.infsof.2026.108132_b137","doi-asserted-by":"crossref","DOI":"10.1016\/j.knosys.2025.113178","article-title":"An enhanced BiGAN architecture for network intrusion detection","volume":"314","author":"Arafah","year":"2025","journal-title":"Knowl.-Based Syst."},{"key":"10.1016\/j.infsof.2026.108132_b138","doi-asserted-by":"crossref","first-page":"116345","DOI":"10.1109\/ACCESS.2025.3585445","article-title":"Adaptive defense: Zero-Day attack detection in NIDS with deep reinforcement learning","volume":"13","author":"Alam","year":"2025","journal-title":"IEEE Access"},{"key":"10.1016\/j.infsof.2026.108132_b139","series-title":"Proceedings of the Cognitive Models and Artificial Intelligence Conference","first-page":"292","article-title":"Deep reinforcement learning for adaptive cyber defense in network security","author":"Hammad","year":"2024"},{"key":"10.1016\/j.infsof.2026.108132_b140","series-title":"2025 13th International Symposium on Digital Forensics and Security","first-page":"1","article-title":"AutoBnB: Multi-Agent incident response with large language models","author":"Liu","year":"2025"},{"key":"10.1016\/j.infsof.2026.108132_b141","series-title":"Large language models are autonomous cyber defenders","author":"Castro","year":"2025"},{"key":"10.1016\/j.infsof.2026.108132_b142","doi-asserted-by":"crossref","DOI":"10.1016\/j.accinf.2024.100698","article-title":"Artificial intelligence co-piloted auditing","volume":"54","author":"Gu","year":"2024","journal-title":"Int. J. Account. Inf. Syst."},{"key":"10.1016\/j.infsof.2026.108132_b143","series-title":"Automating security audit using large language model based agent: An exploration experiment","author":"Chin","year":"2025"},{"key":"10.1016\/j.infsof.2026.108132_b144","series-title":"ISO\/IEC 17025:2017 \u2014 General requirements for the competence of testing and calibration laboratories","author":"ISO\/IEC","year":"2017"},{"key":"10.1016\/j.infsof.2026.108132_b145","article-title":"Cybersecurity compliance behavior: Exploring the influences of individual decision style and other antecedents","volume":"51","author":"Donalds","year":"2020","journal-title":"Int. J. Inf. Manage."},{"issue":"4","key":"10.1016\/j.infsof.2026.108132_b146","doi-asserted-by":"crossref","first-page":"1047","DOI":"10.1093\/ojls\/gqaf029","article-title":"Carefully tailored: Doctrinal methods and empirical contributions","volume":"45","author":"Theil","year":"2025","journal-title":"Oxf. J. Leg. Stud."}],"container-title":["Information and Software Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0950584926001217?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0950584926001217?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,4,19]],"date-time":"2026-04-19T05:43:38Z","timestamp":1776577418000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0950584926001217"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,7]]},"references-count":146,"alternative-id":["S0950584926001217"],"URL":"https:\/\/doi.org\/10.1016\/j.infsof.2026.108132","relation":{},"ISSN":["0950-5849"],"issn-type":[{"value":"0950-5849","type":"print"}],"subject":[],"published":{"date-parts":[[2026,7]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"AI in control: Rethinking cybersecurity compliance and auditing","name":"articletitle","label":"Article Title"},{"value":"Information and Software Technology","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.infsof.2026.108132","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 The Authors. Published by Elsevier B.V.","name":"copyright","label":"Copyright"}],"article-number":"108132"}}