{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,13]],"date-time":"2025-12-13T12:01:39Z","timestamp":1765627299884,"version":"3.48.0"},"reference-count":34,"publisher":"Association for Computing Machinery (ACM)","issue":"4","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Digital Threats"],"published-print":{"date-parts":[[2025,12,31]]},"abstract":"<jats:p>The integration of AI in cybersecurity promises enhanced threat detection and response capabilities, yet its adoption is hindered by human factors, particularly cognitive biases and trust issues. This study investigates how cognitive biases, such as automation bias (47%) and confirmation bias (37%), influence security analysts\u2019 trust in AI-driven tools, drawing on Kahneman\u2019s dual-process theory. Through qualitative interviews with 19 cybersecurity professionals and a comparative analysis of AI solutions from Microsoft, CrowdStrike, Darktrace, and IBM, we identify key barriers to adoption, including explainability gaps and high false positive rates. Findings reveal that 65% of analysts express skepticism toward AI alerts, favoring hybrid human\u2013AI models (79%) over full automation. We propose strategies like Explainable AI (XAI), bias-awareness training, and adaptive trust calibration to mitigate biases and foster trust. These insights highlight the need for user-centric AI designs that balance technical performance with human cognitive realities in cybersecurity operations.<\/jats:p>","DOI":"10.1145\/3759260","type":"journal-article","created":{"date-parts":[[2025,8,18]],"date-time":"2025-08-18T15:58:29Z","timestamp":1755532709000},"page":"1-20","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Human Factors in AI-Driven Cybersecurity: Cognitive Biases and Trust Issues"],"prefix":"10.1145","volume":"6","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-3512-5751","authenticated-orcid":false,"given":"Raymond Andre","family":"Hagen","sequence":"first","affiliation":[{"name":"Norwegian Digitalisation Agency, Oslo, Norway, and Norwegian University of Science and Technology, Trondheim, Norway"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7640-8446","authenticated-orcid":false,"given":"Lasse","family":"\u00d8verlier","sequence":"additional","affiliation":[{"name":"IIK, Norwegian University of Science and Technology, Trondheim, Norway"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3698-4585","authenticated-orcid":false,"given":"Kirsi","family":"Helkala","sequence":"additional","affiliation":[{"name":"Norwegian Defence University College, Oslo, Norway"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,12,13]]},"reference":[{"key":"e_1_3_1_2_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2016.03.004"},{"key":"e_1_3_1_3_2","unstructured":"Microsoft Corporation. 2024. Protect with AI: See More and Move Faster with Generative AI Security. Technical Report White Paper. Microsoft Corporation. Retrieved from https:\/\/www.microsoft.com\/en-us\/security\/business\/ai-machine-learning\/microsoft-security-copilot"},{"key":"e_1_3_1_4_2","unstructured":"CrowdStrike. 2024. Applying the Best AI for the Job: Inside Charlotte AI\u2019s Multi-AI Architecture. Technical Report White Paper. CrowdStrike. Retrieved from https:\/\/www.crowdstrike.com\/products\/charlotte-ai\/"},{"key":"e_1_3_1_5_2","unstructured":"P. Shoard K. Schmidt J. D\u2019Hoinne E. Ahlm and J. Collins. 2024. Predict 2025: There Will Never Be an Autonomous SOC. Technical Report G00821485 Restricted to Personal Use. Gartner Inc. Retrieved from https:\/\/www.gartner.com\/document\/code\/821485?ref=authbody&refval="},{"key":"e_1_3_1_6_2","doi-asserted-by":"publisher","DOI":"10.1093\/jopart\/muac007"},{"issue":"1","key":"e_1_3_1_7_2","doi-asserted-by":"crossref","first-page":"130","DOI":"10.1038\/s41593-019-0549-2","article-title":"Confirmation bias in the utilization of others\u2019 opinion strength","volume":"23","author":"Kappes A.","year":"2020","unstructured":"A. Kappes, A. H. Harvey, T. Lohrenz, P. R. Montague, and T. Sharot. 2020. Confirmation bias in the utilization of others\u2019 opinion strength. Nature Neuroscience 23, 1 (2020), 130\u2013137.","journal-title":"Nature Neuroscience"},{"key":"e_1_3_1_8_2","volume-title":"Thinking, Fast and Slow","author":"Kahneman D.","year":"2011","unstructured":"D. Kahneman. 2011. Thinking, Fast and Slow. Farrar, Straus and Giroux, New York."},{"key":"e_1_3_1_9_2","doi-asserted-by":"publisher","DOI":"10.1191\/1478088706qp063oa"},{"key":"e_1_3_1_10_2","doi-asserted-by":"crossref","first-page":"299","DOI":"10.5565\/rev\/papers\/v80n0.1835","article-title":"Ragin, Charles C. The comparative method: Moving beyond qualitative and quantitative strategies. fuzzy-set social science","volume":"80","author":"Vancea M.","year":"2007","unstructured":"M. Vancea. 2007. Ragin, Charles C. The comparative method: Moving beyond qualitative and quantitative strategies. fuzzy-set social science. Papers. Revista de Sociologia 80 (Jan. 2007), 299\u2013301.","journal-title":"Papers. Revista de Sociologia"},{"key":"e_1_3_1_11_2","unstructured":"Identity Theft Resource Center. 2025. Data Breaches. Available. Retrieved April 24 2025 from https:\/\/www.idtheftcenter.org\/data-breaches\/"},{"key":"e_1_3_1_12_2","unstructured":"D. Bonderud. 2024. Cost of a Data Breach 2024: Financial Industry. Retrieved April 24 2025 from https:\/\/www.ibm.com\/think\/insights\/cost-of-a-data-breach-2024-financial-industry"},{"key":"e_1_3_1_13_2","unstructured":"Gartner Inc. 2024. Gartner Forecasts Global Information Security Spending to Grow 15 Percent in 2025. Retrieved April 24 2025 from https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2024-08-28-gartner-forecasts-global-information-security-spending-to-grow-15-percent-in-2025"},{"key":"e_1_3_1_14_2","unstructured":"T. Fox. 2025. Cybercrime Will Cost the World $1 Trillion USD per Month by 2031. Retrieved April 24 2025 from https:\/\/cybersecurityventures.com\/cybercrime-will-cost-the-world-1-trillion-usd-per-month-by-2031\/"},{"key":"e_1_3_1_15_2","doi-asserted-by":"crossref","first-page":"1049","DOI":"10.3389\/fpsyg.2020.01049","article-title":"Cognitive models in cybersecurity: Learning from expert analysts and predicting attacker behavior","volume":"11","author":"Veksler V. D.","year":"2020","unstructured":"V. D. Veksler, N. Buchler, C. G. LaFleur, M. S. Yu, C. Lebiere, and C. Gonzalez. 2020. Cognitive models in cybersecurity: Learning from expert analysts and predicting attacker behavior. Frontiers in Psychology 11 (2020), 1049. Retrieved from https:\/\/www.frontiersin.org\/journals\/psychology\/articles\/10.3389\/fpsyg.2020.01049","journal-title":"Frontiers in Psychology"},{"key":"e_1_3_1_16_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jsis.2018.09.003"},{"issue":"4","key":"e_1_3_1_17_2","doi-asserted-by":"crossref","first-page":"565","DOI":"10.1111\/puar.13211","article-title":"Designing to debias: Measuring and reducing public managers\u2019 anchoring bias","volume":"80","author":"Nagtegaal R.","year":"2020","unstructured":"R. Nagtegaal, L. Tummers, M. Noordegraaf, and V. Bekkers. 2020. Designing to debias: Measuring and reducing public managers\u2019 anchoring bias. Public Administration Review 80, 4 (2020), 565\u2013576.","journal-title":"Public Administration Review"},{"issue":"4","key":"e_1_3_1_18_2","first-page":"100049","article-title":"Rapid trust calibration through interpretable and uncertainty-aware AI","volume":"1","author":"Tomsett R.","year":"2020","unstructured":"R. Tomsett, A. Preece, D. Braines, F. Cerutti, S. Chakraborty, M. Srivastava, G. Pearson, and L. Kaplan. 2020. Rapid trust calibration through interpretable and uncertainty-aware AI. Patterns (New York, N.Y.) 1, 4 (2020), 100049. Retrieved from https:\/\/www.sciencedirect.com\/science\/article\/pii\/S266638992030060X","journal-title":"Patterns (New York, N.Y.)"},{"issue":"2","key":"e_1_3_1_19_2","doi-asserted-by":"crossref","first-page":"95","DOI":"10.1007\/s11166-009-9060-6","article-title":"Ostrich effect: Selective attention to information","volume":"38","author":"Karlsson N.","year":"2009","unstructured":"N. Karlsson, G. Loewenstein, and D. Seppi. 2009. Ostrich effect: Selective attention to information. Journal of Risk and Uncertainty 38, 2 (2009), 95\u2013115.","journal-title":"Journal of Risk and Uncertainty"},{"key":"e_1_3_1_20_2","first-page":"3875","volume-title":"Proceedings of the 28th International Joint Conference on Artificial Intelligence (IJCAI \u201919)","author":"Byrne R. M. J.","year":"2019","unstructured":"R. M. J. Byrne. 2019. Counterfactuals in explainable artificial intelligence (XAI): Evidence from human reasoning. In Proceedings of the 28th International Joint Conference on Artificial Intelligence (IJCAI \u201919), 3875\u20133881. Retrieved from https:\/\/www.ijcai.org\/proceedings\/2019\/0876.pdf"},{"key":"e_1_3_1_21_2","doi-asserted-by":"publisher","DOI":"10.1177\/01622439241240411"},{"key":"e_1_3_1_22_2","doi-asserted-by":"crossref","first-page":"1360","DOI":"10.1016\/j.trpro.2023.11.283","article-title":"Cybersecurity automation in countering cyberattacks","volume":"74","author":"Tonhauser M.","year":"2023","unstructured":"M. Tonhauser and J. Ristvej. 2023. Cybersecurity automation in countering cyberattacks. Transportation Research Procedia 74 (2023), 1360\u20131365.","journal-title":"Transportation Research Procedia"},{"key":"e_1_3_1_23_2","doi-asserted-by":"publisher","DOI":"10.1093\/jamia\/ocaf065"},{"key":"e_1_3_1_24_2","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1016\/B978-0-323-99545-0.00017-8","volume-title":"Handbook of Power Electronics in Autonomous and Electric Vehicles","author":"Verma A.","year":"2024","unstructured":"A. Verma. 2024. Chapter 2\u2014Introduction to autonomous systems. In Handbook of Power Electronics in Autonomous and Electric Vehicles. M. H. Rashid (Ed.), Academic Press, 17\u201328. Retrieved from https:\/\/www.sciencedirect.com\/science\/article\/pii\/B9780323995450000178"},{"key":"e_1_3_1_25_2","doi-asserted-by":"publisher","DOI":"10.1080\/02564602.2025.2485910"},{"key":"e_1_3_1_26_2","unstructured":"MSSP Alert. 2025. The Hidden Risks of Over-Relying on AI in Cybersecurity. MSSP Alert. Retrieved July 9 2025 from https:\/\/www.msspalert.com\/native\/the-hidden-risks-of-over-relying-on-ai-in-cybersecurity"},{"key":"e_1_3_1_27_2","unstructured":"Darktrace Holdings Limited. 2024. Tackling the 11 Biggest Cloud Threats with AI-Powered Defense. Technical Report White Paper. Darktrace Holdings Limited. Retrieved from https:\/\/darktrace.com"},{"key":"e_1_3_1_28_2","unstructured":"IBM Security. IBM Security QRadar SOAR: Improve SOC Efficiency. Respond Quicker. Help Close Skill Gaps. Technical Report Produced in the United States of America. IBM Corporation Armonk NY. Retrieved March 2024 from https:\/\/ibm.com\/products\/qradar-soar"},{"key":"e_1_3_1_29_2","volume-title":"Mastering the Semi-Structured Interview and Beyond: From Research Design to Analysis and Publication","author":"Galletta A.","year":"2012","unstructured":"A. Galletta. 2012. Mastering the Semi-Structured Interview and Beyond: From Research Design to Analysis and Publication. Oxford University Press, New York."},{"key":"e_1_3_1_30_2","doi-asserted-by":"publisher","DOI":"10.1177\/1071181319631016"},{"key":"e_1_3_1_31_2","unstructured":"A. Berrios M. Wah J. Collins P. Shoard A. Davies and E. Mirolyubov. 2024. Cool Vendors for the Modern Security Operations Center. Technical Report G00819480 Restricted to Personal Use. Gartner Inc. Retrieved from https:\/\/www.gartner.com\/document\/code\/819480?ref=authbody&refval="},{"key":"e_1_3_1_32_2","unstructured":"M. Corporation. 2024. Protect with AI: See More and Move Faster with Generative AI Security Technical Report White Paper. Microsoft Corporation. Retrieved from https:\/\/www.microsoft.com\/en-us\/security\/business\/ai-machine-learning\/microsoft-security-copilot"},{"key":"e_1_3_1_33_2","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0229132"},{"key":"e_1_3_1_34_2","unstructured":"S. Lundberg and S.-I. Lee. 2017. A unified approach to interpreting model predictions. arXiv:1705.07874. Manuscript submitted for review. Retrieved from https:\/\/arxiv.org\/abs\/1705.07874"},{"key":"e_1_3_1_35_2","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939778"}],"container-title":["Digital Threats: Research and Practice"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3759260","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,13]],"date-time":"2025-12-13T11:59:06Z","timestamp":1765627146000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3759260"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,13]]},"references-count":34,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2025,12,31]]}},"alternative-id":["10.1145\/3759260"],"URL":"https:\/\/doi.org\/10.1145\/3759260","relation":{},"ISSN":["2692-1626","2576-5337"],"issn-type":[{"type":"print","value":"2692-1626"},{"type":"electronic","value":"2576-5337"}],"subject":[],"published":{"date-parts":[[2025,12,13]]},"assertion":[{"value":"2025-04-27","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-07-24","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-12-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}