Search papers, labs, and topics across Lattice.
This paper synthesizes drivers of human cybersecurity behavior within organizations, integrating awareness, security culture, and usability into a theoretical framework. It compares this framework to existing behavioral models and argues for its relevance to agentic AI security, highlighting analogous vulnerabilities to manipulation attacks. The paper proposes that the human-centric model can inform the development of security strategies for AI agents.
Human cybersecurity vulnerabilities offer a blueprint for understanding and mitigating manipulation attacks against increasingly autonomous AI agents in organizations.
We undertake a comprehensive and structured synthesis of the drivers of human behavior in cybersecurity, focusing specifically on people within organizations (i.e., especially employees in companies), and integrate key concepts such as awareness, security culture, and usability into a coherent theoretical framework. This model is then compared with several relevant behavioral models that fundamentally represent drivers of human behavior. Additionally, we discuss how this theoretical framework can help the domain of agentic AI security: We argue that as AI systems increasingly act as autonomous agents within organizations and based on natural language processing, they also exhibit vulnerabilities analogous to human behavioral risks. Consequently, we propose that this human-centric model offers a blueprint for developing additional security strategies against manipulation attacks targeting AI agents.
