Search papers, labs, and topics across Lattice.
This paper introduces the Human Vulnerabilities & Exploits (HVE) Framework, which systematically identifies and classifies the behavioral and psychological vulnerabilities exploited in social engineering and fraud, filling a critical gap in cybersecurity frameworks that traditionally focus on software flaws. By leveraging established behavioral science theories, the HVE Framework provides a structured, machine-readable taxonomy, a multi-dimensional severity scoring system (HVSS), and actionable remediation strategies (HVPs). The key finding is that a significant majority of successful cyberattacks exploit human vulnerabilities rather than technical ones, underscoring the need for a dedicated framework to address these threats.
A staggering number of cyberattacks exploit human vulnerabilities, yet there's been no standardized framework to address this critical aspect鈥攗ntil now.
The cybersecurity community has invested over two decades in building standardized frameworks, the Common Vulnerabilities and Exposures (CVE) system, the Common Vulnerability Scoring System (CVSS), and the Common Weakness Enumeration (CWE) to identify, classify, and remediate threats to digital infrastructure. However, an emerging body of research reveals that a vast majority of successful cyberattacks exploit not software flaws, but human behavioral and psychological vulnerabilities. Social engineering, fraud, and scam attacks, which manipulate human cognition, emotion, and trust, do not have an equivalent standardized framework. Meanwhile, behavioral science and psychology research has established robust theoretical foundations, such as dual-process theory, prospect theory, social influence frameworks, and visceral state models, which explain precisely why and how these attacks succeed. This paper introduces the Human Vulnerabilities & Exploits (HVE) Framework, a structured approach for identifying, classifying, and mitigating the behavioral and psychological vulnerabilities exploited in scams, social engineering, and other human-centric fraud and attacks, analogous in concept to how CVE helps classify software vulnerabilities: it provides a shared, machine-readable taxonomy with structured identifiers, multi-dimensional severity scoring via the Human Vulnerability Severity Score (HVSS), and actionable remediation guidance through Human Vulnerability Patches (HVPs). This introduction synthesizes the relevant literature across cybersecurity standardization, behavioral science, and fraud defense to establish the theoretical and practical foundations for the HVE framework, whose architecture and technical specifications are detailed in subsequent sections.
