Symbiotic Human–AI Collaboration for Augmented Cybersecurity Operations
DOI:
https://doi.org/10.1609/aaaiss.v6i1.36072Abstract
Security Operations Centres (SOCs) face mounting cognitive and operational demands as cyber threats increase in scale and complexity. This paper proposes a human-AI collaboration framework to augment SOC effectiveness through cognitive profiling and agentic coordination. We map 29 core SOC functions across three cognitive dimensions, thinking mode, attention level, and coordination context, revealing a concentration of tasks in cognitively saturated zones requiring slow thinking, high attention, or collective decision-making. To address these challenges, we introduce a multi-agent architecture grounded in the Belief–Desire–Intention (BDI) model and structured by an extended VOWEL+U framework that embeds human oversight into agentic ecosystems. We define four AI agent roles, Assistant, Auto-Pilot, Companion, and Operator, aligned with operational autonomy levels to support function-specific delegation. Building on this, we propose a new SOC function: Agent Collaboration and Oversight (F30), reflecting the emerging need for human supervision and configuration of agentic behaviour. Together, these contributions outline a path toward symbiotic human-AI SOCs, which can shift cognitive load, enhance decision quality, and ensure accountable, adaptive cyberdefence.
Downloads
Published
2025-08-01
How to Cite
Yaich, R., Balondrade, A., Sicard, A., Fouquiau, C., Giraud, G., Amokrane-Ferka, K., & Arbaretier, E. (2025). Symbiotic Human–AI Collaboration for Augmented Cybersecurity Operations. Proceedings of the AAAI Symposium Series, 6(1), 350-358. https://doi.org/10.1609/aaaiss.v6i1.36072
Issue
Section
Human-AI Collaboration: Exploring Diversity of Human Cognitive Abilities and Varied AI Models for Hybrid Intelligent Systems
