APPLICATION OF EXPLAINED ARTIFICIAL INTELLIGENCE TO ASSESS INFORMATION SECURITY RISKS
DOI:
https://doi.org/10.28925/2663-4023.2026.33.1286Keywords:
information security; cybersecurity; cognitive modeling; artificial intelligence; explainable AI; risk assessment; intelligent risk analysis; adaptive models.Abstract
The article considers modern approaches to the analysis and assessment of information security risks with an emphasis on the application of artificial intelligence (AI) methods. A systematic review of classical qualitative, quantitative and hybrid risk management methods is conducted in the context of increasing complexity of cyber threats, dynamic changes in attack vectors and rapid adaptation of attackers. Based on the analysis of scientific literature, the need to transition from static procedures to adaptive models that rely on objective data and analytics and provide continuous monitoring, self-learning and operational updating of risk assessments is substantiated. Classes of intelligent methods are considered - expert intelligent systems, probabilistic-statistical models, neural network approaches, hybrid AI systems and behavioral analysis systems - their advantages, limitations and areas of application in the tasks of anomaly detection, incident forecasting and response automation. Special attention is paid to the role of explainable AI (XAI) in increasing the transparency of decision-making, the possibility of auditing models, and trust from users and regulators. Specific risks associated with the use of AI in cybersecurity are analyzed, in particular the vulnerability of intelligent systems themselves to specialized attacks, and directions for their mitigation through combined technical and organizational measures are proposed. Recommendations are given for the integration of AI components into educational programs for training cybersecurity specialists, which include the formation of competencies in the field of machine learning, interpretability of models, and safe deployment practices. Based on a comparative analysis, conceptual provisions are proposed for building an adaptive risk assessment method that combines automated threat detection, probabilistic assessment of consequences, and mechanisms for explaining results for making informed management decisions. To verify the method, five application scenarios were developed that allow testing the functional capability of the method in identifying hidden threats, ranking impact factors, and using it in training cases. The practical significance of the work lies in the formation of a methodological basis for the implementation of intelligent risk management systems in critical information infrastructures and organizations of various levels, as well as in determining the priorities of further research in the field of safe and transparent use of AI in cyberspace.
Downloads
References
Mirtaheric, S. L., et al. (2025). Cybersecurity in the age of generative AI: A systematic taxonomy of AI-powered vulnerability assessment and risk management. Future Generation Computer Systems. https://iris.unipa.it/retrieve/9073d615-0bc5-405b-a240-e043431d85fc/cyber_compressed.pdf
Uddin, M., Irshad, M. S., Kandhro, I. A., Alanazi, F., Ahmed, F., & Ullah, S. S. (2025). Generative AI revolution in cybersecurity: A comprehensive review of threat intelligence and operations. Artificial Intelligence Review, 58, Article 236. https://doi.org/10.1007/s10462-025-11219-5
Hamid, I., & Rahman, M. M. H. (2025). AI, machine learning and deep learning in cyber risk management: A review. Discover Sustainability, 6(1), Article 112. https://doi.org/10.1007/s43621-025-01012-3
Razavi, H., Franco, M. F., Ouaissa, M., Ouaissa, M., & Srivastava, G. (Eds.). (2026). AI-driven cyber risk management (1st ed.). River Publishers. https://doi.org/10.1201/9788743808077
Mohamed, N. (2025). Artificial intelligence and machine learning in cybersecurity: A deep dive into state-of-the-art techniques and future paradigms. Knowledge and Information Systems, 67, 6969-7055. https://doi.org/10.1007/s10115-025-02429-y
Ali, S. M., Razzaque, A., Abbass, H., & Yousaf, M. (2025). A novel AI-based integrated cybersecurity risk assessment framework and resilience of national critical infrastructure. IEEE Access, 13, 12427-12446. https://doi.org/10.1109/ACCESS.2024.3524884
Zeijlemaker, S., Lemiesa, Y. K., Schröer, S. L., Abhishta, A., & Siegel, M. (2025). How does AI transform cyber risk management? Systems, 13(10), 835. https://doi.org/10.3390/systems13100835
Aydin, Y. (2025). CIA+TA risk assessment framework for AI reasoning vulnerabilities. arXiv. https://arxiv.org/abs/2508.15839
Shapira, B., et al. (2025). FRAME: A risk assessment framework for adversarial machine learning systems. arXiv. https://arxiv.org/abs/2508.17405
Tian, J. (2025). Integrating artificial intelligence into the cybersecurity curriculum in higher education: A systematic literature review. Education Sciences, 15(11), 1540. https://doi.org/10.3390/educsci15111540
Lysetskyi, Y. M. (2025). Artificial intelligence in cybersecurity. Military Strategy and Technology, 3(3), 94-99. https://doi.org/10.63978/3083-6476.2025.3.3.08
Islam, S., et al. (2026). Hybrid AI-based dynamic risk assessment framework with explainable AI for cybersecurity applications. International Journal of Information Security. Advance online publication. https://doi.org/10.1007/s10207-026-01218-0
Sukailo, I., & Korshun, N. (2022). The impact of NLU and generative AI on the development of cyber defense systems. Cybersecurity: Education, Science, Technique, 2(18), 187–196. https://doi.org/10.28925/2663-4023.2022.18.187196
Ilienko, A., Kryvokulska, O., Yakovenko, O., & Teliushchenko, V. (2026). Intelligent technologies in cybersecurity: Analysis of the potential and challenges of artificial intelligence applications. Cybersecurity: Education, Science, Technique, 4(32), 711-723. https://doi.org/10.28925/2663-4023.2026.32.1139
Dakov, S., Mankovskyi, D., & Bilokon, I. (2024). Artificial intelligence systems in cybersecurity and their capabilities. Security of Information Systems and Technologies, 2(8), 42–48. https://doi.org/10.17721/ISTS.2024.8.42-48
Wisakanto, R., et al. (2025). Adapting probabilistic risk assessment for AI systems: Concepts and applications. arXiv. https://arxiv.org/abs/2504.18536
Okdem, S., & Okdem, S. (2024). Artificial intelligence in cybersecurity: A review and a case study. Applied Sciences, 14(22), 10487. https://doi.org/10.3390/app142210487
Ivanchenko, Y., Averichev, I., & Ryzhakov, M. (2025). Generalized model for forecasting and detecting cybersecurity anomalies based on artificial intelligence. Cybersecurity: Education, Science, Technique, 2(28), 493-510. https://doi.org/10.28925/2663-4023.2025.28.823
Melko, T., & Kotsun, V. (2025). Theoretical and technical aspects of machine learning applications in cybersecurity. Cybersecurity: Education, Science, Technique, 4(28), 162-175. https://doi.org/10.28925/2663-4023.2025.28.774
Haidur, H. I., Hakhov, S. O., & Skybun, O. Z. (2025). Artificial intelligence in critical infrastructure cybersecurity. Modern Information Protection, 4(64), 24-37. https://doi.org/10.31673/2409-7292.2025.041203
Zavrazhnyi, K. Y., & Kulyk, A. K. (2024). Modern challenges of business cybersecurity and the role of artificial intelligence. Economic Bulletin of NTUU KPI, 30, 81-86. https://doi.org/10.20535/2307-5651.30.2024.313042
Zavrazhnyi, K. Y., & Kulyk, A. K. (2024). Methodological foundations for assessing the impact of artificial intelligence on information security of enterprise management systems. Kyiv Economic Scientific Journal, 7, 71–78. https://doi.org/10.32782/2786-765X/2024-7-10
Skitsko, O., Skladannyi, P., Shyrshov, R., Humeniuk, M., & Vorokhob, M. (2023). Threats and risks of artificial intelligence use. Cybersecurity: Education, Science, Technique, 2(22), 6-18. https://doi.org/10.28925/2663-4023.2023.22.618
Kret, T., & Martseniuk, Y. (2025). Integrated approach to threat modeling in artificial intelligence systems. Cybersecurity: Education, Science, Technique, 2(30), 555–567. https://doi.org/10.28925/2663-4023.2025.30.993-
Tkach, Y., Odnokolov, V., & Petrenko, T. (2026). Risks of artificial intelligence implementation: Security, legal, and socio-economic aspects. Technical Sciences and Technologies, 1(43), 90-104. https://doi.org/10.25140/2411-5363-2026-1(43)-90-104
Elkhodr, M., & Gide, E. (2025). Integrating generative AI in cybersecurity education: Case study insights on pedagogical strategies, critical thinking, and responsible AI use. arXiv. https://doi.org/10.48550/arXiv.2502.15357
Hurevych, R., Konoshevskyi, L., Konoshevskyi, O., Voievoda, A., & Liulchak, S. (2024). Integration of artificial intelligence into education: Problems, challenges, threats, and prospects. Modern Information Technologies and Innovative Teaching Methods in Training Specialists: Methodology, Theory, Experience, Problems, 72, 170-186. https://doi.org/10.31652/2412-1142-2024-72-170-186
Grover, S., Broll, B., & Babb, D. (2023). Cybersecurity education in the age of AI: Integrating AI learning into cybersecurity high school curricula. In Proceedings of the 54th ACM Technical Symposium on Computer Science Education (SIGCSE 2023) (pp. 980–986). ACM. https://doi.org/10.1145/3545945.3569750
Shevchenko, H., Shevchenko, S., Zhdanova, Y., Spasiteleva, S., & Negodenko, O. (2021). Information security risk analysis SWOT. In Cybersecurity Providing in Information and Telecommunication Systems (Vol. 2923, pp. 309-317). CEUR Workshop Proceedings. http://ceur-ws.org/Vol-2923/paper34.pdf
Shevchenko, S., Zhdanova, Y., Storozhenko, V., Rashevska, V., & Horbach, V. (2026). Integrated information security risk assessment based on Bayesian networks and maturity auditing. Cybersecurity: Education, Science, Technique, 4(32), 892-907. https://doi.org/10.28925/2663-4023.2026.32.1203
Shevchenko, S., Zhdanova, Y., Kryvytska, O., Shevchenko, H., & Spasiteleva, S. (2024). Fuzzy cognitive mapping as a scenario approach for information security risk analysis. In Cybersecurity Providing in Information and Telecommunication Systems (Vol. 3826, pp. 356–362). CEUR Workshop Proceedings. https://ceur-ws.org/Vol-3826/short28.pdf
Mohamed, N. (2025). A comprehensive framework for cyber threat detection: Leveraging AI, NLP, and malware analysis. International Journal of Information Technology. https://doi.org/10.1007/s41870-025-02466-4
Palko, D., Vialkova, V., & Babenko, T. (2019). Intellectual models for cyber security risk assessment. In Processing, Transmission and Security of Information (Vol. 2, pp. 284-288). Wydawnictwo Naukowe Akademii Techniczno-Humanistycznej w Bielsku-Białej.
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Юлія Жданова, Світлана Шевченко, Оксана Золотухіна, Олена Негоденко
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
