Automating Cybersecurity Decision‑Making with AI and the Analytic Hierarchy Process

Abstract

Cybersecurity decisions in large organizations routinely require the integration of heterogeneous qualitative and quantitative considerations. The Analytic Hierarchy Process (AHP) offers a principled framework for such multi-criteria settings, yet reliance on human expert panels constrains scalability and cadence. This study examines whether large language model (LLM) agents can substitute for human panels within AHP without compromising methodological discipline. Seven GPT-4 personas are instantiated as virtual experts and coordinated by an AHP guide to structure and evaluate defenses against social-engineering attacks on a corporate data center. The agents elicit criteria and sub-criteria, construct pairwise comparison matrices, and synthesize priorities under standard AHP procedures. Aggregated judgments exhibit strong internal coherence (top-level consistency ratio CR = 0.016; λ_max = 7.13), yielding a stable ranking of alternatives: comprehensive employee training (0.2774), advanced intrusion detection (0.2240), cloud-based data backup (0.1938), targeted refresher training for security staff (0.1795), and physical barrier enhancements (0.1254). The results indicate that GPT-4 agents can emulate expert judgment for multi-criteria cybersecurity decisions at materially lower cost than human panels, while preserving the methodological rigor of AHP.