We are researchers from Wolfpack Security and Privacy Research Lab (WSPR) and North Carolina State University conducting a study on the use of agentic AI in cybersecurity.
This study concerns how agentic AI systems are used in adversarial settings, and how experienced practitioners deliberate about delegation, oversight, and intervention during complex and exploratory tasks.
We are part of Secure Software Supply Chain Center (S3C2), a multi-institutional research enterprise with the goal of securing the software supply chain.
What this study is about
Agentic AI is increasingly integrated into security work, including offensive and defensive contexts. In practice, these systems differ widely in how much autonomy they are granted, how they are supervised, and how practitioners intervene when tasks evolve in unexpected ways.
We want to learn more about how autonomy is granted, constrained and reconsidered in ongoing security work. We are interested in how these decisions shape practitioners’ approaches to control, responsibility, and judgment under adversarial conditions.
Interview Participation
We are looking to interview senior security researchers and practitioners who use agentic AI in their security work.
What participation looks like
- Format: One online semi-structured (conversational, exploratory) interview
- Estimated time: Approximately 60 minutes
- Compensation: $60 USD (as Amazon.com voucher)
- Data usage: Any participant data used will be de-identified for potential direct or quasi-identifiers
- Scheduling: Interview times can be scheduled based on your availability
- Contact: Alexander Cooper (ahcoope3@ncsu.edu)
Area of Focus
This study aims to better understand emerging practices around autonomy and control in cybersecurity. Specifically, we’re interested in:
- How autonomy is changing as agentic systems are introduced, including how practitioners reason about granting, constraining, or revising system autonomy.
- How these changes shape deliberation around responsibility, accountability, and ethical judgment.
Example Interview Questions
- What kinds of security work are you using agents for? Where do you see their strengths? What are their drawbacks?
- Where do you see agent guardrails fail or get bypassed? Where do they correctly shape behavior?
Data Handling
This study is being conducted under approval of North Carolina State University’s Institutional Review Board (IRB) (email: IRB-Director@ncsu.edu, phone: 1-919-515-8754).
To maintain participant privacy and confidentiality, the research team will:
- Destroy interview recordings after transcription
- De-identify all transcripts and any data used in publication.
- Restrict data access to only researchers directly participating in this study
- Store data locally on a virtually encrypted disk
- Process any interview data offline
Contact and Next Steps
If you are interested in learning more about the study or participating in an interview, you are welcome to e-mail Alex at ahcoope3@ncsu.edu or respond to any outreach email you may have received.
Researchers
All researchers are affiliated with North Carolina State University.
| Alexander Cooper | PhD Student (NC State) |
| Dominik Wermke | Assistant Professor (NC State) |