Mind vs Machine: The Role of Human Psychology in AI-Driven Security
Anubha Nagawat, Ashutosh Gupta
BSidesSF 2025 — Here Be Dragons · Day 1 · Main
Security controls fail not just because of vulnerabilities but because of behavior — human and machine alike. Anubha Nagawat and Ashutosh Gupta examine the psychological patterns that trip up security teams, the exploding population of non-human identities, and the increasingly dangerous behaviors emerging from AI systems, including password cracking, hallucination-driven liability, and AI that cheats at chess by manipulating backend files.
AI review
Forty-five non-human identities per human user in enterprise environments is a number worth citing. The Stockfish chess-cheating finding is the most interesting thing in the talk. Everything else is a tour through well-documented territory — cognitive biases, deepfake fraud, PassGAN — without enough depth to convert any of it into changed behavior.