85% of data breaches involve human factors, yet most security tools focus on technical vulnerabilities. I built a framework that uses small language models (under 3B parameters) to detect psychological vulnerability patterns in communications before they can be exploited.
The core insight: humans reveal psychological states through subtle linguistic patterns that traditional rule-based systems miss. Authority pressure, time manipulation, and social engineering attacks have identifiable signatures that SLMs can detect with 80-85% accuracy in under 500ms.
Technical approach:
Fine-tuned Phi-3 Mini on synthetic data mapping 100 psychological indicators across 10 vulnerability categories
Implemented differential privacy (epsilon < 0.8) to prevent individual profiling while enabling aggregate analysis
Real-time inference with quantization and ONNX optimization for edge deployment
Complete Docker stack with SIEM integration patterns
Key challenges solved:
Privacy-preserving psychological assessment in workplace environments
Balancing accuracy vs inference speed for real-time security operations
Creating synthetic training data that captures psychological manipulation patterns
Integrating with existing security workflows (Splunk, Phantom, etc.)
The framework moves beyond "train users to be more secure" (which doesn't work) toward "predict when users are vulnerable" (which does). Early pilot shows 47% reduction in successful social engineering attacks.
I've released two implementation guides: a 7-page quick-start for prototyping and a 67-page production deployment guide with complete working code. Both include validation methodologies for measuring real-world effectiveness.
The approach generalizes beyond security - any domain where psychological states influence decision-making could benefit from this predictive capability.
Code and documentation: [link to repository]
Live demo: [link to Hugging Face Space]
What are your thoughts on using psychological frameworks in AI systems? Have you encountered similar challenges with human factors in security?
MattSayar•11h ago
It's nice to see people putting effort into tackling things from the human side outside of phishing awareness campaigns and annual training. Even CrowdStrike noted in their annual report that something like 70% of successful attacks were interactive intrusions without malware.
I'm on my phone and can't dive deep right now, but are you able to create detections in SIEMs to identify these kinds of users and behaviors based on this research?
kaolay•12h ago
Fine-tuned Phi-3 Mini on synthetic data mapping 100 psychological indicators across 10 vulnerability categories Implemented differential privacy (epsilon < 0.8) to prevent individual profiling while enabling aggregate analysis Real-time inference with quantization and ONNX optimization for edge deployment Complete Docker stack with SIEM integration patterns
Key challenges solved:
Privacy-preserving psychological assessment in workplace environments Balancing accuracy vs inference speed for real-time security operations Creating synthetic training data that captures psychological manipulation patterns Integrating with existing security workflows (Splunk, Phantom, etc.)
The framework moves beyond "train users to be more secure" (which doesn't work) toward "predict when users are vulnerable" (which does). Early pilot shows 47% reduction in successful social engineering attacks. I've released two implementation guides: a 7-page quick-start for prototyping and a 67-page production deployment guide with complete working code. Both include validation methodologies for measuring real-world effectiveness. The approach generalizes beyond security - any domain where psychological states influence decision-making could benefit from this predictive capability. Code and documentation: [link to repository] Live demo: [link to Hugging Face Space] What are your thoughts on using psychological frameworks in AI systems? Have you encountered similar challenges with human factors in security?
MattSayar•11h ago
I'm on my phone and can't dive deep right now, but are you able to create detections in SIEMs to identify these kinds of users and behaviors based on this research?