LLMPathy:A Multi-Agent LLM Approach for Eliciting Inclusive Security Requirements

Abstract

With a surge in cyber attacks targeted towards exploiting the human element of cybersecurity, it is vital to account for the diverse abilities and limitations of users. These limitations, whether temporary or permanent, physical or cognitive, acquired or congenital, vary in severity and deeply influence security related behaviour of users and give rise to a critical question: Should cognitively impaired users be held accountable if their actions result in a security breach? This paper presents a five-step approach that uses multi-agent large language models (LLMs) to identify inclusivity concerns and refine security requirements accordingly. The proposed approach (LLMPathy) is validated through a realistic use case, demonstrating its usability, effectiveness, and potential for adoption in real-world scenarios