2025-10-14 –, Main Track
Consumer cyber safety is rapidly evolving, with humans increasingly becoming the primary attack surface. In today’s online environment, users face a constant barrage of scams that are growing in sophistication. Keeping up with the changing tactics of threat actors is a challenge even for experienced users, and traditional security solutions are often not enough to prevent manipulation through social engineering.
This presentation introduces a user-centric threat advisory tool designed to bridge this gap. Acting as standalone anti-scam feature and a second-opinion assistant, it helps users interpret potentially dangerous content such as suspicious messages or websites by offering clear, contextual explanations. Rather than replacing existing endpoint protection, it complements it by enhancing user awareness and supporting better decision-making in real time.
We will explore the core functional elements of the tool and evaluate its potential to reduce the impact of impersonating scams and social engineering attacks, an area where traditional AV solutions can struggle.
A key question raised is whether AI-driven solutions can operate effectively on their own, or whether human expertise remains essential to ensuring accuracy and usability. The presentation will examine how the combination of expert input and AI that goes beyond traditional detection methods by knowing context and/or analyzing the intent across SMS, email, and web can improve threat interpretation and user trust, particularly in edge cases where nuance matters.
Finally, we will touch on the implications for testing methodologies. When human interaction significantly influences the outcome, how should such tools be evaluated? This remains an open question, and the audience will be invited to contribute their perspective after the session.
Key takeaways / learning objectives
- User-Centric detection and advisory tools complement AV not replacing it
- While AI provides fast, scalable insights, human expertise remains vital to improve accuracy, context, and trust
- When user interaction influences outcomes, testers must develop new strategies to fairly and effectively assess such tools
- The presentation raises an open question for the AV testing community:
How do we design tests for tools where human behavior can change the final outcome?
Detailed Description: The goal here is to open a topic of a new solution which interact with a human and how such interaction can chang the current ecosystem. With interaction and using more information from user beyond what can be reach from text or code, it open a new ways of protection and it also open a way how to provide education. This introduces fresh challenges and opportunities for testing, as it changes how protection solutions are evaluated beyond just detection accuracy.
Outline: Description of the current problems, what are the current issues and how to face those in a solution which works both as a standalone as well as second opinion anti-scam solution complementing regular AV. How such solution can change the testing perspective of current solutions when human interaction is in play?
Intended Audience: Testers
Jan Sirmer is Director of Threat Defense and Operations at GEN Digital. He specializes in analyzing malicious Java threats, Android applications and exploits, macro viruses, web-based, and other non-executable threats. Over the course of his career, Jan has authored numerous blog posts on phishing attacks, malicious web exploits, and Android malware.
He has also presented his research at security conferences, including AVAR, Botconf, CARO, FIRST, RSA, and Virus Bulletin.