You Know Why, but Still Rely: The Impact of Explainable AI on Trust, Task Load, and Performance in Cybersecurity Decision-Making

With the increasing digitisation of institutions, the demand for effective cybersecurity measures is rising rapidly. Simultaneously, the complexity and volume of cybersecurity tasks are outpacing the capacity of available practitioners. Leveraging AI to augment human cybersecurity expertise has the potential to reduce complexities and cognitive overload. Transparent and human-understandable insights into AI decisions are not only demanded by governance authorities, such as the EU, but also by practitioners themselves when collaborating with AI in high-risk contexts. We report on a between-subjects study (N = 139) that investigated the effects of explainable AI (XAI) explanations on trust, usability, perceived task load, and collaborative task performance among users with cybersecurity domain knowledge in the context of malicious domain blocking. The provision of explanations in this context did not foster trust; in fact, users with domain knowledge reported lower trust after interaction with XAI. Qualitative results suggest that they apply their own decision-making criteria, and that exposing AI decision boundaries may introduce ambiguity and foster mistrust. Although the inclusion of XAI did not increase perceived task load, it also failed to improve performance. These findings raise important questions about the effectiveness of current XAI approaches in knowledge-centric, decision-making settings and underscore the need for more context-sensitive, user-aligned explanation strategies in cybersecurity.