Alert Fatigue in Security Operations
The degradation of human attention and response quality when overwhelmed by too many alerts, a canonical example of human-AI system failure that generalizes beyond security.
The SOC Problem
Security Operations Centers receive thousands of alerts daily. When most are false positives, analysts:
- Stop investigating carefully
- Miss real threats buried in noise
- Develop workarounds that bypass alerts
- Experience burnout and turnover
Generalization to AI Systems
Any AI system generating alerts/recommendations risks the same pattern:
- High-volume, low-precision outputs degrade human attention
- Users learn to ignore the AI
- System becomes worse than useless (consumes attention without adding value)
Design Implications
- Precision matters more than recall for alert systems
- User attention is a finite resource to be spent carefully
- Escalation tiers can manage volume
- Feedback loops essential for continuous calibration
Related: 01-atom—human-in-the-loop, 07-molecule—ui-as-ultimate-guardrail