Abstract

This poster presents a socio-technical approach to security threat planning to create a "living persona repository". Addressing the challenge that information system failures are often behavioral rather than technical, the research explores using personas as crash dummies in security and privacy design. The study employed a Human-AI Peering strategy, integrating GPT-4 as an independent second reviewer to conduct a systematic literature review. This methodology proved resource-efficient, with iterative prompt engineering increasing human-AI agreement from 51% to 73%. The resulting repository identifies 128 personas across healthcare, finance, and government sectors. Ultimately, the authors recommend using these dynamic, LLM-driven personas to reveal workflow conflicts and test system resilience against adaptive threat actors. Besides recommendations to secure by design practices, the study provide a case study of human-ai partnership in research.