CAI Fluency: A Framework for Cybersecurity AI Fluency

TL;DR

CAI Fluency presents an educational framework for cybersecurity AI fluency that extends the Framework for AI Fluency to security contexts, emphasizing three interaction modalities (Automation, Augmentation, Agency) and the 4 C’s (Command, Communication, Critique, Custody). It integrates this framework with CAI’s architecture (Agents, Tools, Handoffs, Patterns, Turns, Tracing, HITL) and defines a 6-level cybersecurity automation taxonomy to guide deployment from manual to autonomous AI. The work provides theoretical foundations, practical patterns, and step-by-step getting started guidance, aiming to democratize access to AI-enabled cybersecurity tools via open-source resources and comprehensive pedagogy. The approach emphasizes transparency, ethical use, and human-in-the-loop oversight to ensure responsible security research and deployment, while enabling scalable, multi-agent cooperation across security tasks. Collectively, the paper outlines a principled, educational path to harness AI in offensive and defensive cybersecurity with practical tooling, documentation, and community-oriented development.

Abstract

This work introduces CAI Fluency, an an educational platform of the Cybersecurity AI (CAI) framework dedicated to democratizing the knowledge and application of cybersecurity AI tools in the global security community. The main objective of the CAI framework is to accelerate the widespread adoption and effective use of artificial intelligence-based cybersecurity solutions, pathing the way to vibe-hacking, the cybersecurity analogon to vibe-coding. CAI Fluency builds upon the Framework for AI Fluency, adapting its three modalities of human-AI interaction and four core competencies specifically for cybersecurity applications. This theoretical foundation ensures that practitioners develop not just technical skills, but also the critical thinking and ethical awareness necessary for responsible AI use in security contexts. This technical report serves as a white-paper, as well as detailed educational and practical guide that helps users understand the principles behind the CAI framework, and educates them how to apply this knowledge in their projects and real-world security contexts.

Figures (18)

• Figure 1: CAI Fluency – A new platform dedicated to education and documentation on cybersecurity AI.
• Figure 2: The three modalities of Human-AI interaction in cybersecurity contexts, showing the progression from automation through augmentation to agency, aligned with CAI automation levels.
• Figure 3: The relationship between cybersecurity AI automation levels (0-5) and the three modalities of interaction, showing how different levels of automation align with different interaction patterns in CAI.
• Figure 4: The 4 C's framework for Cybersecurity AI Fluency, showing the four core competencies (Command, Communication, Critique, and Custody) with their respective subcategories tailored for security practitioners.
• Figure 5: Conceptual Drawing: Key Steps in ReAct agent models.