* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://origin-researchcenter.paloaltonetworks.com/blog/corporate/)
* [AI Security](https://origin-researchcenter.paloaltonetworks.com/blog/category/ai-security/)
* Security by Design --- UX a...

# Security by Design --- UX and AI in Modern Cybersecurity

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2025%2F07%2Fsecurity-by-design-ux-ai-modern-cybersecurity%2F)  
[](https://twitter.com/share?text=Security+by+Design+%E2%80%94+UX+and+AI+in+Modern+Cybersecurity&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2025%2F07%2Fsecurity-by-design-ux-ai-modern-cybersecurity%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2025%2F07%2Fsecurity-by-design-ux-ai-modern-cybersecurity%2F&title=Security+by+Design+%E2%80%94+UX+and+AI+in+Modern+Cybersecurity&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/2025/07/security-by-design-ux-ai-modern-cybersecurity/&ts=markdown)  
\[\](mailto:?subject=Security by Design — UX and AI in Modern Cybersecurity)  
Link copied  
By [Dena De Angelo](https://www.paloaltonetworks.com/blog/author/ddeangelo/?ts=markdown "Posts by Dena De Angelo")  
Jul 24, 2025  
6 minutes  
[AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown)  
[Interview](https://www.paloaltonetworks.com/blog/category/interview/?ts=markdown)  
[Arcade](https://www.paloaltonetworks.com/blog/tag/arcade/?ts=markdown)  
[Beyond the Code](https://www.paloaltonetworks.com/blog/tag/beyond-the-code/?ts=markdown)  
[podcast](https://www.paloaltonetworks.com/blog/tag/podcast/?ts=markdown)  
[user experience](https://www.paloaltonetworks.com/blog/tag/user-experience/?ts=markdown)

> Good design is actually a lot harder to notice than poor design, in part because good designs fit our needs so well that the design is invisible, serving us without drawing attention to itself.

*--- Don Norman, "The Father of User Experience"*

In a recent Threat Vector podcast, host David Moulton sat down with Nelson Lee to discuss how user experience and artificial intelligence are revolutionizing cybersecurity operations.

In an industry often dominated by technical capabilities and threat intelligence, the human experience of using security tools frequently takes a backseat. Nelson Lee, who leads product engineering at Palo Alto Networks, brought a refreshing perspective shaped by his experience at consumer tech giants, Google and Apple. His insights revealed how thoughtful design and emerging AI technologies are reshaping cybersecurity operations from the ground up.

## **The Critical Role of UX in Security Tools**

Security tools often present a unique design challenge. They must balance comprehensive functionality with operational simplicity. As Lee explained, the cybersecurity domain involves extraordinarily complex datasets, threat scenarios and response options that must be made accessible to human operators under significant time pressure and constraints.

"Security analysts are drowning in information but starving for context," Lee noted. "The tools we build need to cut through the noise and highlight what matters, when it matters."

This complexity creates real consequences. When security tools are difficult to use, practitioners avoid them or use them inefficiently. In contrast, intuitive interfaces drive adoption, loyalty and proficiency. Lee pointed out that humans are "fundamentally lazy"--- not in a negative way, but in how we naturally conserve energy.

We gravitate toward tools that make our jobs easier and avoid those that create friction. This reflects Don Norman's concept of affordances, where good tools make their functions obvious through design. When security interfaces fail to provide clear affordances, making actions possible but not discoverable, users struggle to leverage the tool's full capabilities.

Lee highlighted a clear example with [Arcade](https://www.paloaltonetworks.com/resources/ebooks/unit42-retainer-tour), the Palo Alto Networks platform for [retainer services](https://www.paloaltonetworks.com/resources/datasheets/unit42-retainer) for Unit 42 -- their threat intelligence arm. Before Arcade, security teams would waste valuable time digging through emails for contact information during critical incidents. It's not so efficient when every minute counts during a breach. To help combat such inconveniences, Arcade now enables one-click incident response, providing immediate access to crucial information, precisely when teams need it most.

## **Building Information Architecture for Complex Security Operations**

So, how do you make complex security workflows intuitive without oversimplification? Lee emphasized the foundational importance of information architecture -- how we organize and structure information to make it accessible and understandable.

"This concept of information architecture is really important," Lee noted. "We as humans like to categorize things and understand: 'OK, that's an incident. What's an incident? How does that relate to an alert?'"

The right information architecture creates an intuitive understanding of how different elements relate to each other. It should be discoverable without requiring a manual. Lee recommended a "breadth-first" approach to UX design, where users start with a high-level view before drilling down into specific areas.

## **AI as a Transformative Force in Security UX**

When discussing the future of security interfaces, Lee became energized about the potential of large language models (LLMs) and generative AI. Far from just augmenting existing interfaces, he sees AI fundamentally transforming how we interact with security systems.

"LLMs have been absolutely mind-blowing for me as far as the last two years in playing in this space. In regards to UX, I actually think LLMs deeply simplify UI and UX," Lee explained. "The beautiful thing about an LLM is it's like talking to someone...almost all the information you can get. If you can ask the right question and someone just gives the answer, that's the easiest. You don't have to go fumbling or hunting through a UI or dashboard."

The conversational approach enabled by LLMs represents a paradigm shift in human-computer interaction, moving from visual interfaces requiring navigation to conversational interfaces that deliver exactly what you need without hunting for it. As Lee predicted, "It's going to be much more natural, much more like how we talk to one another."

## **Designing for Trust in AI-Powered Security**

Despite the promise, Lee acknowledged the challenges of AI hallucinations and accuracy. The solution lies in thoughtful design choices that enhance trust and verification:

* Creating UIs that make verification seamless, such as hover interfaces that display source content.
* Running queries through multiple models and comparing results.
* Building verification into the workflow, rather than adding it as an extra step.

Lee observed:

> From what I've seen personally, yes, it might create more problems, but the value it brings is tremendously more than that.

## **Measuring Success in Security UX**

How do you know if your security UX improvements are working? Lee recommended a combination of quantitative metrics (user engagement, task completion rates) and qualitative feedback. The most important questions remain: Are you solving a real problem, and what is the impact of the problem you are solving?

Early in development, qualitative feedback from design partners helps shape the experience. Once deployed at scale, quantitative metrics reveal how the solution performs across a wider user base and different use cases.

When measuring the impact of security UX improvements, organizations should consider tracking these key quantitative indicators:

* **Engagement Patterns** -- Frequency of tool usage, feature adoption rates and depth of interaction with security dashboards.
* **Efficiency Indicators** -- Number of steps required to complete common security workflows and rate of successful task completion on the first attempt.
* **Error Reduction** -- Frequency of user mistakes during critical security procedures and number of help desk tickets related to tool usability.

On the qualitative side, that could mean:

* **Contextual Feedback** -- Structured interviews with security analysts about their workflow challenges and improvements.
* **Sentiment Analysis** -- How security teams feel about using the tools during high-pressure incidents.
* **Pain Point Identification** -- Specific frustrations that persist with current interfaces.
* **Mental Model Alignment** -- Whether the tool's organization matches how security teams naturally think about threats and responses.

## **The Future Is a Frictionless Security Experience**

When asked about his vision for the future of security, Lee described a world where systems work intelligently in the background:

> I want eyes and ears all the time watching out for me, analyzing what's going on, and telling me what I need to know. I have systems, solutions, sensors all working together, and there's something watching for me and doing the analysis. Ultimately, if something does happen that I need to know about, you'll tell me. And if not, you'll just take care of it. That's the dream -- just keep me secure. I don't even have to worry about it.

This vision of frictionless security experiences, powered by AI and thoughtful design, represents the next frontier for cybersecurity teams. As Lee emphasized, "We're in the middle of a huge paradigm shift. Change is coming -- or it's already here for that matter."

By embracing design principles and emerging AI capabilities, security teams can build tools that not only protect organizations but do so in ways that enhance rather than hinder human capabilities.

[Listen to the Threat Vector episode Smart UX, Safer Systems with Nelson Lee now](https://www.paloaltonetworks.com/resources/podcasts/threat-vector-smart-ux-safer-systems).

*** ** * ** ***

## Related Blogs

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Interview](https://www.paloaltonetworks.com/blog/category/interview/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [People of Palo Alto Networks](https://www.paloaltonetworks.com/blog/category/people-of-palo-alto-networks/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### When Security Becomes an Afterthought](https://origin-researchcenter.paloaltonetworks.com/blog/2026/02/when-security-becomes-an-afterthought/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Interview](https://www.paloaltonetworks.com/blog/category/interview/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Baby Tigers Bite --- The Hidden Risks of Scaling AI Too Fast](https://origin-researchcenter.paloaltonetworks.com/blog/2025/06/hidden-risks-scaling-ai-too-fast/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Global Reach --- The New Scale of Chinese Cyberthreats](https://origin-researchcenter.paloaltonetworks.com/blog/2025/06/new-scale-chinese-cyberthreats/)

### [AI Governance](https://www.paloaltonetworks.com/blog/category/ai-governance/?ts=markdown), [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Interview](https://www.paloaltonetworks.com/blog/category/interview/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

[#### AI-Driven Security by Palo Alto Networks and IBM](https://origin-researchcenter.paloaltonetworks.com/blog/2025/01/ai-driven-security/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Securing the Agentic Endpoint](https://origin-researchcenter.paloaltonetworks.com/blog/2026/02/securing-the-agentic-endpoint/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Securing Every Identity in the Age of AI](https://origin-researchcenter.paloaltonetworks.com/blog/2026/02/securing-every-identity-in-the-age-of-ai/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language