Structured Prompt Engineering for Vulnerability Report Tailoring: Addressing Challenges in University Environments

Artificial intelligence has the potential to support human-centered design by adapting complex information to specific target groups. In this work, our complex information is scan reports from a vulnerability scanner, and our target groups are local system administrators (LSAs), who are responsible for fixing vulnerabilities in heterogeneous university environments. Such LSAs frequently have limited time, heterogeneous IT security knowledge, and inconsistent self-assessment of their abilities to mitigate complex security vulnerabilities. Our previous work has shown that LSAs are more capable of mitigating such vulnerabilities when supported by scan reports that have been rewritten and enhanced by an LLM. In this paper, we present our ongoing work on tailoring this LLM rewriting for four different LSA groups. In particular, we develop four different LLM prompting strategies, together with a study design, to examine the extent to which the revised prompts will improve the comprehensibility, perceived usefulness, and practical support of the rewritten scan reports. Thus, we aim to contribute to ongoing discussions about the role of AI in supporting usability, trust, and effective deployment in the context of usable IT security.