Skip to main content

CAIRS-A11Y

Full name: Cybersecurity AI Accessibility Readiness Profile

Tagline: Making cybersecurity AI accessible, explainable, and protective for everyone.

Author: Sternly Simon

Organisation: Cyber Development

Copyright: © 2026 Sternly Simon. All rights reserved unless otherwise stated in the repository licence.

CAIRS-A11Y is an accessibility-by-design profile within the Cybersecurity AI Readiness Standard. It helps organisations assess whether AI-powered cybersecurity tools, AI security agents, cyber awareness systems, SOC dashboards, vulnerability management platforms, and security decision-support systems are accessible and protective for users with disabilities, including blind, deaf, mobility-impaired, neurodivergent, elderly, and low-literacy users.

CAIRS-A11Y is an original CAIRS profile proposed by Sternly Simon to address the accessibility gap in AI-driven cybersecurity systems. It builds on established accessibility and AI governance principles, including A11Y, WCAG, assistive technology, trustworthy AI, AI risk management, and cybersecurity readiness practices, but applies them specifically to cybersecurity AI readiness, assistive security agents, inclusive cyber awareness, accessible cyber risk communication, and protection for users with disabilities.

CAIRS-A11Y is a CAIRS community profile authored by Sternly Simon. It is not an official W3C, NIST, OWASP, ISO, or FIRST standard.

Overview

Cybersecurity AI must be inclusive by design. As AI becomes the interface through which users understand cyber threats, fraud, phishing, impersonation, permissions, privacy, and digital risk, inaccessible AI security systems can create a new digital divide.

CAIRS-A11Y provides a readiness profile for making AI-powered security systems usable, understandable, and protective for everyone. It treats accessibility as part of cybersecurity assurance because security guidance that cannot be perceived, understood, trusted, or acted on can leave people exposed.

Why CAIRS-A11Y Matters

  • AI security tools are often designed for technical users without considering disability access.
  • Blind users may need screen-reader-compatible phishing and fraud warnings.
  • Deaf users may need visual-first alerts, captions, transcripts, and non-audio security confirmations.
  • Mobility-impaired users may need low-interaction workflows, voice options, switch controls, and keyboard-only operation.
  • Neurodivergent users may need plain-language explanations, predictable interaction flows, reduced cognitive overload, and non-alarming warnings.
  • Elderly and low-literacy users may need simplified risk explanations and assisted decision support.
  • AI agents with personal context and device permissions may increase privacy, fraud, impersonation, and consent risks if not governed properly.

CAIRS-A11Y Core Domains

DomainDescription
Accessible AI Security InterfacesSecurity AI tools must work with screen readers, keyboard navigation, captions, transcripts, assistive technologies, and accessible layouts.
Multimodal Cyber AlertingSecurity alerts should be available through text, audio, visual, haptic, captioned, and simplified formats.
Inclusive Risk ExplanationAI systems should explain phishing, malware, impersonation, privacy, and permission risks in plain language.
Assistive Security AgentsAI agents should help users make safer security decisions without taking unsafe actions silently.
Accessible Consent and PermissionsAI permissions must be understandable, granular, reversible, and accessible to users with different abilities.
Anti-Impersonation ProtectionAI security systems should help detect voice, text, video, and deepfake impersonation attempts.
Human-in-the-Loop EscalationUsers must be able to escalate uncertain or high-risk security decisions to trusted humans or support channels.
Accessibility Testing and AssuranceAI cybersecurity tools should be tested for accessibility, usability, security, prompt injection, privacy, and adversarial misuse.
Vulnerable User ProtectionSystems should include safeguards for disabled users, elderly users, children, and users with low digital literacy.
Governance and ComplianceCAIRS-A11Y should align with accessibility standards, privacy law, trustworthy AI principles, and cybersecurity governance.

CAIRS-A11Y Maturity Model

LevelMaturity stateDescription
Level 0ExclusionaryNo accessibility consideration in cybersecurity AI systems.
Level 1Ad HocBasic accessibility features exist but are inconsistent and not tested.
Level 2RepeatableSome accessible alerts, documentation, and user-facing security guidance are available.
Level 3DefinedAccessibility requirements are embedded into cybersecurity AI design and procurement.
Level 4ManagedAccessibility is tested, measured, audited, and improved across AI security workflows.
Level 5Inclusive-by-DesignAI security systems are adaptive, assistive, multimodal, explainable, and continuously validated for diverse users.

Example Use Cases

  • Blind user receives a screen-reader-friendly phishing warning with plain-language explanation.
  • Deaf user receives a visual incident alert with captions and written next steps.
  • Elderly user receives simplified fraud risk guidance before approving a suspicious payment or message.
  • Neurodivergent user receives calm, structured, non-alarming security explanations.
  • Security analyst with mobility impairment uses keyboard-only or voice-assisted SOC workflows.
  • Enterprise security team assesses whether an AI SOC dashboard is accessible before procurement.
  • Screen-reader compatibility
  • Keyboard-only navigation
  • Captioned and transcript-based AI responses
  • Plain-language risk explanation
  • Accessible AI permission prompts
  • Read-only mode by default for assistive agents
  • Strong confirmation for high-risk actions
  • AI action logs available to the user
  • Human escalation for uncertain security decisions
  • Anti-impersonation warnings
  • Prompt injection resilience
  • Privacy-preserving personalisation
  • Accessibility testing in security QA
  • Inclusive security awareness training
  • Vendor accessibility review for AI security tools

Research and Standards Alignment

CAIRS-A11Y should reference and align with:

  • WCAG accessibility principles
  • A11Y accessibility practices
  • NIST AI Risk Management Framework
  • Secure-by-design AI governance
  • Privacy-by-design
  • Human-centred cybersecurity
  • Assistive technology principles
  • Cybersecurity AI readiness and assurance

Alignment means CAIRS-A11Y should use these bodies of work as references and compatibility points. It does not mean CAIRS-A11Y is endorsed by, maintained by, or equivalent to any official W3C, NIST, OWASP, ISO, or FIRST standard.

Contribution Scope

Community contributions to CAIRS-A11Y should focus on public framework content, test criteria, accessibility assurance practices, examples, mappings, control language, and review feedback. Contributors should not submit private user data, private source code, accessibility test results containing sensitive user information, credentials, or restricted security data.