Traditional cybersecurity defenses assume attackers are fully rational, overlooking their inherent cognitive constraints and biases. This paper proposes GAMBiT—the first proactive defense framework that explicitly models attacker cognitive states within adversarial game-theoretic interactions. GAMBiT embeds cognitive sensors and triggers to detect real-time deviations—including loss aversion, base-rate neglect, and sunk-cost fallacy—and dynamically intervenes in the attacker’s decision-making process. By shifting from passive protection to active cognitive manipulation, GAMBiT establishes the first systematic methodology for modeling and strategically exploiting psychological biases in cyber defense. Three controlled human-subject experiments (n = 61) demonstrate that GAMBiT significantly reduces attack task completion rates, induces substantial path deviation from optimal strategies, and increases behavioral detectability—collectively degrading attacker efficiency. The results validate the feasibility and efficacy of cognition-aware, game-theoretic active defense.

This paper introduces GAMBiT (Guarding Against Malicious Biased Threats), a cognitive-informed cyber defense framework that leverages deviations from human rationality as a new defensive surface. Conventional cyber defenses assume rational, utility-maximizing attackers, yet real-world adversaries exhibit cognitive constraints and biases that shape their interactions with complex digital systems. GAMBiT embeds insights from cognitive science into cyber environments through cognitive triggers, which activate biases such as loss aversion, base-rate neglect, and sunk-cost fallacy, and through newly developed cognitive sensors that infer attackers' cognitive states from behavioral and network data. Three rounds of human-subject experiments (total n=61) in a simulated small business network demonstrate that these manipulations significantly disrupt attacker performance, reducing mission progress, diverting actions off the true attack path, and increasing detectability. These results demonstrate that cognitive biases can be systematically triggered to degrade the attacker's efficiency and enhance the defender's advantage. GAMBiT establishes a new paradigm in which the attacker's mind becomes part of the battlefield and cognitive manipulation becomes a proactive vector for cyber defense.