pith. sign in

arxiv: 2604.22866 · v1 · submitted 2026-04-23 · 💻 cs.CR · cs.ET

Risk Models as Mediating Artifacts: A Postphenomenological Analysis of the CIIM Framework in Cybersecurity Practice

Rommel Salas-Guerra This is my paper

Pith reviewed 2026-05-09 21:25 UTC · model grok-4.3

classification 💻 cs.CR cs.ET
keywords cybersecurity risk managementpostphenomenologymediating artifactsCIIM frameworktechnological intentionalityphenomenology of collapseethical design of security tools
0
0 comments X

The pith

Cybersecurity risk models act as mediating artifacts that shape how practitioners perceive and respond to threats.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper applies postphenomenological theory to cybersecurity, claiming that formal risk models function as mediators influencing analysts' perceptions, interpretations, and actions rather than serving as neutral tools. It presents the CIIM framework as an empirical case, where the formula CIIM(t+1) = [A T(t) V(t) E(t)] / R(t) + α P(t) deliberately treats a zero-resilience condition as a genuine systemic collapse instead of smoothing it away. This choice makes organizational fragility visible in a manner concealed by prior CVSS-based and probabilistic models. The time projection and hybrid machine learning components further generate technological intentionality that structures attention and ethical deliberation. A sympathetic reader would care because it reframes model design as a matter of how technology directs human experience and ethical choices in security work.

Core claim

Formal risk models serve as mediating artifacts in the postphenomenological sense, with the CIIM model defined by CIIM(t+1) = [A T(t) V(t) E(t)] / R(t) + α P(t) functioning to expose organizational fragility by treating R(t) = 0 as systemic collapse rather than a computational artifact to be smoothed, while its time projection and hybrid LSTM/GRU, XGBoost, and reinforcement learning architecture produce technological intentionality that structures practitioner attention and ethical deliberation in ways that previous models do not.

What carries the argument

The CIIM framework as a dynamic risk model that incorporates a deliberate phenomenological move by not smoothing zero-resilience conditions, thereby revealing fragility and generating new technological intentionality through its hybrid architecture and time projection.

If this is right

  • Cybersecurity instrumentation should be designed to make fragility visible rather than conceal it through smoothing.
  • The time projection in dynamic models like CIIM directs practitioner focus toward future systemic states.
  • Ethical design of risk tools requires accounting for their role in shaping attention and deliberation.
  • Postphenomenological analysis provides a method to evaluate how risk models mediate human-technology relations in security practice.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same mediational analysis could extend to risk models in finance or infrastructure to test whether they similarly conceal systemic weaknesses.
  • Empirical studies tracking changes in analyst behavior after adopting CIIM would provide direct evidence for the claimed shift in intentionality.
  • The proposed phenomenology of collapse could apply to other high-stakes domains where models risk hiding total failure states.

Load-bearing premise

The hybrid machine learning architecture combining LSTM/GRU, XGBoost, and reinforcement learning in CIIM produces a new form of technological intentionality that structures practitioner attention and ethical deliberation.

What would settle it

A controlled comparison of threat assessment and response decisions by analysts using CIIM versus CVSS models, checking whether users of CIIM more readily identify and act on signs of organizational fragility.

read the original abstract

This article applies postphenomenological theory to the field of cybersecurity risk management, arguing that formal risk models function as mediating artifacts that shape how security practitioners or analysts perceive, interpret, and act on threats. Based on Don Ihde's taxonomy on human-technology relationships and Peter-Paul Verbeek's extended mediational framework, the Contextual and Multimodal Hazard Impact Index (CIIM), an original dynamic risk model presented as an empirical case study, is analyzed. CIIM is formally defined as CIIM(t+1) = [A T(t) V(t) E(t)] / R(t) + {alpha} P(t), where the condition R(t) 0 is not treated as a computational artifact to be smoothed out, but as a genuine systemic collapse that signals singularity. This design choice constitutes a deliberate phenomenological move, allowing organizational fragility to be made visible in a way that previous CVSS-based and probabilistic models conceal. In addition, we examine how CIIM's time projection (t+1) and its hybrid machine learning architecture, combining LSTM/GRU, XGBoost, and Reinforcement Learning, produce a new form of technological intentionality that structures practitioner or analyst attention and ethical deliberation. The article concludes by establishing implications for the ethical design of cybersecurity instrumentation and for the post-phenomenological methodology itself, proposing the concept of 'phenomenology of collapse' as a contribution to the empirical philosophy of technology.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 2 minor

Summary. The paper applies postphenomenological theory (Ihde and Verbeek) to cybersecurity risk management, arguing that formal models act as mediating artifacts shaping practitioners' perception and ethical deliberation. It presents the CIIM framework as an empirical case study, defined by the formula CIIM(t+1) = [A T(t) V(t) E(t)] / R(t) + α P(t), where R(t)=0 is treated as signaling genuine systemic collapse rather than smoothed, and claims this plus the hybrid ML architecture (LSTM/GRU, XGBoost, RL) generates new technological intentionality. The work concludes with implications for ethical design of cybersecurity tools and proposes the 'phenomenology of collapse' as a methodological contribution.

Significance. If the interpretive claims were grounded in concrete implementation details or case studies, the paper could usefully extend postphenomenology into applied domains by showing how mathematical choices in risk models influence attention and ethics; the proposal of 'phenomenology of collapse' offers a potential new concept for empirical philosophy of technology.

major comments (3)
  1. [Abstract / CIIM definition] Abstract and CIIM framework section: The central claim that treating R(t)=0 as genuine collapse (rather than smoothing) constitutes a deliberate phenomenological move making organizational fragility visible is load-bearing for the argument contrasting CIIM with CVSS/probabilistic models, yet no pseudocode, conditional logic, output state, or UI mechanism is specified to show how this condition actually structures practitioner attention or deliberation differently.
  2. [Abstract] Abstract: The assertion that the hybrid ML architecture (LSTM/GRU, XGBoost, Reinforcement Learning) produces a new form of technological intentionality is unsupported; the formula includes the free parameter α and relies on trained components whose outputs are data-fitted, so the intentionality claim reduces to properties of those fitted elements without independent derivation or validation steps.
  3. [Abstract] Abstract: No derivation, error analysis, empirical case study details, or validation data are provided for the CIIM formula or its claimed phenomenological effects, leaving the postphenomenological analysis without the concrete grounding needed to substantiate how the model mediates perception in practice.
minor comments (2)
  1. [Abstract] Notation for the formula uses {alpha} in one place and α in another; standardize to a single symbol and define all variables (A, T, V, E, R, P) explicitly on first use.
  2. The manuscript would benefit from a dedicated section outlining the integration of the ML components with the core formula to clarify the time-projection mechanism.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for these constructive comments, which correctly identify places where the manuscript's interpretive claims would benefit from greater specificity. We respond to each point below and indicate where revisions will be made to strengthen the grounding of the postphenomenological analysis without altering the paper's conceptual focus.

read point-by-point responses

  1. Referee: [Abstract / CIIM definition] Abstract and CIIM framework section: The central claim that treating R(t)=0 as genuine collapse (rather than smoothing) constitutes a deliberate phenomenological move making organizational fragility visible is load-bearing for the argument contrasting CIIM with CVSS/probabilistic models, yet no pseudocode, conditional logic, output state, or UI mechanism is specified to show how this condition actually structures practitioner attention or deliberation differently.

    Authors: We accept that the absence of explicit operational details leaves the mediating mechanism underspecified. The manuscript treats CIIM primarily as a theoretical construct for postphenomenological analysis rather than a software artifact, which explains the omission. In revision we will insert a short subsection describing the conditional logic: when R(t) reaches or falls below a defined threshold, the model enters a distinct 'collapse' output state that bypasses normal normalization, surfaces a dedicated fragility indicator, and redirects the hybrid ML pipeline toward systemic rather than component-level predictions. This addition will make visible how the design choice alters practitioner attention in ways CVSS-style models do not. revision: yes

  2. Referee: [Abstract] Abstract: The assertion that the hybrid ML architecture (LSTM/GRU, XGBoost, Reinforcement Learning) produces a new form of technological intentionality is unsupported; the formula includes the free parameter α and relies on trained components whose outputs are data-fitted, so the intentionality claim reduces to properties of those fitted elements without independent derivation or validation steps.

    Authors: The intentionality claim is derived from applying Verbeek's mediational framework to the model's overall structure, not from any claim that the ML components themselves generate intentionality independently of the R(t) singularity and multimodal design. The free parameter α is presented as part of the phenomenological mediation (modulating the penalty on persistence under collapse risk). Nevertheless, the linkage could be more explicit. We will expand the relevant analysis section with a step-by-step mapping from specific model elements (the singularity handling, the RL adaptation to collapse states, and the hybrid fusion) to the resulting forms of technological intentionality, remaining within the postphenomenological taxonomy. revision: partial

  3. Referee: [Abstract] Abstract: No derivation, error analysis, empirical case study details, or validation data are provided for the CIIM formula or its claimed phenomenological effects, leaving the postphenomenological analysis without the concrete grounding needed to substantiate how the model mediates perception in practice.

    Authors: The CIIM formula functions as an illustrative case study for the postphenomenological argument rather than as an empirically validated engineering artifact; therefore no error analysis or validation dataset appears in the manuscript. The 'empirical' aspect refers to the application of Ihde/Verbeek concepts to an existing class of risk-modeling practice. To clarify scope we will add a brief methodological note distinguishing phenomenological interpretation from statistical validation and will explicitly state that the paper does not claim to have performed the latter. This preserves the work's contribution while addressing the grounding concern. revision: yes

Circularity Check

0 steps flagged

No circularity: interpretive analysis of a presented model

full rationale

The paper introduces the CIIM formula as an original construction and then applies postphenomenological concepts to interpret its design choices (e.g., handling of R(t)=0 and hybrid ML components) as mediating artifacts. No derivation chain, prediction, or first-principles result is claimed that reduces by construction to fitted inputs, self-citations, or renamed patterns. The alpha parameter and ML training are acknowledged as part of the model definition rather than hidden as independent outputs. Claims about technological intentionality are presented as philosophical analysis, not as mathematically forced conclusions.

Axiom & Free-Parameter Ledger

1 free parameters · 2 axioms · 2 invented entities

The central claim rests on applying established postphenomenological frameworks to interpret a newly introduced risk model whose components and ML training are not independently validated in the abstract.

free parameters (1)
  • alpha
    Scaling parameter multiplying P(t) in the CIIM formula; its value is not derived from first principles in the abstract.
axioms (2)
  • domain assumption Don Ihde's taxonomy on human-technology relationships
    Invoked as the foundational lens for analyzing risk models as mediating artifacts.
  • domain assumption Peter-Paul Verbeek's extended mediational framework
    Used to extend the analysis to the CIIM case study and its time-projection features.
invented entities (2)
  • CIIM framework no independent evidence
    purpose: Dynamic risk model that treats R(t)=0 as visible systemic collapse
    Newly defined model introduced as the empirical case study.
  • phenomenology of collapse no independent evidence
    purpose: New contribution to the empirical philosophy of technology
    Proposed concept arising from the CIIM analysis.

pith-pipeline@v0.9.0 · 5558 in / 1746 out tokens · 48531 ms · 2026-05-09T21:25:19.787860+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

26 extracted references · 26 canonical work pages

  1. [1]

    Technics and Praxis: A Philosophy of Technology ; Reidel: Dordrecht, The Netherlands, 1979

    Ihde, D. Technics and Praxis: A Philosophy of Technology ; Reidel: Dordrecht, The Netherlands, 1979

    work page 1979

  2. [2]

    Technology and the Lifeworld: From Garden to Earth ; Indiana University Press: Bloomington, IN, USA, 1990

    Ihde, D. Technology and the Lifeworld: From Garden to Earth ; Indiana University Press: Bloomington, IN, USA, 1990

    work page 1990

  3. [3]

    Postphenomenology and Technoscience: The Peking University Lectures ; State University of New York Press: Albany, NY, USA, 2009

    Ihde, D. Postphenomenology and Technoscience: The Peking University Lectures ; State University of New York Press: Albany, NY, USA, 2009

    work page 2009

  4. [4]

    Verbeek, P. -P. What Things Do: Philosophical Reflections on Technology, Agency, and Design ; Pennsylvania State University Press: University Park, PA, USA, 2005

    work page 2005

  5. [5]

    Verbeek, P. -P. Moralizing Technology: Understanding and Designing the Morality of Things ; University of Chicago Press: Chicago, IL, USA, 2011

    work page 2011

  6. [6]

    Being and Time; Macquarrie, J.; Robinson, E., Translators; Harper & Row: New York, NY, USA, 1962

    Heidegger, M. Being and Time; Macquarrie, J.; Robinson, E., Translators; Harper & Row: New York, NY, USA, 1962. (Original work published 1927)

    work page 1962

  7. [7]

    The Question Concerning Technology and Other Essays ; Lovitt, W., Translator; Harper & Row: New York, NY, USA, 1977

    Heidegger, M. The Question Concerning Technology and Other Essays ; Lovitt, W., Translator; Harper & Row: New York, NY, USA, 1977

    work page 1977

  8. [8]

    The Crisis of European Sciences and Transcendental Phenomenology ; Carr, D., Translator; Northwestern University Press: Evanston, IL, USA, 1970

    Husserl, E. The Crisis of European Sciences and Transcendental Phenomenology ; Carr, D., Translator; Northwestern University Press: Evanston, IL, USA, 1970. (Original work published 1936)

    work page 1970

  9. [9]

    The Visible and the Invisible ; Lingis, A., Translator; Northwestern University Press: Evanston, IL, USA, 1968

    Merleau-Ponty, M. The Visible and the Invisible ; Lingis, A., Translator; Northwestern University Press: Evanston, IL, USA, 1968

    work page 1968

  10. [10]

    Do artifacts have politics? Daedalus 1980, 109, 121–136

    Winner, L. Do artifacts have politics? Daedalus 1980, 109, 121–136

    work page 1980

  11. [11]

    A Complete Guide to the Common Vulnerability Scoring System Version 2.0; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2007

    Mell, P.; Scarfone, K. A Complete Guide to the Common Vulnerability Scoring System Version 2.0; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2007. Available online: https://www.first.org/cvss (accessed on 10 April 2026)

    work page 2007

  12. [12]

    CVSS v4.0 Specification Document; Forum of Incident Response and Security Teams: Cary, NC, USA, 2023

    FIRST. CVSS v4.0 Specification Document; Forum of Incident Response and Security Teams: Cary, NC, USA, 2023. Available online: https://www.first.org/cvss/v4.0/specification -document (accessed on 11 April 2026)

    work page 2023

  13. [13]

    An Introduction to Factor Analysis of Information Risk (FAIR) ; Risk Management Insight LLC: Columbus, OH, USA, 2020

    FAIR Institute. An Introduction to Factor Analysis of Information Risk (FAIR) ; Risk Management Insight LLC: Columbus, OH, USA, 2020. Available online: https://www.fairinstitute.org (accessed on 13 April 2026)

    work page 2020

  14. [14]

    ISO/IEC. ISO/IEC 27005:2022 —Information Security, Cybersecurity and Privacy Protection: Guidance on Managing Information Security Risks ; International Organization for Standardization: Geneva, Switzerland, 2022

    work page 2022

  15. [15]

    Risk management framework for information systems and organizations: A system life cycle approach for security and privacy

    NIST. Risk Management Framework for Information Systems and Organizations ; Special Publication 800-37 Rev. 2; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2018. https://doi.org/10.6028/NIST.SP.800-37r2

    work page doi:10.6028/nist.sp.800-37r2 2018

  16. [16]

    MITRE ATT&CK Framework v14; MITRE Corporation: Bedford, MA, USA,

    MITRE Corporation. MITRE ATT&CK Framework v14; MITRE Corporation: Bedford, MA, USA,

    work page

  17. [17]

    Salas-Guerra, R

    Available online: https://attack.mitre.org (accessed on 13 April 2026). Salas-Guerra, R. | 13

    work page 2026

  18. [18]

    Long short -term memory,

    Hochreiter, S.; Schmidhuber, J. Long short -term memory. Neural Comput. 1997, 9, 1735–1780. https://doi.org/10.1162/neco.1997.9.8.1735

    work page doi:10.1162/neco.1997.9.8.1735 1997

  19. [19]

    Chen and C

    Chen, T.; Guestrin, C. XGBoost: A scalable tree boosting system. In Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, San Francisco, CA, USA, 13–17 August 2016; pp. 785–794. https://doi.org/10.1145/2939672.2939785

    work page doi:10.1145/2939672.2939785 2016

  20. [20]

    Reinforcement Learning: An Introduction , 2nd ed.; MIT Press: Cambridge, MA, USA, 2018

    Sutton, R.S.; Barto, A.G. Reinforcement Learning: An Introduction , 2nd ed.; MIT Press: Cambridge, MA, USA, 2018

    work page 2018

  21. [21]

    CIIM: A Formal Model of Dynamic Risk with Machine Learning for Threat Prediction in Cybersecurity; Graduate Program in Cybersecurity, Universidad Ana G

    Salas -Guerra, R. CIIM: A Formal Model of Dynamic Risk with Machine Learning for Threat Prediction in Cybersecurity; Graduate Program in Cybersecurity, Universidad Ana G. Méndez: Gurabo, PR, USA, 2026. Available online: https://ciim.drsalas.us (accessed on 13 April 2026)

    work page 2026

  22. [22]

    CIIM Risk Simulator , Version 2.0 [Interactive web simulator], 2026

    Salas-Guerra, R. CIIM Risk Simulator , Version 2.0 [Interactive web simulator], 2026. Available online: https://ciim.drsalas.us (accessed on 13 April 2026)

    work page 2026

  23. [23]

    Rosenberger, R.; Verbeek, P. -P. (Eds.) Postphenomenological Investigations: Essays on Human - Technology Relations; Lexington Books: Lanham, MD, USA, 2015

    work page 2015

  24. [24]

    Tracing the tracker: A postphenomenological inquiry into self -tracking technologies

    Van den Eede, Y. Tracing the tracker: A postphenomenological inquiry into self -tracking technologies. In Chasing Technoscience: Matrix for Materiality ; Ihde, D., Selinger, E., Eds.; Indiana University Press: Bloomington, IN, USA, 2011; pp. 143–158

    work page 2011

  25. [25]

    The Fourth Revolution: How the Infosphere Is Reshaping Human Reality ; Oxford University Press: Oxford, UK, 2014

    Floridi, L. The Fourth Revolution: How the Infosphere Is Reshaping Human Reality ; Oxford University Press: Oxford, UK, 2014

    work page 2014

  26. [26]

    The idiom of co-production

    Jasanoff, S. The idiom of co-production. In States of Knowledge: The Co-Production of Science and the Social Order; Jasanoff, S., Ed.; Routledge: London, UK, 2004; pp. 1–12

    work page 2004