AI-Powered Data Intelligence

Turning alert noise into actionable AI insights security teams can trust and act on

Role

Product Designer

Team

Co-founders, Engineering

Tools

Figma Make

Timeline

3 Months

Turning alert noise into actionable AI insights security teams can trust and act on 1Turning alert noise into actionable AI insights security teams can trust and act on 2

Context

The customers' security teams were drowning in alert noise. 10,000 alerts a day, with 40 to 60 percent false positives and real attacks hidden in the pile. I designed an AI-native investigation flow where AI handles triage, allowing security analysts to focus on judgment and taking action.

Problem

Security analysts are shown AI analyzed alerts at every step. The challenge is designing an experience they can trust and act on.

As the sole designer, I owned the full product from information architecture and dashboard design to the incident investigation experience and AI reasoning presentation. The core challenge was how to help users trust AI generated analysis and act on it confidently.

To address this, I spoke to customers, PM, and engineering and identified 3 design principles to ensure the investigation experience is transparent and trustworthy.

🛡️

Designing for trust

Presented AI reasoning in plain English so analysts could act without interpreting raw data.

🔍

Surfacing transparency

Showed what the AI was confident about and where the uncertainty came from.

💬

Feedback on AI claims

Let analysts ask follow-up questions and flag hallucinations directly in the side panel.

7 in 10 analysts resolved incidents without cross-checking raw logs

The AI flags thousands of alerts. The problem is no one knows how to act on them.

🧩Where It Started

The AI flags thousands of alerts. The problem is no one knows how to act on them.

The whole thing started with one line from the CEO: 'Our AI generates a lot of alerts, but we don't know how to deal with it.' My job is to bring chaos into clarity.

I started by understanding the product, users, and problems.

💡My Approach

I started by understanding the product, users, and problems.

I started with a few questions: What are these alerts, how were they handled before AI, what changed when AI entered the workflow, and where does the user fit now?

The problem is about trusting the insights that AI surfaced.

🎯Research & Define

The problem is about trusting the insights that AI surfaced.

Users' workflow shifted from writing rules, reviewing, and investigating alerts to verifying the AI's verdict and acting on it.

I iterated until users trusted the AI's reasoning and acted on it.

🔄Design Iteration

I iterated until users trusted the AI's reasoning and acted on it.

Three rounds of iteration: from showing what AI detected, to explaining what it decided, to evidence users could question.

🎯 Solution

An AI-native investigation flow where analysts move from alert triage to confident action

SOC risk dashboard
Active incidents list
AI confidence breakdown
Incident detail
Key evidence
AI Insights panel
AI confidence walkthrough

SOC risk dashboard

Active incidents list

AI confidence breakdown

Incident detail

Key evidence

AI Insights panel

AI confidence walkthrough

First Iteration

An alert table with AI reasoning, confidence scores, and supporting context.

We were a small startup with no user pool to interview, so I needed to prototype quickly. After speaking to the internal team to understand users' workflow, my first assumption was to surface alerts in a familiar format: a table showing severity, AI confidence score, AI reasoning, and the data users previously gathered manually across multiple tools.

Iteration 1Iteration 2

Second Iteration

A funnel surfaces the AI's conclusions and supporting evidence.

The feedback: the reasoning and evidence helped, and that part landed. But users still needed to review, correlate, and decide. The table showed what AI detected, not what AI decided.

The feedback led me to a different direction. What if I show everything around what the AI had already concluded? The second iteration functions as a funnel that surfaces the AI's conclusions and supporting evidence.

Third Iteration

An AI confidence walkthrough and a chat panel that allows users to dig in.

The team loved how I surfaced the AI's insights in a funnel format, and for the first time, people could actually follow the AI's logic. But users wanted to be able to question it and dig deeper.

So this round of iteration will let users know how AI confidence was calculated, trace the reasoning alongside the evidence that supports it, and use the chat panel to dig deeper.

Results

Allunified view

All users loved that they didn't have to open multiple tools to figure out what was happening.

70%act

70% of users acted on AI output without cross-checking raw logs.

50%faster

Among users who acted, decision time reduced by 50%.

Learnings

01

Confidence doesn't build trust. Honesty does.

02

Transparency is about showing information at the right moment.