Cybersecurity decision-making increasingly occurs in environments characterized by uncertainty, partial observability, and adversarial manipulation, where heterogeneous signals from multiple sources are often incomplete, ambiguous, or conflicting. Traditional Security Orchestration, Automation, and Response (SOAR) systems rely on deterministic pipelines and threshold-based triggers, limiting their ability to support reliable decision-making under such conditions. This paper proposes a probabilistic, agentic framework for cybersecurity orchestration that models decision-making as a meta-cognitive process. The framework decomposes cybersecurity functions into interacting agents responsible for detection, hypothesis formation, contextualization, explanation, and governance, coordinated through a meta-cognitive judgement mechanism. This mechanism evaluates uncertainty, agent disagreement, and operational constraints to determine decision readiness, enabling adaptive strategies including automated action, escalation, deferral, and evidence refinement. Empirical evaluation on benchmark datasets (CICIDS2017 and NSL-KDD), augmented with adversarial and uncertain conditions, demonstrates that the proposed approach improves robustness and decision quality compared to deterministic and single-agent baselines. The framework achieves higher accuracy under noise, reduces false positive rates, and produces better-calibrated confidence estimates, while enabling more adaptive and context-aware decision behavior. By explicitly modeling meta-cognitive processes - monitoring, evaluation, control, and reflection - the proposed approach reframes cybersecurity as an instance of AI-mediated cognitive problem solving, supporting accountable autonomy and more effective human-AI collaboration in adversarial environments.

翻译：网络安全决策越来越多地在不确定、部分可观测和对抗性操纵的环境中形成，其中来自多个来源的异构信号往往不完整、模糊或相互冲突。传统的安全编排、自动化和响应（SOAR）系统依赖于确定性流程和基于阈值的触发机制，这限制了其在上述条件下支持可靠决策的能力。本文提出了一种面向网络安全编排的概率性、基于智能体的框架，将决策建模为元认知过程。该框架将网络安全功能分解为负责检测、假设形成、情境化、解释和治理的交互智能体，并通过元认知判断机制进行协调。该机制评估不确定性、智能体分歧和操作约束以确定决策就绪状态，从而支持包括自动行动、升级、延迟和证据精化在内的自适应策略。在基准数据集（CICIDS2017 和 NSL-KDD）上进行的实证评估（在对抗性和不确定条件下进行了增强）表明，与确定性和单智能体基线相比，所提方法提高了鲁棒性和决策质量。该框架在噪声环境下实现了更高的准确率，降低了误报率，并产生了校准更好的置信度估计，同时支持更具自适应性和上下文感知的决策行为。通过显式建模元认知过程（监控、评估、控制和反思），所提方法将网络安全重新定义为人工智能中介的认知问题解决实例，在对抗性环境中支持负责任自主性和更有效的人机协作。