Risk-Adaptive Friction: Designing Human-Aware Security Controls in CI/CD

Why All Approvals Should Not Cost the Same Introduction: The Click-Through Syndrome Security teams often believe friction equals security. In practice, static friction leads to automation and fatigue. When engineers approve deployments dozens of times per day, approval becomes muscle memory. The act loses meaning. Attackers exploit routine. This phenomenon — Click-Through Syndrome — is not user error. It is a predictable failure mode of static security UX. This article explores risk-adaptive friction : the idea that security friction should scale with the risk of the action being authorized. Why Static Friction Fails Static friction means: Every deployment requires the same approval Every action costs the same cognitive effort Every warning looks the same Humans adapt to static friction. Once habituated, friction stops being a control and becomes background noise. Attackers time malicious actions to blend into routine. This is why phishing works better during busy hours. This is why ma

Risk-Adaptive Friction: Designing Human-Aware Security Controls in CI/CD

Related Articles

The Decision Pattern That Prevents Product–Engineering Conflict

Autopilot

The Most Important Skill in Software Engineering Isn’t Coding

New interstellar hunting with Vera Rubin alerts

R: A Language for Data Analysis and Graphics (1996)

Related Articles

News
The Decision Pattern That Prevents Product–Engineering Conflict
Medium Programming • 2d ago

News
Autopilot
Medium Programming • 2d ago

News
The Most Important Skill in Software Engineering Isn’t Coding
Medium Programming • 2d ago

News
New interstellar hunting with Vera Rubin alerts
Medium Programming • 2d ago

News
R: A Language for Data Analysis and Graphics (1996)
Lobsters • 2d ago