AI-Driven Agentic Framework for Insider Threats Prevention and Detection in Secure Software Development Organizations: A Fuzzy AHP Approach

Background Insider threats remain a persistent and complex risk in secure software development organizations because they emerge from a mix of malicious intent, negligence, credential compromise, and process weaknesses across the software development lifecycle. AI-driven, agentic security approaches are increasingly proposed to strengthen prevention and detection; however, organizations still lack a transparent, decision-ready method to prioritize agentic mitigation practices under uncertainty. Objectives This study proposes and prioritizes an AI-driven agentic framework for insider threats mitigation in secure software development organizations using the Fuzzy Analytic Hierarchy Process (Fuzzy AHP). It aims to (i) structure insider-threat mitigation into a hierarchical decision model, (ii) compute priority weights for AI-driven agentic practices, and (iii) support actionable adoption decisions for different insider-threat categories. Methods Initially a systematic mapping study (SMS) was conducted to study the state-of-the-art of insider threats in software development organization. In the second phase, an empirical survey was conducted with cybersecurity professionals to validate the findings of SMS and identify types of insider threats and AI-driven agentic practices for prevention and mitigation of these threats. ANOVA test was then used for comparing the findings of MLR and empirical survey. In the last phase a fuzzy analytical hierarchy process (FAHP) was performed to derive weights and ranking of insider threats and AI-Driven agentic practices. Consistency was checked through standard FAHP validation steps, and a sensitivity analysis was conducted to test ranking stability under small perturbations of criterion weights. Results A hierarchical decision model was developed with the overall goal of insider threats mitigation in secure software development organizations, decomposed into nine insider-threat types (e.g., malicious insiders, negligent insiders, credential theft, inadvertent misuse of access, privilege escalation, social engineering, software piracy/code theft, insider data exfiltration, and abuse of development tools). Ninety-one AI-driven agentic practices were identified for prevention and detection of these insider threats. Using FAHP credential theft with final weight 0.1262 were considered the most highlighted insider threat for software development organizations. Similarly, the most cited AI-driven agentic practice were identified “machine learning driven anomaly detection” with final weight 0.020580 and global rank-1. Conclusion The proposed AI-driven agentic framework, operationalized through Fuzzy AHP, offers a systematic and explainable mechanism to prioritize insider-threat mitigation practices in secure software development organizations. By accounting for uncertainty in expert judgments, the framework supports more defensible security investment decisions and helps align agentic controls with threat-specific needs across the development environment.