A generative AI-driven cybersecurity framework for small and medium enterprises software development: an ANN-ISM approach - Nature

Abstract This paper presents an AI-based generative model to address the cybersecurity threats in software development for Small and Medium Enterprises (SMEs). The model aims to address the unique challenges SMEs face in implementing effective cybersecurity practices by leveraging generative AI to enhance threat detection, prevention, and response. Initially, we conducted a multivocal literature review (MLR) and an empirical survey to identify and validate cybersecurity threats and the generative AI practices used in secure software development for SMEs. An expert panel review was then assigned for the process of artificial neural network (ANN) and interpretive structural model (ISM). The ANN model can predict potential cybersecurity threats by learning from historical data and software development patterns. ISM is used to (1) structure and visualize (2) relations between identified threats and mitigation approaches and (3) offer a combined, multi-layered risk management methodology. A case study was conducted to evaluate the effectiveness of the proposed model. The evaluation has shown that the model significantly enhances SME online security and enables rapid adoption of sophisticated AI-based practices for detecting and responding to primary and advanced cyber threats. Phishing and ransomware received high assessments (Advanced), whereas some advanced techniques, e.g., AI-guided evasion and zero-day attacks, were at early stages of development (Understanding and Development). The general results indicated that generative AI can help organizations enhance SME cybersecurity, and some efforts are underway to develop use cases for advanced threats further. The AI-based generative model is a viable and scalable approach to the cybersecurity of SME software development. Such AI-based practices will enable SMEs to effectively protect themselves against various cyber threats systematically. Future studies should focus on developing contemporary threat strategies and on the impediments to global implementation, particularly in less resource-rich settings. Similar content being viewed by others A generative AI cybersecurity risks mitigation model for code generation: using ANN-ISM hybrid approach Article Open access 14 January 2026 AI-driven cybersecurity framework for software development based on the ANN-ISM paradigm Article Open access 18 April 2025 SME-TEAM: leveraging trust and ethics for secure and responsible use of AI and LLMs in SMEs Article Open access 20 January 2026 Introduction The dynamic nature of cybersecurity has created a major challenge to the Small and Medium Enterprise (SME) in dealing with sophisticated cyber threats. SMEs tend to be affected by cyber-attacks as they have few resources, experience, and infrastructure. The increase in the prevalence of cybercrime and the rise of more advanced and enduring threats (APTs) make the transition to scalable, affordable, and resilient cybersecurity designs a necessity to SMEs. However, most of the solutions that are in place are sophisticated, expensive, and enterprise-focused, putting SMEs at risk. This study aims to solve this weakness by using Generative AI models, including Generative Adversarial Networks (GANs), to improve threat detection and threat prevention. The proposed paper offers a Generative AI-based cybersecurity framework, which integrates ANN and ISM framework and is specific to the needs of SME in the field of software development. It is hoped that the proposed research will offer a scalable and inexpensive solution to this issue so that, without stretching their own resources, SMEs would be able to avoid cybersecurity risks. However, as the digital economy is growing, cybersecurity risks are on the rise with some being predatory to SMEs who is resource poor and less secure1. Such risks are phishing attacks, ransomware and malware, software/language vulnerabilities and elaborate social engineering attacks, which can all lead to drastic business continuity plans, data integrity problems, and client trust2,3,4,5. The increasing severity and frequency of cyber-attacks have prompted the necessity to develop more dynamic, scaled, and creative solutions to cybersecurity over the past few years6. The contemporary cyber landscape is both dynamic and adaptive and the old methodology of signature-based or heuristic approaches are failing to keep up with the changes that are happening with threats3. Therefore, one of the most critical issues of most SMEs is the inability to maintain their businesses because of a lack of cash and knowledge7. As a result, the demand to develop new models of cybersecurity is increasing, and it should be resilient and scalable, and be able to thwart threats on the spot8. One of the solutions that are new to the creative side is generative AI in cybersecurity9. ANNs among other generative AIs can be immensely used to create adaptive security systems that can detect, predict, and counter emerging cyber threats10. The concept of generative AI can also be evolved into a continuous learning system that evolves in response to constantly changing threats, which will defend the SMEs with intelligence against a variety of cyberattacks through simulating different attack scenarios and creating solutions11. Moreover, the work with the ISM methods will allow organizing the extensive analysis of the interdependence between the parameters of cybersecurity as a whole, which leads to the overall approach to the mitigation of threats12. The paper proposes a Generative AI-based framework to curb the cybersecurity threats of software development among the SMEs. The model is an amalgamation of the ANN and ISM models which provide a steady, modular, and reusable threat detection, prevention and response solution. ANNs—another type of machine learning that imitates the neural networks of the human brain are particularly suitable in finding patterns in big data sets, which explains the fact that the model can be used in cybersecurity13. Instead, the ISM approach allows focusing on the interdependence and relations between the types of cybersecurity practices and determining the most suitable synergy of practices in response to a threat14. The model will also provide the SMEs with a holistic and flexible cybersecurity environment that is cost-effective even to the resource-strained organizations. With generative AI in the form of automated threat hunting and response, and a policy to establish the most essential cybersecurity practices, the framework is a novel roadmap to the SMEs in improving their health of security and prevent potential cyberattacks. The first is to suggest a solution that has the technical soundness and takes into consideration the operational limitations and issues that SMEs deal with and is, therefore, covered and applicable to a broad spectrum of sectors. In this research paper, an AI-generated cybersecurity architecture will be identified and developed, where an ANN is used to identify threats and an ISM to evaluate risks, as the needs of SMEs operating in the software development domain. The framework will provide an efficient, scalable solution to the cybersecurity problems affecting SMEs that will allow them to respond to the constantly changing cyber threats efficiently at a low cost. Contribution of the study In this research paper, we present a novel system of using ANNs and ISM to ensure better cybersecurity in Small and Medium Enterprise (SMEs) in the context of software development by the means of generative AI. The greatest contributions of this work are as follows: Creation of a Generative AI-based Framework: We suggest an innovative framework, which builds on generative AI practices and is used to improve cybersecurity among SMEs involved in software development. Our framework is dynamic in relation to emergent security risks unlike the conventional ones and therefore offers a dynamism in the provision of defence mechanism that conforms to the changes in the cybersecurity environment. This architecture involves the benefit of combining an ANN to detect anomalies with ISM to aid in strategic decision-making, which provides a complete, customizable cybersecurity solution to SMEs. ANN Use in Cybersecurity: Implementation of ANN in our system will be a contribution, as it will be able to detect superior threats with the help of patterns and anomalies. We show how ANNs can be used to forecast possible failures during the software development cycle so that SMEs will create a proactive approach to avoid cybersecurity attacks. The application contributes to the growing body of literature about AI in cybersecurity, in this case, when SMEs are involved, the resources are often limited. ISM to Structure Cybersecurity Strategies: The application of ISM in organizing and prioritizing cybersecurity strategies against SMEs is also another significant contribution. Using ISM can assist us in developing a clear hierarchical image and allow SMEs to recognize the main areas where security should be improved and make correct decisions regarding the use of the resources. It is an emerging application of ISM to cybersecurity strategy development that enables SMEs to make sure they secure against vulnerabilities in a systematic way, depending on the circumstances inherent to their operations. Experimental validation and performance evaluation: The article is thoroughly experimentally validated by a range of real-life questionnaire surveys and case studies, which prove the proposed framework. Our comparison of the efficacy of the AI-based system of generative systems with the existing cybersecurity mechanisms shows that it is more effective in identifying and containing security threats. Its results indicate the feasibility of the framework and its ability to reduce cyber risk in the case of SMEs. Ablation Study to Test Framework Components: To further test the soundness of the framework, we conduct an ablation study that isolates and tests the components of the ANN-ISM approach. The comparative importance of each of these aspects to the success of the entire cybersecurity model is drawn in the current paper, which throws light on the most vital aspects that have made it effective. Ablution test proves the benefit of hybridisation of ANN and ISM in the provision of smooth functioning of software development of SMEs. Practical Implications for SMEs: The design and experimental findings have the potential to assist the SME to enhance their cybersecurity posture. The work is a response to an acute shortage in cybersecurity needs among SMEs, offering a scalable service that is cost-effective, which uses AI-based approaches to enable the latter to defend their software development seniors without the expensive security infrastructure required. Overall, the current paper can be described as a valuable contribution to cybersecurity because of the proposal of a generative AI-based model that involves an ANN and an ISM to improve the safety of SMEs. It is reasonable to base the framework on the validation of the experiment, ablation study, and practical implications of the experiment, as it will be a good starting point to the further research and application in the cybersecurity world. The paper is organized in such a way that Section "Background and related work" includes a review of the related works in the field of cybersecurity in software development among SMEs and their relevant approaches and frameworks, along with the significance of generative AI in cybersecurity. Section "Hybrid research methodology" expounds on the research methodology and the aspects of the Hybrid ANN-ISM Framework. Section "Results and analysis" reports the findings on how cybersecurity threats are hierarchically organized and AI mitigation practices are generated. The fifth section provides the development of the Hybrid ANN-ISM Framework to address cybersecurity threats in software development among SMEs taking advantage of generative AI practices. Section "Implications of the study" contains the implications of the study. The limitations of the research are presented in section "Research limitations". Section "Conclusion and future research directions" gives the conclusion and direction of future research. Background and related work The cybersecurity threats grow more daunting to small and medium-sized enterprises (SMEs) as the software industry develops at a breakneck speed. Cyberattacks can target SMEs which are not always armed and equipped with resources and skills to defend themselves against them7. These organizations do not have the tools, personnel, and procedures to defend their software development which is a simple target of opponents who wish to compromise application servers, customer records, and supply chain vulnerabilities8,15. The security threats found in the threat landscape of software development are: The use of defective coding patterns, lack of testing processes, unprotected security policies and inability to implement patches in time1. Such limitations are likely to be caused by the complexity and dynamism of the software development process, which is constantly changing with the threats and the systems being abused16. Although the traditional method of cybersecurity is vital, it may not be sufficient and sufficiently fast to cope with the ever-changing nature of cyber threats particularly the small and medium-sized enterprises (SMEs) who have minimal budgetary capacity to invest in cybersecurity mechanisms17. The intersection of artificial intelligence (AI) and cybersecurity has been actively discussed over the past few years, particularly in the context of dealing with the unique issues of SME in software development18. According to this view, a variety of scholarly publications suggest integrating the AI models (e.g., adversarial and deep learning and intelligent system-based approaches) to identify and mitigate cyber threats during the software development process10,19 Table 1. Table 1 Related Studies. Full size table AI in cybersecurity In the area of cybersecurity, there has been a growing use of AI techniques to conduct better detection and prevention of cyber threats9. ANN and ML-based models have been explored in case of automatic detection of threats, anomaly detection, and attack pattern identification. Khan et al.13 introduced a piece of work that was based on an ANN to identify software security in design through a behavioural pattern analysis with a higher rate of accuracy compared to the traditional methods. AI models have been used in software development to forecast vulnerabilities through the analysis of large codebases with success4. These systems facilitate the automatic detection of vulnerabilities that can be used by cybercriminals and implement preventive measures. Among the possible opportunities is the application of Generative AI techniques to enhance cybersecurity. GANs have also been employed recently to generate artificial attack data to train cybersecurity models25. The generative models could mimic various patterns of attacks and generate useful data sets to be used in the training of the detection systems more effectively. Sharma et al.26 showed that GANs could generate adversarial samples for training anomaly detection systems, thereby enhancing their robustness against sophisticated cyber-attacks. Nonetheless, AI-based models and techniques, particularly for software development SMEs, seem to lag far behind these developments. It is common for SMEs to have limited resources to allocate to the development and management of classical cybersecurity solutions, which often require expertise and significant infrastructure. As such, custom-made AI models designed for SMEs that prioritize cost efficiency, automation, and scalability are necessary to meet SME cybersecurity needs8. ANNs in cybersecurity ANNs are widely used in machine learning-based cybersecurity solutions for their ability to learn from data and generalize well to new, unseen instances. Various ANN structures have been employed to detect threats in software development environments, such as feedforward networks27, recurrent neural networks (RNNs)28, deep learning models29, etc. Georgios et al.30 studied deep learning methods in identifying malicious code patterns. Das et al.31 demonstrated that recurrent neural networks can be applied to real-time detection of vulnerabilities in web applications. ANNs could also be used in cybersecurity for software development to monitor the behaviour of software systems during the development process32. These models can be trained on large amounts of data generated from testing, vulnerability scanning, and code reviews. This would be a great asset to SMEs, as they can use continuous threat monitoring services that require minimal manual effort. In the meantime, organisations and SMEs can leverage the combination of ANNs and automated vulnerability scanning to detect and prevent security vulnerabilities in their software products early33. There are some difficulties with ANN-based techniques when used in small-scale software development projects. Their high demand for the labelled data sets, training data, and high computing power limit their implementation to the majority of SMEs. As such, interest has increased in developing more effective ANN architectures, such as lightweight architectures that can be executed on and transferred to low-resource devices34,35. ISM in cybersecurity ISM is a widely used methodology for exploring complex systems and identifying relationships among elements or components12. In cybersecurity, ISM is increasingly recognized as a valuable tool for understanding complex interdependencies among multiple cybersecurity factors, threats, responses, and mitigations36. In this review, we investigate the use of ISM in cybersecurity, reporting on and discussing its efficiency, application, limitations, and potential future developments. Rajan et al.37 developed a Modified Total Interpretive Structural Modeling (M-TISM) technique to identify relationships among different factors. They studied the factors affecting cybersecurity management effectiveness, focusing on collaboration, training and resources, capabilities, information sharing, technology knowledge and awareness, and technological infrastructure. It also examines the relationships among the identified factors using the M-TISM approach. Etemadi et al.38 conducted research to identify and prioritize the barriers to the adoption of blockchain technology in cyber supply chain risk management (CSCRM). To understand the interrelationships among such barriers, the ISM is applied to develop a structural hierarchy for deeper analysis of the interrelated cybersecurity factors involved in implementing blockchain in CSCRM. Khan et al.36 use the ISM methodology to examine the relationships among the core elements of the requirement engineering practice. They extracted 70 best practices and organized them into 11 core categories to help software development organizations define secure software development requirements. The results of ISM shows that the category awareness of secure requirement engineering has the strongest driving influence among the other 10 core categories of requirement engineering practices. By using ISM evidence, they tries to recognize security best practices, which are applicable and can be considered for enhancing the software system’s security. Although many studies have been conducted on AI-based cybersecurity models, the ANN framework, and ISM for large-scale organizations, there is an apparent lack of research on this approach for addressing security threats in a small-scale software development environment. Most available solutions concentrate on large corporations with sufficient resources and lack integrated, automated platforms that are affordable and scalable for SMEs. Moreover, very few investigations were available on the synergy between generative AI and classical ANN and ISM, offering an inclusive, adaptable, and affordable solution for SMEs. We intend to plug these gaps by providing a generative AI-driven model based on the ANN-ISM approach to mitigate the cybersecurity risks in software development in SMEs. Hybrid research methodology In this study, we follow a comprehensive six-phase approach (see Fig. 1) to verify and validate our proposed Hybrid ANN-ISM Framework to reduce the cybersecurity threats in software development for SMEs. The first phase comprises a multivocal literature review (MLR) that draws on perspectives from various sources of knowledge, laying a strong foundation for the study. Phase 2 is a field experiment (online questionnaire) to collect practitioners’ opinions and understand the problems and perspectives on the matter. The third phase is an expert panel review to optimize the draft framework through their collective professional wisdom. In the fourth stage, a model is proposed for predicting cybersecurity threats using an ANN. The fifth stage uses ISM for deeper analysis and structuring the relationships among risk factors. Finally, on the sixth stage, a case study will be used to determine whether the suggested approach is feasible and effective in the actual circumstances. The systematic procedure will ensure the all-encompassing and regular examination of the framework capabilities to curb cybersecurity threats in software development among SMEs. Fig. 1 The alternative text for this image may have been generated using AI. Full size image Research Flow Framework. Phase 1: multivocal literature review (MLR) A multivocal literature review (MLR) is a comprehensive and systematic review that draws on multiple perspectives, voices, and sources39,40,41. It represents a spectrum of perspectives, approaches, and results across a field. For this paper, an MLR would entail accessing information from various sources, including peer-reviewed papers, conference papers, industry reports, white papers, and expert opinions. The MLR would focus on cybersecurity threats and on Generative AI practices for software development among SMEs. Here are the specific steps of this paper to perform an MLR39,42: Defining the research questions and scope Establish key research questions: The first step in MLR is to define the study’s principal questions. Here, the main research questions are: o What are the primary cybersecurity threats associated with software development? o What are the best Generative AI practices and strategies we should adopt to mitigate these risks? Determine the scope: This will involve deciding on the boundaries of the review, by defining the special generative AI technologies (for example, input validation and sanitization, GANs, etc.) and the scope of the particular cybersecurity threats (possibly, injection attacks, code quality and logic errors, and malicious code). Searching for sources Find sources: We look for a diverse range of sources: Academic References: Papers on cybersecurity, software development, AI, and Generative Models from high-impact journals and conferences, such as: o IEEE Transactions on Cybersecurity o Journal of Experimental and Theoretical Artificial Intelligence (JETAI) o ACM Computing Surveys o International Journal of Information Security o Security and Privacy: (Wiley). Industry reports: Announcements from cybersecurity firms, technology companies, and research institutions. Research papers, reports, and white papers from cybersecurity companies, think-tanks, and organizations like: o Gartner o McKinsey and Company o OWASP (Open Web Application Security Project) o ISACA (Information Systems Audit and Control Association) o National Institute of Standards and Technology (NIST) Government and Regulatory Source: Documents from government departments or standards companies, such as: o EU GDPR Reports o U.S. Cybersecurity and Infrastructure Security Agency (CISA) Advisories Employ databases: Widely used academic databases such as: o Google Scholar, IEEE Xplore, SpringerLink, ACM, Scopus, etc. Search criteria: query syntax: in specific search term: o "cybersecurity risks in software development”, “Generative AI practices”, “generative models and vulnerabilities", "risk mitigation in software development" The final sample size (n = 85) is shown in Fig. 2. Fig. 2 The alternative text for this image may have been generated using AI. Full size image Final Sample Size. Screening and selecting sources First-level screening: We screen abstracts and titles to include relevant and reliable sources. Inclusion criteria: o Literature regarding cybersecurity and AI in software development, papers that present solutions to mitigate the identified risks. o Recent research papers—Within the past 5–10 years. o Consider both cybersecurity threats and AI-specific mitigations. o Studies in high-quality peer-reviewed journals and conference proceedings. o Updates from reputable cybersecurity firms. o Resources and references about generative AI techniques, approaches, models, practices, etc. Exclusion criteria: o Non-relevant content about cybersecurity risks or generative AI in software development. o Papers over 10 years old (unless they are seminal). o Non-peer-reviewed sources or opinion pieces. Data extraction and synthesis We extract the following information from the selected papers: Cybersecurity risks found: What are the primary cybersecurity risks mentioned in association with software development? Mitigation approaches: What are the proposed generative AI practices, methods, or technologies to mitigate risks? Emerging Trends: We seek new or novel approaches to secure software development against cybersecurity threats. Challenges and gaps: We discuss areas where our literature review highlighted potential gaps or limitations in the current literature. Categorize results: We divide our results into several groups, e.g., Cybersecurity risks (e.g., data poisoning, adversarial attacks), Model robustness, and security protocols, best practices, and recommendations in generative AI to protect software development. Analysis and thematic clustering Identify themes and variations within themes: After organizing the data, we looked for themes and variations within themes across sources. For example: Security threats in software development. Threats of the abuse of generative AI in generating deepfakes or counterfeit content. Proactive strategies for mitigating bias include adversarial training, model verification, and an AI ethical framework. Cross-source comparisons: We contrasted the sources’ conclusions on cybersecurity risks and mitigation strategies. Synthesizing results and presenting findings Provide a holistic view: We consolidated the most-mentioned cybersecurity risks and generative AI mitigation practices across all sources. Explain the significance of these observations to cybersecurity issues and solutions in generative AI. Draw attention to research gaps: We identify unexplored and under-researched topics useful for incoming research. It may be more evidence, new mitigation approaches, or a joint academia-industry partnership. Discussion of limitations: We have addressed the weaknesses of the present review (e.g., possible sources bias, insufficient access to databases, or research deficit). Formulating implications and recommendations Develop implications: Based on the synthesis, we offer practical implications of the research and practice. As an illustration, it may signify where more efforts are needed till we can safely trust software development. Practice implications: We provide practical recommendations regarding cybersecurity threats in software development, such as application of certain security standards, regulatory systems or audits of generative AI. Writing and structuring the literature review Introduction: The paper presents a discussion on the issue of cybersecurity risks and the importance and limitation of generative AI practices in the software development field. Methods: We describe the methods of the conduction of the MLR and why various voices and resources were utilized. Main body: We present the results under three main themes (exposure, mitigation, and challenges). Conclusions: We summarize the main findings, identify research gaps, and make recommendations for future research and practice. By taking these steps, the MLR contributes to a well-informed, balanced discussion of cybersecurity risks and generative AI methods for addressing them, in which diverse voices and perspectives are heard. This will be beneficial both academically and by transferring knowledge between academia, industry, and practical application. Phase 2: online questionnaire survey The second step of this research was to design a questionnaire, and several essential elements were considered to ensure a comprehensive and valuable study. The main objective of the survey was to identify the types of cybersecurity threats in software development for SMEs and, as a secondary task, to understand how generative AI can be applied to address them. The following steps were followed in this survey43,44,45,46,47: This study was conducted in accordance with the ethics guidelines of the University of Gloucestershire Institution Review Board (IRB)/Ethics Committee. The experimental protocols of the study were all in line with the respective ethical guidelines, laws and codes of practice. First, we define our intended audience in this survey. We select cybersecurity researchers, software developers, AI researchers, as well as software users and developers in SMEs. The interviewees are partially acquainted with AI, code writing and security. This will make the answers to be based on knowledge and their answers to the objective of the study. The final sample size for this survey is 85 participants. The next stage was the development of the questionnaire. The survey covers various categories of questions, including demographic questions, cybersecurity risk identification questions, AI risk mitigation questions, and technology and tool questions. Demographic background questions, how to get basic information about the sample, like their role in the industry, and their working experience. For example, we inquire: o How would you describe your role in the organization?” o How many years of experience in software development/AI/cybersecurity? Furthermore, in our questionnaire, questions on identifying cybersecurity risks evaluated the participant’s knowledge of typical (security) risks in software development, e.g., code injection, data leakage, and insecure APIs. e.g., a question of concern is, What are the most common cybersecurity threats that exist in software development? Fig. 3 presents descriptive statistics for the questionnaire respondents. AI practices for risk reduction are indispensable for anyone considering how generative AI is employed to counter threats. We included further questions such as, Have you heard of any AI-driven methods for identifying code vulnerabilities? What are your thoughts on how generative AI can help counter the cybersecurity challenges associated with software development? In addition, technology- and tooling-related questions were used to determine which platforms support automatic code generation and whether they incorporate AI-related security capabilities. The survey format consisted of an introduction and a short study profile that provided a précis of the survey’s intent, explained how the responses would be used, and indicated the time required to complete the instrument. Also included is an informed consent with a statement explaining that the information provided is confidential and that participants’ identities will remain anonymous. The survey was structured according to the same topics: demographics, cybersecurity risks, AI practices, and technology/tools. At the end, participants were thanked, and, if relevant, we mentioned any subsequent events (e.g., a presentation) and the sharing of results. Then, finding the right survey tool is also significant. We use online tools like Google Forms to produce and circulate the survey. This product enables us to develop, distribute, and analyze surveys to fit different levels of functionality. When the survey tool is identified, some subjects should be involved in a pilot test. The test was carried out to check the knowledge on the issues of the questions, the length of the survey, and the usability of the tool and to be sure that the survey is functional once it is given to a wider audience. The survey was thereafter given to the bigger population of interest after pilot testing and correction of the problems. Here we can appeal to professional circles such as LinkedIn, GitHub, Stack Overflow, or AI/cybersecurity forums and identify the appropriate responders. We also guarantee you a certain date of completion of the survey and there are no worries that the data will be collected in time. Seizing control of the information and then going through it. We used the feedback to follow up so that there was nothing going wrong when the survey was being conducted. Then we analysed tendencies, patterns and nuances and cross-read the data. Quantitative data were analysed with the help of statistical packages like SPSS and Excel and data in the open-ended section were analysed through thematic analysis to get themes. This enables us to interpret the results of the survey. Lastly, the results were discussed in an organized manner within this paper. The reports deal with the key cybersecurity concerns expressed by the respondents and give an idea of the generative AI techniques that are the most widely used to solve them. To solve the ethical concerns, the privacy and confidentiality of the respondents was also taken into account. The study is carried out based on the ethical guidelines of conducting a research involving human beings, such as informed consent and confidentiality. Fig. 3 The alternative text for this image may have been generated using AI. Full size image Demographic Details of Survey Experts. Phase 3: expert panel review An expert panel reviewed the research presented in this paper. The committee included 23 specialists across cybersecurity, AI, and software development. They represented multiple industries: academia, industry, and research labs, and a combination of professionals with experience in: Requirements on cybersecurity and threat management practice. More innovative products, and especially products powered by generative AI technologies. Secure software development experience. AI and cybersecurity: ethical implications. These individuals have more than 10 years of experience between them; most hold advanced degrees and have worked in leadership roles in their fields. The rigorous process is the study design, which involves rounds of the Delphi. Professionals at each round review the MLR, and the researchers are extensively criticised for the research design and potential improvements. The ANN-ISM framework has a specific scope, as the relevant input from the expert panel is fully incorporated into the research, and the research questions are sharpened. The researchers evaluated the cybersecurity risk on a risk prism. Perceived lower (approximately 5 percent) and medium perceived importance (approximately 45–50 percent) risks were penalised at 1 and 10, respectively. The other risk scores were rated on a 5-point scale, creating a response scale. These professional opinions are used to develop pairwise matrices that represent the interconnections among various cybersecurity threats in software development within SMEs, as shown in Table 2. In addition to other analytical methods, ANNs and ISM were applied to ensure the reliability and validity of the research model. These analyses allow for a deeper interpretation of the findings, enhancing their face validity and, ultimately, the strength of the research process. Phase 4: ANN The fourth stage of this study utilised an ANN process. New data sets are also easy to adapt to. ANNs can handle incomplete or missing input data48. The predictions from ANNs are generally better than those from other methods, such as SEM, multiple linear regression, MDA, and binary logistic regression. ISM is often used to determine the implications of predictors on a predictor variable. Nevertheless, linear algorithms such as ISM remain restricted to linear mappings of the human decision-making process, as higher-level relations are ignored49,50. As a well-known AI model, ANN can address this limitation by learning to model decision-making situations and nonlinear relationships, as stressed by Leong et al.49. The multi-layer perceptron structure in an ANN approximates the correlation between inputs and outputs, as the human brain does. One of the significant features of ANNs is their ability to model nonlinear, non-compensatory relationships between attributes51. Overall, ANN models are superior to classical linear procedures and offer greater flexibility and robustness64. Nevertheless, ANN cannot be used in attributive analysis or hypothesis testing49,52. To address this issue, a two-stage method for integrating the ISM with an ANN has been proposed. ANN training As an ANN is being trained, we make model intrinsic relationships between the inputs and the outputs by modulating the internal weights, and the input/output pair is represented as: $${\text{S }} = \, \left( {{\text{d1}},{\text{ x1}}} \right), \, \left( {{\text{d2}},{\text{ x2}}} \right), \, ...., \, \left( {{\text{dNi}},{\text{ xNi}}} \right)$$ (1) The independent data, known as xi, and the associated responses, di, are a random sample. These data sets exhibit the non-linear nature of the correspondence between the inputs and the outputs. The goal is to develop an ANN model that can learn this type of invariant relationship on its own. The ANN production is generally in the form of wijyi + bi $${\text{y }} = {\text{ y}}\left( {{\text{x}},{\text{ w}}} \right)$$ (2) y, x and w are the ANN output, the input parameters, and the unknown weights, respectively. An optimization problem can be solved to determine the best weights that reduces the difference between the predicted output and the actual label. This can be optimised as follows: $${\text{w}} * = {\text{ min x ET }} = {\text{ min x i }}||{\text{ di }} - \gamma \left( {{\text{xi}},{\text{ w}}} \right) \, ||$$ (3) where ET denotes the standard error of the sample. This problem can be approached in many different ways, and the most popular is backpropagation, introduced by Hertz et al.53. It is an algorithm that trims the weights of the network by calculating the approximate gradient of the error function concerning the weights, resulting in improved predictions: $$\omega_{{{\text{next}}}} = \, \omega_{{{\text{now}}}} - \, \eta \, \alpha {\text{E}}\tau / \, \alpha \omega$$ (4) Hertz et al.53 set the learning rate to h. Initially, the weights are chosen randomly, and the algorithm is repeated until the optimization condition of Eq. (3) is satisfied. Weights and biases are updated during this process, minimizing mean squared error and allowing the model to achieve the target accuracy. The weights (Wi) and biases (bi) are adjusted until the model achieves the desired accuracy. Alnaizy et al.54 provide a calibration procedure denoted: $$\text{Vi }= \sum_{i=1}^{n}\text{wijyi }+\text{ bi}$$ (5) The bias bi adjusts the weighted sum of the inputs. A transfer or activation function is then applied to the sum Vi. This transformation produces the: $${\text{Zi }} = {\text{ f }}\left( {{\text{Vi}}} \right)$$ (6) Performance of ANN training The performance of the ANN is evaluated using the Root Mean Squared Error (RMSE), the R-squared (R2), and the Average Absolute Deviation (AAD), expressed as: $$\text{RMSE }= {[\frac{1}{n}\sum_{i=1}^{n}{(Yi-Yid)}^{2}]}^{0} .5$$ (7) $${R}^{2}=1-\frac{{\sum }_{i=1}^{n}{(Yi-Yid)}^{2}}{{\sum }_{i=1}^{n}{(Yi-Yin)}^{2}}$$ (8) $$AAD=\left[\frac{1}{n}\sum_{i=1}^{n}\frac{\left(Yi-Yid\right)}{Yid}\right]*100$$ (9) where Yid is the observed data; Yi is the predicted data; Ym is the median of the observed data, and n is the total number of data. Phase 5: ISM The ISM approach was applied in the fifth stage to classify and rank the identified cybersecurity threats in software development for SMEs. The concept of the ISM method, as explained in55, was presented to analyze and understand complex relationships among systems and subsystems. By organizing a hierarchy, this method contributes to the acquisition of ability by structuring the variations and directions of various elements. Further, ISM can well model the relationships between visual and structured language56. This method is compelling for investigating complex multivariate interactions57,58,59. This approach has been used in many studies better to understand complex systems60,61,62,63,64,65,66,67. Figure 1 shows how ISM can be used to map and classify cybersecurity threats in software development for SMEs. Phase 6: development, implementation, and validation of the proposed model In the final phase of this research, all findings from phases 1–5 were merged to develop the hybrid ANN-ISM framework for mitigating cybersecurity threats in software development through generative AI practices. The proposed model was then implemented in an organization and was validated through a case study. Further details are presented in Sect. Evaluation of the Proposed Model. Results and analysis In today’s rapidly changing world of software development, small and mid-sized businesses are increasingly challenged to defend against cybersecurity threats to their operations, intellectual property, and customer data. The rise in advanced cyber threats, such as ransomware, data breaches, and social engineering, has made it imperative that SMEs implement robust security systems. Generative AI methods can provide viable solutions to these issues, especially when it comes to proactive threat detection, automatic vulnerability detection and code security. On the one hand, this paper will discuss the intersection point of cybersecurity threats and, on the other hand, generative AI-based practices and apply the practices to support cybersecurity in the SME sphere. Having AI to predict analytics and pattern recognition capability, SMEs have a chance to enhance their threat mitigation capabilities and safeguard their software development cycles in an environment marked by rapid changes of cyber threats. Table 2 shows AI cybersecurity threats and how they could affect SME software development organizations. Table 2 AI Cybersecurity Threats in SMEs Software Development Organizations. Full size table The information in Fig. 4 is a synthesis of two significant sources, namely, the literature review and survey outcomes: Literature Review: In an attempt to underpin how perceived different AI cybersecurity threats influenced the software development in SMEs, a literature review of the recent scholarly articles, white papers, and industry reports was undertaken. The sources were also verified in their relevance to the area, and their findings on the frequency and severity of such threats in small and medium enterprises were taken. The literature gave a background of the way the professionals in the field perceived the threats. Figure 4 shows the percentages of impact caused by the literature review which was performed by averaging or synthesizing the information on the threat severity of the said sources with specific focus to the risks posed in the different studies. Data from surveys: The survey was distributed among SMEs that deal with software development, and such stakeholders as the developers, IT security professionals, and the management are of significance. The questionnaire was to be filled with information regarding the perceived impact of these AI cybersecurity threats necessitating the respondent to rate the perceived severity of each threat on a Likert scale (e.g., 1 to 5). These responses were further coded in percentages in terms of percentage scores achieved by the entire respondents. The average of the results was then obtained to obtain the Survey Impact percentage of each cybersecurity threat illustrated in the figure. Fig. 4 The alternative text for this image may have been generated using AI. Full size image AI Cybersecurity Threats: Literature Review and Survey Impact Percentages. In this case, the impact is considered to be the perceived degree to which individual AI-based cybersecurity threats affect the functioning, protection, and the overall health of the SMEs involved in software development, and the higher a percentage, the more the perceived impact. The intensity of every risk was evaluated in two aspects: Literature Review Impact: Depending on the frequency and the severity of each of the threats, as elaborated across academic and industry literature. Survey Impact: This depends on direct feedback and the ratings of the surveyed SMEs. The measure of the impact was as follows: Literature Review: The impact percentages were calculated by summing the severity ratings (e.g., 1–5 scale) across the reviewed articles and translating them into percentages. Research with higher threat severity was accorded greater weight in arriving at the final percentage. Survey Impact: Survey respondents were requested to rate the severity of each threat on a scale. An average of the responses was used to determine the overall percentage effect shown in Fig. 4. Regarding the illustration, when most respondents ranked a threat as high impact (e.g., 4 or 5 on a scale of 1 to 5), it contributed to a higher percentage in the survey impact. Figure 4 was built in the following way: Literature Review Data Collection: A systematic review of peer-reviewed articles, industry reports, and other authoritative sources has been conducted. All the essential themes and findings on the AI cybersecurity threats were identified. The severity rating was assigned, and the percentage was determined by averaging the reported impacts across multiple studies. Survey Data Collection: The survey was designed to collect quantitative data from a sample of SMEs. Respondents rated the severity of various cybersecurity threats based on their opinions and personal experience. The data were then used to provide the percentage effect of each threat after aggregation. Data Synthesis: The results of the impact data from the literature review and survey were synthesized to provide a comparative perspective on the perceived severity of the various AI cyber threats. The outcomes of the literature review were presented in blue, and the survey results were presented in red and could be directly compared. Figure 4 illustrates the level of impact between the research studies and the survey findings regarding the threats to AI security for Small and Medium-sized Enterprises (SMEs). Threat importance Survey analytics demonstrate varying threat severity, since AI-driven threats identified as necessary by academic research are not always aligned with what SMEs rely on in the survey data. Academic sources report threats at lower rates than SMEs do in their surveys. The SMEs are equally concerned about automated phishing attacks, as mentioned in the Literature Review (60% of the time) and the Survey (55% agreement). The computerized nature of AI in phishing attacks continuously improves their effectiveness and increases their success rate, leaving SMEs to address security considerations and employee awareness training permanently. In the literature review, deepfake attacks are reported at 45 percent, and in the survey, respondents indicated the same at 50 percent. The nature of Deepfake attacks appears to be more concerning to SMEs than the existing literature suggests, as they can be used to alter AI-generated media to reflect the image of the company’s chief and employees. Impersonation attempts form the sources of social engineering attacks, and that is of greater concern to SMEs. Based on the research publications and other surveys, there is a high threat of AI-powered malware, 40–38. It is a perfect case since SMEs do not have proper cybersecurity measures that allow attackers to operate unnoticed malware. The difference between the 34% Literature Review Impact and 57% Survey Impact implies that SMEs would be informed about the vulnerability of the automated system to detect vulnerabilities of AI due to insufficient resources. The fact that such products have these weaknesses is worrying, considering that they can be exploited by many attackers. The Ransomware Attacks are not eliminated, as in both research works, it was found that the Literature Review indicated a longer effect (63%) than the Survey one (42%). The new ransomware architecture assists hackers to target a particular weakness of the system and modify ransom requests. Such attacks expose SMEs to the risk of having to recover these attacks. The 49% Literature Review and 30% Survey data suggest that the AI-based social engineering has become a significant threat, as hackers have employed the manipulation strategies in order to make the internal organizational individuals to access the system unauthorized. The survey data suggests that SMEs might not be aware of this threat or worse still, they are less experienced with this threat. The Literature Review Impact (25) and Survey Impact (39) show that there is a weakness caused by the AI-assisted development of zero-day exploits of unpatched software in organizations. AI rapidly detects and exploits vulnerabilities in business applications, making smaller bus