The article presents the results of a study of the interpretability of artificial intelligence models, which have found wide application in solving problems of predictive detection of intrusions and anomalies during cyberattacks. Random forest models are presented on the well-known KDD99 data set, which was used to train and test the mentioned approach. The results of practical experiments are presented, during which estimates of the significance of informative features were obtained based on the well-known methods of SHAP, Boruta, Random Forest, etc. This made it possible to determine possible ways to achieve high accuracy in predicting the detection of intrusions and anomalies, as well as to develop appropriate algorithms for interpreting the identified informative features. © The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.