False positives in cybersecurity are triggered when a system incorrectly identifies a benign activity, event, or entity as a potential security threat. An example of a false positive is a legit user logging in from a new device that would trigger an alert for suspicious activity even though it posed no harm.