(TR24) (INCYBER) AI reinvents the foundations of CTI

Cyber threat intelligence (CTI) provides organizations with an in-depth understanding of potential threats by collecting, analyzing, and interpreting information about bad actors. By using CTI to anticipate threats, organizations can take preventive measures and improve their incident response capabilities. AI can automate much of the CTI data analysis process. This frees up experts to focus on the more complex and strategic aspects of security. Human skills are still essential to interpret results correctly and assess real risks. False positives—errors where a non-existent vulnerability is reported—can occur due to the complexity of systems and AI not always fully understanding the context. AI also requires a significant amount of training data to be effective, which can pose challenges in terms of data confidentiality and availability. How do we take a step-by-step approach, starting with identifying useful data? How do we continually train and adapt AI models to keep pace with the changing tactics and techniques used by cybercriminals? How can we guarantee seamless collaboration between cyber threat intelligence and operational security teams?