Data layer for AI-assisted CTI

What a good data layer for AI-assisted CTI actually looks like 

Part 2 of a planned series. Part 1 looked at the iceberg costs of running CTI on an AI agent. This part looks at the architecture that makes AI, and automation, useful instead.  Part 1 ended on a question: which layer of the stack is your team best placed to own, and what does a…

threat intel scoring

Beyond Decay Curves: Rethinking IOC Scoring

Most security teams assume IOC scoring is a solved problem. Indicators arrive from threat feeds, confidence values are assigned, decay functions reduce scores over time, and detections are prioritized accordingly. On paper, the process appears objective and systematic. In practice, adversaries exploit exactly these assumptions. Infrastructure is designed to evade validation, stale indicators are continuously…

AI costs article-pic1

What does it actually cost to run CTI with an AI agent? 

Modern deep research models can do real threat intelligence work. Before scaling that approach across a team, here is an honest accounting of the costs that don’t show up on the invoice. It is a fair question to ask in 2026. The frontier models are good. Deep research agents will autonomously plan a search, read…