Blog
What a good data layer for AI-assisted CTI actually looks like
Part 2 of a planned series. Part 1 looked at the iceberg costs of running CTI on an AI agent. This part looks at the architecture that makes AI, and automation, useful instead. Part 1 ended on a question: which layer of the stack is your team best placed to own, and what does a…
Beyond Decay Curves: Rethinking IOC Scoring
Most security teams assume IOC scoring is a solved problem. Indicators arrive from threat feeds, confidence values are assigned, decay functions reduce scores over time, and detections are prioritized accordingly. On paper, the process appears objective and systematic. In practice, adversaries exploit exactly these assumptions. Infrastructure is designed to evade validation, stale indicators are continuously…
What does it actually cost to run CTI with an AI agent?
Modern deep research models can do real threat intelligence work. Before scaling that approach across a team, here is an honest accounting of the costs that don’t show up on the invoice. It is a fair question to ask in 2026. The frontier models are good. Deep research agents will autonomously plan a search, read…


