CTI Agent Automated Battlecards from CTI Reports
Mohamed Nabeel
Recon Village @ DEF CON 33 · Day 1 · Recon Village
In the dynamic landscape of cyber security, staying ahead of sophisticated threat actors requires timely, accurate, and actionable intelligence. However, a significant challenge lies in the sheer volume and unstructured nature of Cyber Threat Intelligence (CTI) reports. These reports, often published in natural language across various platforms, are difficult to process at scale, contain implicit tactics, techniques, and procedures (TTPs), and frequently feature indicators of compromise (IOCs) that are outdated by the time of publication. Mohamed Nabeel, a cybersecurity veteran and PhD from Palo Alto Networks, presented an innovative solution at Recon Village, addressing these critical pain points.
AI review
Competent applied ML work that solves a real operational problem — CTI report overload — using a sensible agentic pipeline. The graph expansion for proactive IOC discovery is the most interesting piece, but the overall system is evolutionary rather than novel, and the Recon Village venue is about the right ceiling for it.