From OSINT Chaos to Knowledge Graph: Building Production-Scale AI-Powered Threat Intelligence
Dongdong Sun
[un]prompted 2026 — AI Security Practitioner Conference · Day 2 · 2
Palo Alto Networks built a production system that converts unstructured open-source threat intelligence reports into a continuously updated knowledge graph, then deploys an LLM agent to answer complex multi-hop threat research questions against it. The result: threat intelligence that used to require hours of expert reading can now be synthesized in seconds — grounded in curated, source-attributable data rather than model memory. ---
AI review
Palo Alto's threat intelligence knowledge graph is the correct answer to a problem that's been badly solved for a decade — and Sun had the intellectual honesty to spend more than half his talk on evaluation rather than product features. The finding that reasoning models actively degrade grounding quality is counterintuitive, empirically supported, and immediately actionable for anyone building intelligence pipelines.