Cyber Threat Intelligence (CTI) teams are drowning in data: threat feeds, dark web chatter, phishing campaigns, malware reports, and OSINT sources. Yet, turning this overwhelming volume into actionable intelligence remains a manual, time-consuming process.

At the same time, adversaries are already leveraging AI to scale phishing, automate reconnaissance, and accelerate credential theft operations—shifting the threat landscape faster than traditional CTI workflows can keep up.

This talk presents a practical, real-world approach to augment CTI operations using AI. Instead of focusing on theory, we will demonstrate how to build an AI-driven intelligence pipeline that ingests multiple sources (threat feeds, social media, OSINT), extracts IOCs, clusters related activity, and produces contextualized intelligence ready for analysts.

The session will also explore how attackers are using AI (including agent-like workflows) and how defenders can adapt without falling into the risks of over-automation, hallucinations, and false correlations.

To bridge theory and practice, we will conclude with a live Proof of Concept (PoC) showing how an automated CTI agent can:

Ingest raw intelligence feeds
Extract and normalize IOCs
Identify patterns across campaigns
Generate a daily intelligence summary with minimal human input

This talk is designed for CTI analysts, SOC teams, threat hunters, and security engineers looking to move from reactive intelligence consumption to proactive, AI-augmented intelligence production.