Auto Threat AI: An Agentic and Explainable Framework for Automated Cyber Threat Intelligence Extraction
Primary research
#350
- Topic
- Privacy and Security
- First seen
- 2026-07-16 23:33:01
- Last seen
- 2026-07-16 23:33:01
Source raw items (1)
- Semantic Scholar2026-07-16 23:31:51Auto Threat AI: An Agentic and Explainable Framework for Automated Cyber Threat Intelligence Extraction
Cyber Threat Intelligence (CTI) enables Security Operations Centers (SOCs) to understand adversary behavior, prioritize risks, and respond to cyber threats. However, cur-rent CTI workflows still depend heavily on manual analysis of unstructured threat reports, vulnerability advisories, open-source intelligence, social media posts, and structured feeds. This creates operational latency, inconsistent extraction quality, weak provenance, and limited scalability. This paper presents Auto Threat AI, an agentic and explainable framework for automated CTI extraction, correlation, scoring, and analyst-governed SOC operationalization. The proposed framework integrates determin-istic indicator extraction, Natural Language Processing (NLP), schema-guided Large Language Model (LLM) agents, graph-aware threat correlation, bounded risk scoring, evidence-first explainability, and Human-in-the-Loop (HITL) governance. The system ingests heterogeneous CTI sources, extracts entities and relations such as IOCs, CVEs, malware, campaigns, threat actors, tools, and techniques, constructs a threat knowledge graph, gen-erates campaign candidates, and presents risk-ranked intelligence through a SOC dashboard. Experimental evaluation on safe demonstration CTI data shows that the implemented prototype ingested 6 sources, extracted 36 entities, generated 33 relations, detected 11 threat events, identified 5 campaign candidates, and routed 8 items for HITL review. The results demonstrate that Auto Threat AI can reduce manual CTI processing effort while improving traceability, explainability, and analyst trust.