In this LABScon25 talk, Dreadnode’s Martin Wendiggensen and Brad Palm explore how AI is changing Cyber Threat Intelligence and the research practices that support it.
Analytical tradecraft and shared standards have transformed Cyber Threat Intelligence from a niche discipline into a collaborative industry-wide research endeavor. Researchers and analysts now routinely build on each other’s work, creating a foundation of trust and shared methodology.
That ecosystem is being disrupted as teams increasingly hand off data preparation, analysis, and entire workflows to AI assistants. These tools boost productivity, but they introduce new costs. You might have confidence in your own AI-assisted process, but how much can you rely on another researcher’s prompts or agentic workflow?
Given concerns over reliability and transparency, the CTI community will need to adapt its research methodology and develop a new joint understanding of the promises, pitfalls, and probabilities inherent in AI-assisted work.
Wendiggensen and Palm present a case study to illustrate their approach. They created an LLM-driven agentic system to analyze Russian internet content leaked by Ukrainian cyber activists. The speakers’ detail the system’s architecture and show how it performs across tasks from straightforward data collation to complex analytical pipelines used to track adversaries. They then explain how to assess the technology’s strengths and limits and, crucially, how to communicate those judgments to peers and wider audiences to preserve both accountability and transparency.
This engaging talk lays the groundwork for discussions not only in threat intelligence but in any collaborative discipline seeking to navigate the challenges of integrating agentic systems into their data analysis and decision-making pipelines.
About the Authors
Martin Wendiggensen is an AI Research Scientist at Dreadnode and PhD candidate at Johns Hopkins AIST. His research focuses on how AI is shifting the Cybersecurity Offensive-Defensive Balance.
Brad Palm is the COO at Dreadnode. Previously, he was a VP of Services and Technology for Pathfynder and the Managing Director of Software at Ascent, where he focused on SOC automation and the integration of CTI in the delivery of managed services.
About LABScon
This presentation was featured live at LABScon 2025, an immersive 3-day conference bringing together the world’s top cybersecurity minds, hosted by SentinelOne’s research arm, SentinelLABS.
Keep up with all the latest on LABScon here.
