SecTor 2025 | From Days to Hours: Accelerating Cyber Threat Response with AI Agents

Identifying and responding to emerging threats before they escalate into widespread attacks is one of the hardest challenges in cybersecurity today. Threats often surface first in informal channels, long before official advisories are published. By the time traditional detection systems catch up, it’s often too late.

In this session, we will present a collaborative AI-agent framework built to act as a threat intelligence and threat hunting accelerator. The system ingests and semantically processes large volumes of structured and unstructured data – including CISA alerts, CVE databases, vendor reports, EXA and Perplexity search results, and social media signals. Using a custom LLM-based clustering engine, the system groups early threat signals by topic, CVE, and campaign, allowing for real-time insight into what’s emerging across the security landscape.

Each agent in the framework plays a specialized role: surfacing relevant threats, analyzing and prioritizing them based on relevance and severity, extracting TTPs and IOCs, and generating hunting queries.

We’ll walk through the system design, share implementation insights (including hallucination control, prompt chaining and evaluation), and showcase how this setup enables teams to reduce the time between “first appearance” and “first action” to hours or even minutes.

Attendees will leave with a deep understanding of how LLM-based agents can be used as proactive actors in cyber threat intelligence and response workflows.

By: Yuval Zacharia | Director R&D, Security Research & AI, Hunters

Presentation Materials Available at:
https://blackhat.com/sector/2025/briefings/schedule/?#from-days-to-hours-accelerating-cyber-threat-response-with-ai-agents-46897Black HatRead More