How threat intelligence is evolving with generative AI

How threat intelligence is evolving with generative AI

how generative AI applications are evolving capabilities of GCP cybersecurity products including Mandiant Threat Intel, Mandiant Breach Analytics, and Chronicle Security Operations

NPW Research

Unprecedented predictive capabilities on the horizon

Generative AI is driving significant changes in threat intelligence, shifting from reactive to proactive strategies. Currently, AI is tracking threats in real-time across various sources and converting raw data into actionable intelligence swiftly. It is also enabling the personalization of threat profiles based on an organization's specific risk landscape and providing insights via natural language queries. Over the next 2-3 years, AI's role will expand, with enhanced predictive capabilities forecasting cyber threats based on patterns and indicators. This technology will also offer context around malicious activities, creating a more comprehensive understanding of threats. The future might see AI not just identifying threats but also initiating immediate remedial actions, making threat intelligence more proactive and robust.In NPW Insights this week, among other deep dives, read about Google’s perspective on threat intelligence, and generative AI application areas identified by DoorDash.


Anthos hybrid reference architecture from Google Cloud


  • Using 2+ on-prem multi-cluster sites along with corresponding, separate GCP regions with separate test, staging and production environments in each site.
  • Each environment should segregate admin resources with separate admin and user clusters for security reasons.
  • Every site should use highly-available control plane with 3 members (to maintain availability concurrently with upgrades, updates, or hardware/kernel failures), and 2 admin clusters to enable config change testing in staging environments first.
  • Logging data should be aggregated in GCP, and least privilege access controls should be implemented on it.

Also useful: Anthos service mesh (based on Istio) architecture for handling inter-service traffic flow, and configuration management logic and deployment with Git-provider workflows. GCP BLOG

This post is for paying subscribers only

Already have an account? Log in