Can AI make threat intelligence easier? One platform thinks so

When analysts at RH-ISAC found themselves spending 10 hours a week just collecting threat intelligence, they knew their process wasn’t sustainable. They were manually tracking blogs, RSS feeds, and social media channels, but it took too long to separate useful signals from irrelevant chatter. After adopting Feedly Threat Intelligence, the team reduced that time by more than 70 percent, dropping from 10 hours to just 2-3 hours a week.

Stories like this are becoming more common as CTI teams look for ways to make their workflows more efficient. The volume of threat data is growing, and analysts risk burnout if they spend most of their time collecting rather than analyzing. Feedly Threat Intelligence is designed to address that imbalance by automating data collection and adding context that helps analysts move faster from discovery to action.

Josh Darby MacLellan, a staff threat intelligence advisor at Feedly, has seen the shift first-hand. Before joining the company, he worked as an analyst in the finance sector and faced the same challenge of monitoring countless sources manually. “Manually reviewing a folder full of bookmarked websites daily was error-prone,” he recalled. “We occasionally missed a vital article and ended up hearing about it from another team or, worse, our CISO.”

Feedly’s answer is an AI-driven platform that continuously scans more than 10,000 open web sources, including government advisories, vendor blogs, vulnerability databases, news sites, social media, and even the dark web. Its 1,000 AI models extract unstructured data such as TTPs, CVEs, and IoCs, then add them to a real-time Threat Graph. Analysts can query this graph with Ask AI, a CTI-trained large language model, to generate reports and answer specific questions with citations back to the original sources.

The goal is to shift the analyst’s focus. As MacLellan put it, “The consumers of intelligence are still human, meaning intelligence is still a human-to-human business. Tailoring intel products to stakeholders and explaining the ‘so what’ requires the human touch.” Feedly’s role is to reduce the time spent on high-volume, low-complexity tasks like extracting entities, deduplication, and clustering, freeing analysts to interpret and communicate findings in a way their stakeholders can act on.

Customer results point to measurable gains. GreyNoise, for example, nearly doubled its detections from 290 in 2023 to 573 in 2024 after adopting Feedly, crediting the platform for improving CVE research and helping them flag vulnerabilities earlier than CISA 65 percent of the time. At Sopra Steria, support tickets from customers about new vulnerabilities dropped sharply because the CTI team could push out daily newsletters using Feedly. Instead of asking “are you aware of this?” customers already had the answer in their inbox.

For gematik, a health IT organization, what had been a daily grind of checking dozens of websites and summarizing articles turned into a streamlined workflow. With AI Feeds and Team Boards, ingestion time for reports fell from up to 10 minutes per article to just 2 seconds. GISA, another user, saved 20 hours a day across its team by automating vulnerability checks and integrating Feedly outputs directly into its ticketing system.

Integration is often a sticking point for CTI teams, but Feedly offers options for both ready-made and custom connections. It supports out-of-the-box integrations with platforms like Anomali ThreatStream, Cortex XSOAR, Microsoft Sentinel, and OpenCTI. For more specialized needs, the Feedly REST API provides programmatic access to enriched threat intelligence data, from article metadata to MITRE ATT&CK TTPs. Feedly also maintains a GitHub repository with sample scripts in Python and PowerShell to help teams plug into tools such as Splunk and PowerBI.

The broader challenge remains: CTI teams are under pressure to deliver relevant intelligence faster without overwhelming themselves with raw data. By reducing collection time, providing richer context, and enabling integration into existing workflows, Feedly is trying to give analysts a way to keep up. As MacLellan noted, the result is about reducing stress. “With Feedly, we automated a lot of the monitoring and closed a lot of gaps, ensuring our detection of threats in relevant articles increased,” he said.