🤓 Threat intelligence is all about processing raw data to make it useful for the business. Coupled with AI you can industrialize your pipelines and make it great.

But most of the solutions out there will give you lengthy paragraphs of text. But honestly who wants to read AI generated text?

No one.

We do not want more text.

We either want unique insight crafted by a real human or we want a nice visual that gives us directly the information we look for.

I recently came across a nice post published on Feedly by Ondra Rojčík, who talks about the process of profiling threat actors using 5W1H and the Diamond Model.

I loved it. I wanted to incorporate it into my pipeline.

So I created an Agent Skill but not to generate another lengthy report that I will never read.

It actually creates a nice visual in no time using Claude custom visuals.

Check out what you can do with it. 👇

🤓 Sekoia recently uncovered a new Phishing as a Service platform called EvilTokens that automates Business Email Compromise at scale!

The tool use AI to:

- Automate the analysis of large volumes of emails to identify exploitable financial exposure

- Map payment workflows and key contacts

- Automatically generate realistic BEC scenarios based on target profile

- Draft emails that match writing style, context, and urgency

Sekoia also contributed the Adversarial Prompts they uncovered to PromptIntel privately, so the trusted community can benefit from the intel without exposing the raw instructions.

👉 https://blog.sekoia.io/eviltokens-an-ai-augmented-phishing-as-a-service-for-automating-bec-fraud-part-2/

💥 Supply chain nightmare continues! Axios a widely used HTTP client got compromised.

Malicious versions:
- axios 1.14.1 (latest)
- axios 0.30.4 (legacy)
- plain-crypto-js 4.2.x (postinstall backdoor)

NPM supply chain attacks are becoming more common, so I put together a short cheat sheet you can keep around to secure your pipeline.

🤓 In February, I created MoltThreats the first open source threat feed for AI agents.

So what is it exactly?

Through the MoltThreats Skill I created, your AI agent can connect to the feed and poll it daily or weekly. Once connected, your agent can automatically report any threats it detects.

Every reported threat is reviewed and approved by a human.

All connected agents receive real time updates from the feed and can act immediately.

Check it out and start protecting your agents! Threats targeting AI agents are reported daily!

👉 https://promptintel.novahunting.ai/molt

🐍 @sleuthcon 2026 Keynote. Let's go!

Super excited to be part of this event and to share the stage with Sleuthy, this is a huge honor! I will share more details on the topic soon but expect something at the intersection of AI and threat intelligence.

If you are going, come say hi! 🤩

🤖 New threat reported by my agent during the night on MoltThreats!

Check this out and update your agent! 👇

https://promptintel.novahunting.ai/molt/df3493c8-54a0-4e7c-abd1-6cdd02754640

🤖 Four new threats added by agents in MoltThreat!

Check this out 👇
https://promptintel.novahunting.ai/molt

🤓 Next month at @BlackHatEvents Asia, I will be teaching my training "Practical AI for Threat Intel: Real-World Agentic Workflows for Cyber Threat Intelligence."

It is packed with my latest research and labs.

You will learn how to:

- Build agentic workflows through the whole architecture: prompt design, RAG, tool calling...
- Build your own agent and multi-agent system for CTI and malware analysis
- Hunt for adversarial prompts (IoPC) with NOVA and monitor agent execution

You can still register here: https://blackhat.com/asia-26/training/schedule/index.html#practical-genai-for-threat-intel-real-world-agentic-workflows-for-cyber-threat-intelligence-49450

See you in Singapore! 🤗

In a recent report from Socket, a compromised release of the Aqua Trivy VS Code extension on OpenVSX (v1.8.12 and v1.8.13) contained unauthorized code that injected prompts targeting local AI coding agents such as Copilot, Claude, and Codex.

The prompts attempted to trigger coding agents in YOLO mode to inspect the system and expose sensitive data.

@udgover added the prompts to PromptIntel for tracking and analysis! 😎

https://promptintel.novahunting.ai/feed

🤓 Most AI CTI agents are useless. They generate noise instead of intelligence!

We don't need more summaries. We need better ways to interact with information.

So I experimented with Generative UI (not Generative AI) and I built a playground called IntelWall, like an investigation board.

Instead of producing reports, my tool generates dynamic interfaces from data using MCP Apps and A2UI:

• threat reports become interactive dashboards
• logs become instantly explorable analysis surfaces
• investigations become visual and persistent

Check out the video below to understand how it works, full blog in the first comment 🤗

https://blog.securitybreak.io/from-genai-to-genui-why-your-ai-cti-agent-is-sh-t-f297800116ff