SecTor 2025 | From Days to Hours: Accelerating Cyber Threat Response with AI Agents

At SecTor 2025, Ival, a veteran of Israel’s 8200 unit and director of security research at Hunters, unveiled a weekend‑project AI platform that compresses cyber‑threat response cycles from days into hours. The talk framed the problem around the "black" and "gray" risk phases—periods before public disclosure and before official patches—where defenders traditionally scramble to understand and mitigate emerging threats. The solution ingests real‑time social‑media signals from Reddit, Twitter and other channels, then uses large language models to semantically cluster posts, bypassing conventional keyword‑based ML. Authoritative feeds (NIST, CIS, vendor advisories) are merged, and a suite of specialized agents—Thread Identifier, Threat Analyst, and Threat Hunter—process this enriched context against a user‑defined business profile to surface, prioritize, and enrich the most relevant threats. Key examples include IBM’s GPT‑4 study showing 87% success exploiting one‑day vulnerabilities, and the system’s ability to output a concise list of zero to two actionable threats, complete with hunting queries and mitigation guidance. The agents leverage tools like Perplexity and ExaSearch to retrieve supporting intel, demonstrating a fully automated pipeline from noisy social chatter to actionable SOC playbooks. If adopted broadly, such an agentic platform could dramatically shrink the defender’s window, turning reactive patch cycles into proactive threat hunting. Enterprises would gain near‑real‑time visibility into sector‑specific risks, enabling faster containment, reduced breach costs, and a strategic shift toward AI‑augmented security operations.