AI as a Catalyst for Flashpoint’s Threat Intelligence Evolution

Flashpoint is championing a pivotal role for Artificial Intelligence (AI) to empower our clients with the agility, precision, and speed needed to outpace complex threats. As we’ll showcase at RSA, our strategic embrace of AI—spanning generative AI, personalization, and access to unparalleled data sources—represents a core commitment to evolving as rapidly as the adversaries themselves. 

Our AI innovations—including Ignite AI for using natural language to find intelligence-led insights, Echosec AI for swift data analysis, and Automated Source Discovery for the scalable identification of new data across the internet—illustrate a future where tailored, AI-driven threat intelligence becomes a linchpin in securing assets, places, and people. By integrating AI into our threat intelligence operations, we’re ensuring that Flashpoint not only meets but anticipates the changing needs of our customers, offering them a robust shield against the cyber, physical, and geopolitical threats landscape.

Here’s a closer look at the transformative impact of our AI-driven technologies and the unique advantages they bring to the table:

Ignite AI

Flashpoint’s Ignite AI simplifies the complexity of threat research by providing intelligence-led responses to queries in conversational language, drawing from an extensive catalog of expert-produced intelligence. It’s designed to be easy to use and enhances the speed and efficiency of security practitioners by delivering concise, actionable intelligence that is accurate and trustworthy with full source references.

Ignite AI in action

Concerned by a data breach at a competitor, a security practitioner at a major healthcare provider turns to Ignite AI to understand the biggest threats facing the healthcare sector at large—including intelligence about the threats themselves as well as the threat actors behind them. 

1. The practitioner turns to Ignite AI as the launchpad for their investigation, starting with a simple query: “What are the current major threats to the healthcare sector?”

2. Instantly, Ignite AI analyzes Flashpoint’s repository of over 14,000 Intelligence Reports to provide a summary answer, serving as an intelligence springboard from which the practitioner can leverage to dive deeper into the topic and develop a more comprehensive understanding of the healthcare threat landscape.

The practitioner continues discovery, leveraging Ignite AI’s curated repository of related intelligence reports to construct a more complete narrative. The “Biweekly Roll-up Healthcare Sector” report catches the practitioner’s eye.

3. In this report, the practitioner learns about an uptick in threat actors targeting the healthcare sector, prompting the practitioner to include a note in their own write-up to more closely monitor this month’s Access Broker posts. 

4. Additionally, ransomware insights within the report enable the practitioner to smoothly transition to Flashpoint’s ransomware dashboard, where the analyst can dive even deeper into their research. Here, the analyst examines the profiles of the most active ransomware groups mentioned in the report, focusing on threat actors actively targeting the healthcare industry, as well as their most recent victims.

5. By harnessing the initial insights from Ignite AI and strategically following the identified research threads, the practitioner was able to compile a situational analysis report, complete with actionable recommendations, to their team and executives.

Recap

In this scenario, the practitioner seamlessly leveraged Ignite AI to expedite their investigative process and was able to move smoothly from one task to the next. Ignite AI doesn’t dictate conclusions; instead, it ignites the investigative spark, empowering practitioners to quickly and skillfully move through lots of information. Practitioners can also ask Ignite AI follow up questions on the same topic in a “conversation” context to refine and explore their investigation.  Ignite AI excels at:

• Rapid summarization: Ignite AI swiftly condenses vast amounts of human-written finished intelligence reports into concise summaries, saving practitioners valuable time.

• Identifying research pathways: By surfacing relevant reports and connections, Ignite AI guides practitioners towards the most fruitful research path.
• Building a comprehensive picture: Ignite AI enhances the development of a holistic understanding by highlighting crucial details and suggesting related intelligence.

Related Reading

Introducing Ignite AI: Conversational Intelligence for Security Teams

Call to action

Echosec AI

Flashpoint’s Echosec AI processes thousands of social media posts within seconds, enhancing our capability to deliver timely and relevant insights about significant locations, events, and topics. This powerful tool enables even novice analysts to rapidly gain a nuanced understanding of social sentiment and trends, offering an in-depth analysis that goes beyond basic data aggregation.

Example: Echosec AI in action

Here is a powerful, five-step workflow an analyst used to gain situational awareness around political dissent in El Salvador in February 2024. 

1. The analyst reviewed a Flashpoint Intelligence report that outlined the concerns about irregularities in El Salvador’s recent legislative elections.
2. The analyst used the search terms “President Bukele” OR “Nayib Bukele” and specified the date range in order to get a snapshot of recent public sentiment.
3. With 1406 results, the analyst decided to use Echosec AI to surface key points.
4. Within seconds, the analyst received a high-level summary of the situation, including positive and negative sentiment analysis, then used the summary to augment their own assessment.
5. The analyst then used the search query suggestion function to generate several other relevant searches. The analyst pivoted into “El Salvador” AND “Gangs” to dive deeper into that topic.

Recap

In short, Echosec AI enabled the analyst the ability to:

1. Leverage summaries as additional data points alongside a manual review of the results, providing a layered analysis of social discourse.
2. Instantly gauge the positive and negative sentiment related to a location, person, topic, or other query, offering a snapshot of public opinion at any given moment.
3. Compare the sentiment and discussion topics across various time frames to track how public perception or the prominence of certain topics has evolved.
4. Seamlessly pivot into related searches using the search recommendations, facilitating a deeper dive into areas of interest or concern, thereby broadening the scope of intelligence gathered.

“By harnessing the initial insights from Ignite AI and strategically following the identified research threads, the practitioner was able to compile a situational analysis report, complete with actionable recommendations, to their team and executives.”  

Automated Source Discovery (ASD)

ASD represents Flashpoint’s innovative approach to uncovering new data sources at scale and speed, ensuring comprehensive data coverage aligned with customers’ intelligence requirements. This capability allows for the continuous expansion of our intelligence collections, enhancing our ability to identify threats as they emerge.

ASD in action: AI and Human Insight Working Together

An intelligence analyst at a global shipping company is tasked with safeguarding their organization against fraud—a constant battle with ever-evolving schemes. Burdened by the limitations of conventional intelligence sources, the analyst grapples with the daunting challenge of uncovering vital intelligence without access to the right sources. Enter: Automated Source Discovery. 

Step 1 – Monday at 08:00 GMT: The analyst reaches out to their Flashpoint counterpart, outlining their pressing intelligence requirements. 

Step 2 – Monday at 08:30 GMT: With a few keystrokes, Flashpoint’s ASD technology springs into action, ready to automatically discover new data sources tailored to the analyst’s needs.  

Steps 3 & 4 – Monday at 09:00 GMT: ASD AI algorithms begin scouring the vast expanse of hard-to-reach communities, including messaging apps like Telegram, forums, and sub–Reddits, to unearth a previously undiscovered channel rife with discussions on shipping labels and package reshipping. 

Through a sophisticated analysis of multimedia content and linguistic context, ASD flags this channel as a potential hotspot for shipping fraud activity. 

Step 5 – Monday at 10:00 GMT: A Flashpoint analyst verifies the intel: it’s a treasure trove. Discussions detail recruiting ‌individuals to receive packages for a fee, then illegally shipping them. ASD provided the Flashpoint analyst with extensive summaries and assessments, using confidence scoring to include select sources, thus enabling the FP analyst to apply human-judgment to verify the source’s credibility, accuracy, and reliability.   

Step 6 – Monday at 11:45 GMT: The Flashpoint analyst adds the channel to be collected. The channel then has its entire history added and is available in the Ignite platform.

Step 7 – Monday at 12:00 GMT: This newly discovered channel becomes a valuable intelligence source for the analyst at the global shipping company. They can now monitor it in real-time for signs of unfolding shipping schemes and potential connections to other criminal activities, before they take root.

ASD exemplifies how the combination of AI and human expertise can deliver optimal results at speed and scale. This collaborative approach ensures continuous discovery of new intelligence sources, giving organizations a critical advantage in dealing with threats specific to their needs.

Empowering the Future: AI-Driven Security Evolution

As we venture into the future of threat intelligence, Flashpoint stands ready to redefine security operations by applying AI throughout our technology in predictable and trustworthy ways. Our strategic application of AI through Ignite AI, Echosec AI, and Automated Source Discovery exemplifies our commitment to advanced, proactive defense mechanisms. With our upcoming showcase at RSA, we’re excited to demonstrate how these innovations empower our clients to effectively counter complex threats. This is just the beginning of a transformative journey where Flashpoint ensures that staying ahead of threats isn’t just a goal—it’s a reality. Join us as we continue to innovate, shaping a secure tomorrow with every step we take.