What is an AI threat intelligence analyst?

An AI threat intelligence analyst is a stack of AI agents that acts as a real-time junior analyst. Liberty91 monitors hundreds of cybersecurity sources, analyses every event for relevance to your organisation, and delivers tailored reports, IOCs, and detection rules in real time, while your human analysts keep control of intent, attribution, and relevance.

Does an AI analyst replace human threat intelligence analysts?

No. Liberty91 automates the high-volume collection, enrichment, and reporting work that fills most of an analyst's week, so the team you have can focus on judgement: intent, attribution, and what actually matters to your organisation. It is a force multiplier for your analysts, not a substitute for them.

How does the AI analyst personalise threat intelligence?

Liberty91 is trained on your organisation's unique threat profile, sector, geography, assets, attack surface, and supply chain. It integrates with your Attack Surface Management tools to stay current, and learns from your team's actions on the platform over time.

What sources does the AI analyst monitor?

Liberty91 monitors open-source cybersecurity news, vendor reports, vulnerability databases, ransomware data leak sites, dark web forums, and social media out of the box. Premium sources like Google Threat Intelligence, CrowdStrike, and Group-IB can be added as well.

How does the AI analyst deliver intelligence?

Liberty91 delivers intelligence as written reports, STIX bundles, Sigma detection rules, and IOC feeds. It integrates with Jira, MISP, Slack, Teams, email, and thousands of other tools via webhooks and API. Output is tailored to the recipient's role.

AI Threat Intelligence Analyst

A Real-Time Junior Threat Intelligence Analyst.

Liberty91 is a stack of AI agents that works as a dedicated junior threat intelligence analyst, monitoring hundreds of cybersecurity sources, analysing every event for relevance to your organisation, and delivering tailored intelligence in real-time. Your analysts stay in control of the calls that matter.

Start for Free See How It Works

What Does Your AI Analyst Do?

Every time a cyber event happens that your organisation should know about, Liberty91 sends an instant alert, with a summary detailing what is happening, why it is relevant to you, and what you should do about it.

Every morning, the platform sends a curated, personalised summary of everything that has been happening in the cyber threat landscape. Tailored to your organisation, your threat profile, and your assets.

And it scales indefinitely. Whether you are a single organisation or an MSSP with 500 customers, each gets its own dedicated agent stack, trained on its unique threat profile, assets, and supply chain. Five or five hundred, the intelligence is always personal.

So how does it know all these things, and how does it make the intelligence personal?

Liberty91 runs the full intelligence lifecycle end-to-end, and plugs into tailored workflows for MSSPs, analysts, and security leaders. For the wider picture of how LLMs and agents are changing the discipline, see our guide to AI for threat intelligence.

How It Works.

Liberty91 works through a stack of AI agents. They synthesise raw content from hundreds of cybersecurity sources upon publication, and present anything relevant to your security teams.

Liberty91's agentic AI workflow, from raw threat data through enrichment, relevance, and production agents to reports, APIs, and security tooling

Collection.

It reads everything, in real-time

Your users can feed Liberty91 with any cybersecurity source they have access to. Open-source content like cybersecurity news, blogs, vendor reporting, vulnerability databases, ransomware data leak sites, and dark web monitoring are provided out of the box.

Subscribe to premium intelligence from Google Threat Intelligence, CrowdStrike, or Group-IB? The platform ingests those too. As soon as something is published from any monitored source, it is analysed.

Training.

It knows what matters to you

The agents need to decide what is important to your organisation and what is not. At Liberty91, we have made this as effortless as possible: our analysts have decades of experience in cybersecurity, and we use that expertise to pre-train AI agents based on sector and geography.

Integrate with your Attack Surface Management solution, and the platform always has the most up-to-date picture of your infrastructure. Exposing OpenSSH when a new zero-day drops? You are told immediately, with affected assets and remediation steps.

Analysis.

Real tradecraft, applied to every event

When the agents find something matching your collection requirements, they check it against your relevance thresholds. If a new threat meets that threshold, the platform generates a full analysis customised to your threat profile.

This is not summarisation. Tradecraft agents put every event through real analytical technique: Analysis of Competing Hypotheses, source and data reliability on the NATO Admiralty scale, and calibrated confidence and likelihood, applied consistently where a busy team would skip it. Your analysts stay in control of the judgement that matters: intent, attribution, and relevance.

Production.

Reports, integrations, and role-based delivery

The analysis is available in multiple formats and languages. Reports contain executive summaries, strategic and tactical analysis, Indicators of Compromise, and detection rules.

Liberty91 can send tickets to Jira, create events in MISP, or integrate with thousands of other tools through webhooks and a versatile API. It even tailors output to the recipient's role: a CISO receives strategic analysis, while a product owner gets vulnerability alerts with remediation steps.

See It in Action.

Real-Time Dashboard.

https://platform.liberty91.com

Liberty91 dashboard streaming real-time threat intelligence events

The platform streams relevant events as they happen, tagged with MITRE TTPs and linked to your threat library.

Daily Morning Report.

L91

Liberty91 Morning Report

to: security-team@acme.com

Daily Cybersecurity Morning Report, April 2, 2026

Tailored Threat Intelligence Report

Executive Summary

Critical cybersecurity threats including actively exploited Google Chrome vulnerabilities, regional scams targeting travelers and grieving families in the UK, and a complex web of data breaches and phishing campaigns impacting major technology companies.

Attack Surface Threats

Google Chrome, CVE-2026-5281

Actively exploited zero-day, CVSS 8.8. Patch by April 15.

EvilTokens Phishing-as-a-Service

New kit targeting Microsoft accounts via device code phishing.

SLSH / Scattered Spider Data Exfiltration

3M+ Salesforce records from major U.S. tech company.

Regional: United Kingdom

Reservation hijack scams targeting travelers via compromised booking systems.

View Full Report in Platform

Every morning, Liberty91 delivers a personalised summary of everything relevant from the last 24 hours.

What It Delivers.

Written Reports

Executive summaries, strategic and tactical analysis, tailored to each stakeholder's role and needs.

IOCs & Detection Rules

Indicators of Compromise and Sigma detection rules, extracted and ready to deploy directly into your SIEM.

STIX Bundles

Industry-standard structured threat intelligence for seamless integration with your TIP, SOAR, or SIEM.

Real-Time Alerts

Instant notifications via mobile, email, Slack, Teams, or dashboard, as soon as a relevant event is published.

Integrations

Jira tickets, MISP events, webhooks, and a versatile API connect Liberty91 to thousands of tools.

Role-Based Delivery

CISOs receive strategic briefings. Analysts get IOCs and TTPs. Product owners get vulnerability alerts with remediation steps.

It Learns Over Time.

Liberty91 does not just follow static rules. Self-maintaining knowledge agents hold the entire body of knowledge on a topic, say Russian cybercrime or the infostealer ecosystem, and keep it current, so each new event is read against everything already known. That is how the platform can tell you a fresh sample resembles a backdoor tied to a known group, and which technique to look for next, the kind of recall a human analyst rarely has time to maintain across every topic.

As your team tracks new threats and assigns criticality to events, the agents learn what matters to your organisation and what does not. The result is an AI analyst that becomes more effective the longer you use it, surfacing fewer false positives, catching more of what matters, and delivering intelligence that is increasingly aligned with your priorities.

Organisations using Liberty91 experience:

faster intelligence production

85%

quicker response times

24/7

real-time monitoring

Ready to do more with less?

Request a demo or start your free trial today. Get instant access to AI-powered threat intelligence tailored to your organisation.