Liberty91
Clean modular grid of glowing card-like knowledge objects on deep-navy background, with warm orange and amber light beams threading between adjacent cards, suggesting cross-references and continuous updates
Product6 min read

Intelligence Requirements: Self-Maintaining Knowledge for CTI Teams.

If you have ever run a CTI desk, you know the pattern. Dozens of new threat events land in your queue before lunch. A ransomware crew claims a hospital chain in Texas. A new infostealer campaign rides cracked games. Three CVEs drop on a widely deployed VPN. A Telegram channel leaks what looks like data from a Dutch bank. Each is potentially relevant to someone you serve. None of it is filed in a way that makes it findable next week.

The triage burden, the synthesis burden, the standing-question maintenance burden — these are the parts of the work that consume the day and keep the analyst from doing the analysis.

We have been building toward a different way of working since Liberty91 started. Today we are introducing the feature that brings it together: Intelligence Requirements.

What Intelligence Requirements actually do

An Intelligence Requirement is a question your team needs answered continuously — about a sector, a country, a malware family, a threat actor, a supplier, an asset group, a VIP, anything that matters. Liberty91 turns each one into a self-maintaining knowledge base on that topic. The knowledge base updates whenever meaningful new evidence arrives, keeps inline citations to every event that contributed to the current view, and is queryable in natural language.

Five things change the moment Intelligence Requirements are switched on:

  1. Always-current knowledge.Liberty91 keeps its own Intelligence Requirements continuously updated on the topics most teams care about — sectors, malware families, threat actors, supply-chain themes, regional context. Knowledge that compounds rather than expires.
  2. Yours stays yours.Your team can author additional Intelligence Requirements specific to you — your suppliers, your asset groups, your VIPs, your M&A interests. Anything you author, and the data you feed it, stays private to your organisation.
  3. Context on every event.Every incoming event is read through every relevant Intelligence Requirement. Each one lands with cumulative expert context — the kind no single analyst could realistically carry in their head across every sector, every malware family, every threat actor, every supplier you watch.
  4. Not just threats. Intelligence Requirements cover your own organisation, suppliers, assets, VIPs and confidential interests alongside the threat-side requirements. The full picture, not half of it.
  5. They work together. Intelligence Requirements cross-reference each other. Ask a question and the platform stitches the answer across every relevant requirement, with citations.
Intelligence Requirements are easy to write down. Keeping them current is the actual job — and it is where most of the analyst day disappears. We wanted a platform that took the maintenance over.

What this gives you on an average Tuesday

A few effects worth flagging:

  • Triage routes itself. Events flow into the Intelligence Requirements they belong to instead of into a single stream you re-classify by hand.
  • Briefs assemble themselves. A weekly sector brief reads itself out of the relevant Intelligence Requirements; the analyst spends time on framing, not bibliography.
  • Stakeholder questions get answered, not deflected. When a CISO asks “what is going on with infostealers right now?” the answer is one query, with citations across every Intelligence Requirement that matters to the question.
  • Coverage compounds.Each new event refines the Intelligence Requirements it lands in. The platform learns the shape of your team's standing concerns rather than forgetting it every Monday.

The role of the analyst does not shrink. It shifts. The agents carry the topic knowledge — the cumulative reading no single human can hold across every sector, every malware family, every actor and supplier — and the analyst spends the day on orchestration, framing, and judgement. Which Intelligence Requirements matter for this RFI. Which framing the stakeholder needs. Whether the platform's draft holds up under scrutiny. The work that requires a human keeps a human; the work that does not, does not.

From PIRs to live Intelligence Requirements

If you have already written Priority Intelligence Requirements into a doctrine document — and our recent piece on PIRs in practice walks through how — Intelligence Requirements are where those PIRs come to live. Same concept; the platform handles the maintenance. They carry priority, owner and review-cadence metadata so they slot into your team's existing lifecycle.

Intelligence Requirements are live in Liberty91 today. To see how they map to your team's standing questions, take a look at our solutions overview or get in touch.

Ready to do more with less?

Request a demo or start your free trial today. Get instant access to AI-powered threat intelligence tailored to your organisation.