When you think of the weather in Austin, Texas, you likely immediately think of its record-setting heat in the past few years, climbing over 111° F/44° C occasionally. It is easy to forget that Austin has reached lows as cold as -2° F/ -19° C in the past. The third week in February this year saw a polar vortex bring extreme cold to the area as threat intelligence professionals and other security practitioners got together to share our knowledge and warm ourselves in the community spirit of IntelliC0N 2025.

This marked the second and largest IntelliC0N, a community-driven event focused on emerging threat intelligence and fighting cybercrime. Over 200 people gathered for two full days, including a day of workshops and a full day of sessions covering a variety of topics.

Leveraging AI for Threat intelligence

While threat intelligence was the primary focus, AI and LLMs also took the spotlight, being featured in multiple talks, including the keynote. In her opening address to the intelliC0N crowd, Kyla Guru, Cyber Threats Policy Manager at  Anthropic and Founder of Bits N'​ Bytes Cybersecurity Education, explained how AI is transforming cybersecurity. This is true of both attackers and defenders experimenting to enhance their capabilities. Research shows that LLMs like ChatGPT can assist in identifying threat actor TTPs but require human oversight to avoid hallucinations and misattributions. 

She emphasized that AI should act as a supportive tool, much like a junior analyst, rather than an autonomous decision-maker. Establishing confidence thresholds and understanding AI’s limitations are crucial before fully integrating it into security workflows. Ultimately, AI is a powerful aid, but human expertise remains essential in making critical cybersecurity decisions.

AI for awareness training

In his session, "Using AI for Positive Security Outcomes," Lee Martin, The Director of Product Management at COFENSE, took a slightly different approach to utilizing AI to raise awareness of cybersecurity issues. Unlike Kyla's talk, focusing on using AI for analysis, Lee leaned into building far more engaging training programs. He said the greatest advantage of leveraging AI for asset generation was the speed. Rather than wait for lengthy design process iteration, as training content creators on his team need assets, they can rapidly leverage LLMs to produce themed images, layouts, and even entire virtual worlds.

He walked us through his process and all the refinements needed to get the results they wanted. A good deal of the prompt creation he and his team use expressly tells the AI what they do not want. Lee explained the results are often far from perfect but can cut down asset-creation times by up to 90%, allowing them to take on more ambitious projects. 

Threat Intelligence means uncovering blind spots

Throughout the event, there were many conversations about finding out what you don't know, which lies at the heart of this area of cyber security. In simplest terms, threat intelligence is all about making better security decisions for the business by analyzing available data. This data tends to focus on understanding a threat actor's motives, targets, and attack behaviors.

Importantly, threat intelligence is not just the data itself; it requires a contextual understanding of how the organization can be affected. One session that made this clear was "Navigating the Shadows: The Crucial Intersection of KYC, AML, and Cyber Threat," from Jonathan Gonzalez, AVP of Cyber Threat Intelligence at Synchrony, the online bank.  

Jonathan said that although he has been working in Digital Forensics and Incident Response (DFIR) for years, it was not until his wife started working on money laundering investigations that he realized the blind spot he had for how cybercriminals actually make their money. He explained that she started learning about malware and C2 servers, Business Email Compromise (BEC), and nation-state-sponsored advanced persistent threat actors, all of the areas a traditional cybersecurity role requires you to know. 

This made him wonder why he had never looked into the financial operations of these malicious attackers. He asked if we in cybersecurity are doing our part to meet the financial crime sector where they are to help secure our businesses and personal finances better. For example, Know Your Customer (KYC) is a very recognized concept in financial security, helping prevent money laundering by verifying the identity, suitability, and risks associated with a business relationship. Jonathan said this is not a well-understood term throughout cybersecurity discussions, even as we work in a world where identity really is the new perimeter.

As he closed his session, he encouraged us all to keep expanding our knowledge and take these tactics and adversarial behaviors into account when looking at a wider threat environment.

Good threat intelligence relies on good communication

All through the event, there was a running sentiment that threat intelligence is not just about the raw data, it is about interpreting and communicating what we find in order to pretect our organizations. Your author was fortunate enough to give a talk about this same subject, discussing the need to speak the same language of risk that your executives and other teams do. If we just loudly yell about what we see as a danger without establishing context, we are not going to get the buy-in we need to affect change.

This was the second ever IntelliC0N, and hopefully will not be the last. No matter what area of security you work in, starting from a perspective of gathering the facts and then contextually analyzing them to make an action plan is always going to serve you well. I was impressed with the level of conversation and career maturity of many of the participants I spoke with.

I highly recommend finding such like-minded people in your area through a local security meetup or event. GitGuardian might even see you there.like-minded