Threat Analysis and AI-Assisted Threat Intelligence for Cybersecurity Compliance

Quick Summary 

We delivered a structured threat analysis capability that guides organisations through the identification, cataloguing, and evaluation of threats relevant to their specific asset and operational context. Built on a baseline threat library covering common vectors such as malware, phishing, insider threats, and physical breaches, and extended through AI-assisted suggestions and likelihood scoring, the solution creates a traceable, scored threat catalogue that connects directly to the assets and controls it informs. 

• Faster, more complete threat identification: AI-assisted threat suggestions and a pre-defined threat library ensure organisations identify relevant threat vectors they might otherwise overlook, reducing the time and expertise required to build a comprehensive threat catalogue from the ground up. 
• Structured threat intelligence that drives better risk decisions: Likelihood scoring, asset linkage, and predictive threat analytics give security teams a forward-looking, evidence-backed view of their threat landscape, replacing static lists with dynamic intelligence that strengthens both compliance reporting and operational decision-making. 

Industry

Cybersecurity/SaaS 
 

Geography 

UK 
 

Core Technologies Used 

Frontend & Backend  

• React 
• Python  

LLM Model 

-OpenAI models GPT-4 class / GPT 4o, GPT-5 class [for reasoning] 

embedding model 

-OpenAI - Text Embedding 3 Small [for RAG & semantic search] 

NLP Preprocessing 

-spaCy - en_core_web_lg  [for Entity extraction] 

Agentic Framework 

-LangGraph 

Client Profile 

The client is a cybersecurity product company building a compliance platform for SMEs and enterprises operating across regulated environments. The platform is designed to consolidate the core pillars of a security programme, covering asset management, risk assessment, policy compliance, staff awareness, and incident response, into a single governed product experience. Cubet was engaged as the product engineering partner responsible for designing, building, and delivering the platform from the ground up. The Threat Analysis capability was built as a direct extension of the asset inventory and control assessment foundations, creating traceability from identified threats back to the assets they could affect and the controls already in place. 

Challenges

• No structured threat identification process: Most organisations, particularly SMEs, had no formal process for identifying and cataloguing threats. Threat awareness was informal, inconsistent, and heavily dependent on the knowledge of individual team members rather than a governed, reusable system. 
• Overlooked threat vectors: Without reference to established threat libraries or AI-assisted prompting, organisations routinely missed relevant threat vectors. Common but underappreciated threats such as insider risks, supply chain vulnerabilities, and physical breaches were frequently absent from informal threat lists. 
• No linkage between threats, assets, and controls: Even where threats were identified, they existed in isolation. Without a structured way to associate each threat with the assets it could affect and the controls already in place, organisations could not assess coverage gaps or prioritise their response effectively. 
• Subjective and inconsistent likelihood assessment: Threat likelihood was estimated informally or not assessed at all. Without a defined scoring methodology grounded in threat characteristics and historical data, likelihood judgments varied between assessors and could not be relied upon in risk calculations. 
• Reactive threat management: Organisations had no mechanism for detecting emerging or evolving threats proactively. Threat lists were static, updated manually when incidents occurred, and provided no forward-looking intelligence to support preventive action. 
• Compliance gaps in threat documentation: Risk frameworks require organisations to demonstrate that threats have been systematically identified, characterised, and scored. Without structured records of threat nature, historical occurrence, and likelihood, producing that evidence ahead of audits required significant retrospective effort. 

Solution

We designed and built a threat analysis capability that takes organisations from an informal awareness of potential threats to a structured, scored, and traceable threat catalogue. The solution is guided by AI assistance at every stage, from initial threat identification through to likelihood evaluation and predictive monitoring, ensuring that threat intelligence is both comprehensive and continuously relevant. 

The solution is built around three interconnected layers: a structured threat identification and cataloguing process seeded by a baseline threat library, an AI-assisted evaluation engine that analyses threat characteristics and suggests likelihood scores, and a predictive analytics layer that monitors external threat intelligence feeds and the organisation's own incident history to surface emerging risks proactively. 

• Baseline threat library covering common threat vectors including malware, phishing, insider threats, and physical breaches, providing organisations with a structured starting point for threat identification 
• AI-assisted threat suggestions that recommend additional threats relevant to the organisation's specific asset profile and operational context, ensuring coverage extends beyond generic lists 
• Threat characterisation recording covering threat nature, capabilities, historical occurrence, and potential impact for each identified threat 
• Asset and control linkage associating each threat with the assets or asset groups it could affect and the controls currently in place, building end-to-end traceability across the compliance programme 
• AI-assisted threat evaluation that analyses threat characteristics and references cybersecurity threat intelligence data to suggest likelihood of occurrence for each identified threat 
• Structured likelihood scoring on a 1-to-5 scale, where 1 represents highly unlikely and 5 represents highly likely, producing consistent, comparable scores for use in risk calculations 
• Predictive threat analytics using a machine learning model to analyse external threat intelligence feeds and the organisation's incident history, identifying emerging threats and changing likelihood levels proactively 
• Proactive threat alerting that notifies users of new or evolving threats before they appear in static library lists, shifting threat management from reactive to anticipatory 

Technical Highlights

• Baseline threat library: The platform is pre-populated with a structured set of common threat vectors, giving organisations an immediate starting point and reducing the risk of significant threats being overlooked during the identification process. 
• AI threat recommendation engine: An AI component analyses the organisation's asset profile and operational context to suggest threats that may not appear in standard lists, extending coverage to vectors that are relevant but less commonly considered. 
• Threat intelligence integration: The AI evaluation engine references cybersecurity threat intelligence data to contextualise identified threats, providing likelihood suggestions grounded in known data about each threat type rather than relying solely on user judgment. 
• End-to-end traceability: Each threat is linked directly to the assets it could affect and the controls currently in place, creating a traceable map across the compliance programme that makes coverage gaps visible and supports targeted remediation. 
• Structured likelihood scoring: A defined 1-to-5 scoring scale produces consistent, auditable likelihood assessments for each identified threat, replacing informal estimates with comparable scores that feed directly into the platform's risk calculations. 
• Predictive machine learning model: A machine learning model analyses both external threat intelligence feeds and the organisation's own incident history to identify emerging threats and shifts in likelihood, enabling proactive response rather than retrospective awareness. 
• Proactive alerting: The system surfaces new and evolving threats to users as they emerge, ensuring the threat catalogue remains current without requiring manual monitoring of external intelligence sources. 

Impact

• More complete threat coverage from the outset: AI-assisted suggestions and a pre-seeded threat library ensure organisations identify threat vectors they would otherwise miss, producing a more comprehensive catalogue without requiring specialist threat intelligence expertise in-house. 
• Threats connected to assets and controls: End-to-end linkage between threats, assets, and controls gives security teams an immediate view of where coverage is strong, where gaps exist, and which assets carry the greatest unmitigated threat exposure. 
• Consistent, evidence-backed likelihood assessments: Structured scoring grounded in threat intelligence data replaces subjective estimates with auditable likelihood ratings, producing assessments that risk calculations and compliance reports can rely on. 
• Proactive threat awareness: Predictive analytics and proactive alerting shift the organisation's posture from reactive to anticipatory, giving security teams advance notice of emerging threats rather than awareness that arrives only after an incident. 
• Stronger risk calculation inputs: Because threat likelihood scores feed directly into the platform's risk engine, the accuracy of those scores has compounding value across the entire compliance programme, producing risk assessments that reflect the organisation's actual threat environment. 
• Audit-ready threat documentation: Structured threat records covering nature, capabilities, historical occurrence, likelihood scores, and asset linkages give organisations the documented evidence that compliance frameworks require, without the need for retrospective reconstruction ahead of audits. 
• Reduced dependence on individual expertise: AI-assisted identification and evaluation reduce the organisation's reliance on the specialist knowledge of individual team members, making the threat assessment process repeatable and consistent regardless of who conducts it.