However, 80% of respondents recognise their threat intelligence programs are not fully operationalised, highlighting a significant opportunity for threat intelligence automation. The findings, gathered from security professionals at InfoSec Europe 2025, expose critical gaps in the maturity and automation of legacy threat intelligence platform capabilities, as well as a growing appetite for AI-driven solutions to augment speed, context and actioning of threat intel.
Further survey results support this gap in operationalised threat intelligence, where 30% noted they are grappling with too many feeds with too little context, followed by a lack of automation/playbooks capabilities at 29%, and insufficient dedicated staff at 18%. All of these challenges reflect the need for maturing and operationalising threat intelligence that can be addressed with an AI-driven, automation-rich threat intelligence platform (TIP).
Survey responses identified the most in-demand TIP capabilities as follows: automation (48%), contextualisation and enrichment (37%) and more accurate risk scoring (34%). “We are excited to see this validation, coming straight from security practitioners, for how we’ve designed automation across the threat intelligence management lifecycle," said Anuj Goel, CEO and Co-founder of Cyware. “Our unified threat intelligence solution automates ingestion, normalisation, de-duplication, enrichment and all the way through to threat actioning, facilitating and accelerating the full threat workflow.”
The automation theme continued in survey results, with over half (51%) of cybersecurity professionals believing AI is best placed to automate triaging and prioritisation of threats. Cautious excitement exists with AI, where 61% said they would only trust AI agents to take limited autonomous actions (such as blocking IOCs or quarantining endpoints) provided there was still human oversight.
“The survey confirms what many in the industry are already feeling – that traditional approaches to threat intelligence are no longer enough,” said Brett Candon, VP International at Cyware. “Security teams need AI-powered tools that can enrich data with context, automate time-consuming workflows and support real-time decision making. The opportunity is an augmented system from AI and automation that maintains human verification or oversight while improving their capacity to defend against the volume and complexity of today’s threats.”
Additional key research findings include:
• Only 20% of respondents said they are “fully operationalised” in their use of threat intelligence with response integration–reflecting the gap in legacy TIP with current threat intelligence program requirements.
• Of those using a legacy TIP, only 17% use it to automate response workflows and 27% to enrich incidents and alerts–exposing untapped potential in modern TIPs.
• Only 16% of TIP users are currently sharing intelligence with partners or peers, despite nearly 75% recognising a need to improve sharing practices–further identifying opportunities with modern TIP capabilities.
• Only 38% of organisations have a defined threat intel sharing process that includes their supply chain, suggesting a missed opportunity for building greater resilience through collaboration.
• 39% identified AI-assisted correlation of IOCs and TTPs as the most valuable capability in an AI-powered TIP.
