Generative AI for cyber threat intelligence: applications, challenges, and analysis of real-world case studies

This paper presents a comprehensive survey of the applications, challenges, and limitations of Generative AI (GenAI) in enhancing threat intelligence within cybersecurity, supported by real-world case studies. We examine a wide range of data sources in Cyber Threat Intelligence (CTI), including security reports, blogs, social media, network traffic, malware samples, dark web data, and threat intelligence platforms (TIPs). This survey provides a full reference for integrating GenAI into CTI. We discuss various GenAI models such as Large Language Models (LLMs) and Deep Generative Models (DGMs) like Variational Autoencoders (VAEs), Generative Adversarial Networks (GANs), and Diffusion Models, explaining their roles in detecting and addressing complex cyber threats. The survey highlights key applications in areas such as malware detection, network traffic analysis, phishing detection, threat actor attribution, and social engineering defense. We also explore critical challenges in deploying GenAI, including data privacy, security concerns, and the need for interpretable and transparent models. As regulations like the European Commission’s AI Act emerge, ensuring trustworthy AI solutions is becoming more crucial. Real-world case studies, such as the impact of the WannaCry ransomware, the rise of deepfakes, and AI-driven social engineering, demonstrate both the potential and current limitations of GenAI in CTI. Our goal is to provide foundational insights and strategic direction for advancing GenAI’s role in future cybersecurity frameworks, emphasizing the importance of innovation, adaptability, and ongoing learning to enhance resilience against evolving cyber threats. Ultimately, this survey offers critical insights into how GenAI can shape the future of cybersecurity by addressing key challenges and providing actionable guidance for effective implementation.