I've seen presentations that prove this, and the AI does a better job at crafting phishing urls with a higher success rates than most humans do. This is where we start thinking of the larger AI frameworks as layers..

The real problem we're trying to solve here is context. We're lifting a bunch of "tokens", that usually have more than 3 characters, surrounding them with context and applying a probability value to them. All this with the express purpose of taking the high value indicators and applying them to our defenses in real-time. Not trivial, but not hard either. I'm not an SKLearn or NLTK expert- but I do know what it feels like to block accidentally netflix.com at the border….

Ten years from now, it wouldn't surprise me if, instead of trading threat intel, we were trading data models (reads: 'glorified patterns and/or TTPs). It also wouldn't surprise me if the need for traditional threat intel platforms, went away…

The less noise your hunters have to weed through, the more focused they become. The more focused they are, the more likely they'll find that needle. Often times, as is the case with most breaches, enough positive edge is all it takes….