About the Threat Research Agent

The Threat Research Agent is an AI-powered capability within the ThreatQ platform that enhances how you interact with and analyze threat intelligence. By combining natural language processing with ThreatQ’s data and operations, the agent enables you to quickly query information, generate insights, and perform enrichment tasks without relying on manual workflows.

Built on a dual-service architecture, the agent integrates a customer-supplied large language model (LLM) with ThreatQ’s operational framework to deliver intelligent, context-aware responses. Customers must provide and configure an LLM from one of the supported providers: OpenAI, Anthropic, Google Gemini, or Ollama. The agent then leverages this model to interpret user intent, retrieve relevant data from the Threat Library, and utilize configured operations as tools to automate analysis and enrichment.

The Threat Research Agent is designed to operate securely within your environment, inheriting user roles and permissions while ensuring that data is only shared with the configured LLM after the feature is explicitly enabled. This provides organizations with a controlled and flexible way to incorporate AI-driven capabilities into their threat intelligence processes while maintaining full control over their AI provider and configuration.