-
Sources
-
Articles
-
Clusters
-
Entities
Trending clusters, updated live
Every cluster is enriched automatically. Here's what the AI extracts from your articles.
Our Entity Engine extracts 17 entity types from every article - threat actors, malware families, CVEs, IP addresses, domains, companies, countries, MITRE ATT&CK techniques, ransomware groups, tools, and more.
A critical out-of-bounds read vulnerability in Citrix NetScaler ADC and Gateway products allows unauthenticated remote attackers to execute arbitrary code via specially crafted SAML requests...
ThreatCluster AI reads every article in the cluster and generates a concise summary with key points. No jargon, no filler. Just what you need to know and why it matters.
ThreatCluster AI reconstructs a chronological timeline from all sources. See when the vulnerability was disclosed, when exploitation began, when patches dropped, and what happened between.
Track emerging campaigns, malware families, and threat actors. Identify trends before they hit the news cycle.
Track 30,000+ unique entities and custom keywords. Set up webhooks, notifications, and email digests.
Tag clusters for easy organisation and categorisation. Build your own taxonomy on top of the feed.
Create custom automation workflows triggered by keywords, thresholds, or schedules. Connect to Slack, email, webhooks, and more.
Connect ThreatCluster to Claude Desktop and Claude Code. Search threats, pull IOCs, and generate queries from your AI assistant.
Full REST API with 23 endpoints. Search, IOC export, entity lookup, trending data. 120 requests per minute.
Standard MISP feed with IOC context, threat level mapping, and TLP markings. Drop it straight into your MISP instance.
Save clusters into personal or shared collections. Organise by incident, campaign, or client engagement.
Generate threat briefs in 6 styles. Add your logo for white-labelled output. Export to PDF or share via link.
A major incident drops. Leadership wants answers. ThreatCluster clusters every source covering it in real time, extracts the CVEs, products, and threat actors involved, and gives you the full picture in one place instead of two hours of trawling.
Set keywords for your stack, your industry, your threat actors. ThreatCluster watches thousands of sources so you do not have to. When something relevant appears, you know.
Pick your clusters. Generate a threat brief. Export it. The weekly reporting that used to eat half a day takes minutes.
Related incidents, actor history, CVEs, and IOCs in one cluster. Context in seconds, not 30 minutes.
Automated collection from thousands of sources. Entity extraction, actor timelines, and IOC feeds built as data arrives.
Trending threats by industry, severity scoring, and AI-generated executive briefs. Board-ready in minutes.
Filter by sector, generate white-labelled reports, and run org-scoped workflows across your client base.
Mid-incident context. Related campaigns, actor TTPs, and IOCs already clustered. Less pivoting, faster decisions.
Track CVEs from disclosure to active exploitation. Know which ones matter to your stack before the scanner tells you.
Current TTPs by actor and industry. Real-world attack chains to inform engagement scoping and scenario design.
Track threats to industrial systems, SCADA, and critical infrastructure. Filter by ICS-specific malware, actors, and CVEs.
Nation-state actor tracking. Campaign timelines. Geopolitical threat context. STIX and IOC feeds for existing tooling.
Join thousands of security professionals who get their threat intelligence from one place. Free to start, no credit card required.