Threat intelligence supply chain is full of weak links • The Register
Threat intelligence supply chain is full of weak links • The Register
https://www.theregister.com/2026/02/25/threat_intelligence_supply_chain_research/
Publish Date: 2026-02-25 00:49:00
Source Domain: www.theregister.com
Researchers from Georgia Tech have found that the supply chain for threat intelligence data is susceptible to adversarial action, and proposed a method to improve data sharing that they think will make it stronger.
Brenden Kuerbis, a research scientist at the Georgia Tech’s School of Public Policy sketched the proposal on Monday by noting that in January 2026, China appeared to ban security software developed by some US and Israeli firms – probably because it fears data leakage if local firms use the foreign software.
“This move represents more than just another salvo in ongoing tech tensions between the two governments,” he wrote. “It threatens to fracture a foundational practice of internet cybersecurity: the global threat intelligence ecosystem that allows defenders worldwide to collect, analyze, and share information about emerging attacks and responses to cyber threats that know no borders.”
According to other researchers at the institution, the ecosystem was already weak before China’s action.
They will discuss their work at the Network and Distributed System Security (NDSS) Symposium in San Diego, when they present a paper titled “Actively Understanding the Dynamics and Risks of the Threat Intelligence Ecosystem.”
The researchers identified three main players in the ecosystem:
- Threat intelligence platforms like VirusTotal and MalwareBazaar;
- Antivirus companies that produce their own threat intelligence, and tools to make it usable;
- Malware sandbox services that offer analysis-as-a-service to anyone trying to understand the behavior of a binary.
The paper points out that threat intelligence is a big business, but that the quality of information available is not great because different stakeholders release different data.
They reached that conclusion after creating “benign yet suspicious binaries” and sharing them with…
