Cybersecurity has entered a new era. The arms race between defenders and adversaries is escalating, and artificial intelligence is emerging as the weapon of choice on both sides.
At the heart of this transformation is Rachel James, Principal AI ML Threat Intelligence Engineer at biopharmaceutical giant AbbVie. Her role? Use AI to outthink and outmaneuver cyber attackers before they strike.
Making Sense of the Noise
James and her team employ large language models (LLMs) to analyze security alerts at scale — identifying duplicates, clustering patterns, and uncovering critical gaps.
“In addition to the built-in AI augmentation from vendors, we use LLM analysis on detections, observations, correlations, and associated rules,” she says.
This approach not only speeds up detection but also paves the way for deeper threat intelligence integration in the future.
Connecting the Dots with OpenCTI
The backbone of AbbVie’s intelligence operation is OpenCTI, a powerful threat intelligence platform. Combined with AI, OpenCTI helps normalize fragmented data into structured STIX format, offering a clear, unified view of potential threats.
The ultimate goal? Link threat intelligence to every part of the security operation — from vulnerability management to third-party risk assessments — using AI as the connective tissue.
Staying Grounded in AI Security
James isn’t just building tools — she’s helping define the rules. As a contributor to the “OWASP Top 10 for GenAI,” she’s helping organizations recognize and address the new risks introduced by generative AI.
She highlights three critical concerns for business leaders:
- Accepting the unpredictability of generative AI
- Managing the transparency trade-offs in complex models
- Avoiding overhype and misjudged ROI in fast-moving AI projects
Think Like Your Attacker
James brings a unique advantage to the table: her background in cyber threat intelligence. She studies how threat actors adopt AI, tracks activity across the dark web, and maintains a GitHub repository of findings under the name cybershujin.
She also actively develops adversarial prompt injection techniques and collaborates with fellow red teamers to stay ahead of the curve.
A Shared DNA: AI and Threat Intelligence
James sees an unlikely but powerful parallel: the cyber threat intelligence lifecycle and the AI data science lifecycle are strikingly similar. This opens the door for cybersecurity teams to fully leverage shared intelligence and AI to build more resilient defenses.
Her advice to peers? Embrace the evolution. “Data science and AI will be a part of every cybersecurity professional’s life moving forward,” she says. “You can’t opt out.”
