Skip to main content
CyberThreat AI is a web platform that accepts an indicator of compromise (IoC) — an IP address, domain, or file hash — and returns a structured threat verdict sourced from multiple cyber threat intelligence (CTI) providers, reasoned by an AI model in real time.

What problem it solves

Investigating a suspicious IP, domain, or file hash typically means querying several threat intelligence platforms separately, manually correlating the results, and then forming a judgment. CyberThreat AI automates that entire workflow: it fans out to all relevant sources in parallel, normalizes the data, and streams a structured AI analysis directly to you — verdict, confidence level, reasoning, and recommended actions included.

Key capabilities

Automatic IoC type detection

Paste any IPv4, IPv6 address, domain name, MD5, SHA1, or SHA256 hash. CyberThreat AI identifies the type automatically using strict Zod-based validators — no dropdowns, no manual selection.

Multi-source threat intelligence

Queries VirusTotal, AbuseIPDB, PolySwarm, and Robtex in parallel. If a single source is unavailable or returns no data, the analysis continues with the remaining sources and surfaces a warning.

Real-time AI verdict streaming

Results stream token by token via Server-Sent Events (SSE). The AI response is rendered as formatted markdown as it arrives — no waiting for the full response before you can start reading.

Bring your own keys (BYOK)

Supply your own API keys for OpenRouter, VirusTotal, AbuseIPDB, and PolySwarm. Keys can be set once in the UI and are stored locally in your browser, or passed per-request via HTTP headers.

AI model selection

Choose the AI model used for analysis. Options include OpenRouter Auto, free-tier models from Google, StepFun, and LiquidAI, letting you balance cost and capability.

Per-source warning system

When a CTI source returns an invalid API key, no data, or an unexpected error, the platform surfaces a warning inline without interrupting the analysis — so you always know which sources contributed.

Supported IoC types

CyberThreat AI detects the following indicator types automatically:
TypeExample
IPv41.2.3.4
IPv62001:4860:4860::8888
Domainexample.com
MD5 hash44d88612fea8a8f36de82e1278abb02f
SHA1 hashda39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 hashe3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

What the AI verdict includes

Every analysis produces a structured response in Spanish with the following sections:
  • Veredicto — classification: Malicioso (Malicious), Sospechoso (Suspicious), or Benigno (Benign)
  • Confianza — confidence level: Baja (Low), Media (Medium), or Alta (High)
  • Resumen — a short narrative summary of the analysis
  • Motivos — a list of specific reasons supporting the verdict
  • Acciones recomendadas — recommended actions to take

Get started

Quick Start

Submit your first IoC and read a verdict within 2 minutes

Configuration

Configure your API keys and choose an AI model

API Reference

Call the analysis endpoint programmatically

Build docs developers (and LLMs) love

Get started for freeTalk to us