Business & Technology
How does AI improve the speed of threat hunting?
The introduction of LLM-powered AI SOC platforms is democratising threat hunting by breaking down the technical barriers that have historically limited access to it for senior analysts.
By allowing analysts to translate intent into platform-specific queries using natural, non-technical language, AI eliminates the need for specialised knowledge like Python scripting or proprietary query languages.
Now we know that artificial intelligence can accelerate threat hunting and open it up to a wider set of team members, but exactly how does it achieve this transformation? This article covers exactly how.
Applied to the threat hunting process, AI can:
- Automate evidence gathering
- Suggest where threats can be hunted
- Translate intent into queries
- Provide a reasoning layer that wasn’t there before
- Enable complex, always-on threat hunting
Threat hunting isn’t good enough if it is sporadic, subjective, or based on human timelines: adversaries are attacking at the speed of machines, and AI-enabled ones at that.
Weaving AI deeply into modern threat hunting practices will now only “speed things up,” but change the threat hunting expectation from an occasional benefit to a constant, standard practice.
1. Automating Evidence Gathering (& Saving SOC Cycles)
At the start of a threat hunt, one looming barrier stands in the way: gathering evidence. For the typical SOC, this means toggling between a half dozen tools, taking screenshots, and compiling the case.
With AI, security operations automation becomes a reality. As leading AI SOC platform company Prophet Security explains, “Once a hunt starts, [an AI SOC solution] pulls logs, events, and metadata from integrated sources without requiring the analyst to query each one manually.”
Without the use of AI, this process can take up to an hour with manual investigative querying processes alone: across SIEM, EDR, email, IAM, etc. With AI, that timeline is reduced to less than 20 minutes.
2. Suggesting Threat Hunts: Getting to What Matters
However, before evidence can even be gathered, analysts need to know what they’re hunting: the hypothesis.
Not all SOCs are equipped with the same technical expertise or the same amount of time to do a hunt. The status quo is that threat hunting is currently a proactive measure; something done to stay ahead of threats missed by detection rules and done as a hygienic best practice. Otherwise, threat hunting is a strictly reactive procedure as part of the incident response process, and typically done in response to a recent breach or an upcoming audit.
Either way, feeling ahead of the game or behind it still makes threat hunting seem “special.” The end goal is to make it seem standard.
And neither scenario leaves hunters with all that much time to carefully choose where to start, or what to pursue. With so many possible signals, any one of them could lead to a wider issue – or to a dead end. Getting hours into a hunt only to realise the road leads nowhere is a waste of time and money, and every threat hunter knows the feeling.
AI can suggest the threats worth hunting before anyone even starts looking at the signals. By ingesting telemetry from across all integrated tools (EDR, identity logs, network traffic, SIEM), it creates a baseline of normal behaviour.
When something deviates from normal behavior, it can go one step further by mapping to known attacker techniques (MITRE ATT&CK), and then form a hypothesis about what could be wrong.
Most importantly, not all hypotheses are created equal. AI knows this. It ranks hypotheses by criticality (asset criticality, privilege level, likelihood) and presents hunters with a ranked list: not a best-guess, intuition-inspired direction.
Then, all analysts have to do is ask the right questions.
3. Translating Intent into Queries: No Coding Required
Currently, when analysts want to query systems, they have to speak the respective language. With AI, Large Language Models (LLMs) do this technical heavy lifting for threat hunters. In an AI SOC, even a junior analyst can type in a simple request:
“Where else across the environment was this (flagged) IP seen?”
And AI will use natural language processing to translate the plain-language question into platform-specific query languages (SQL, SPL, KQL): no technical interface required. No manual coding. This not only makes “every analyst a threat hunter,” thereby speeding up how many threat hunts can be performed, but it also makes each hunt faster.
Senior analysts can skip the long lines, the reviewing and editing, and the technical learning curves to searches; instead, they can focus on the actual “thinking” part of threat hunting.
Increasingly, AI is doing even that, too.
4. Providing Additional Reasoning, At Machine Speed
Automation-only tools (SOAR, XDR) may correlate events, but the best AI SOC platforms tell analysts why they happened. Agentic AI is behind that.
By providing an additional reasoning layer, analysts can move more quickly and confidently through hunts, having a built-in backup “brain” at each step.
Agentic AI constructs dynamic attack narratives, building an attack graph across users, hosts, processes, and network connections. It processes and correlates context, tying it into the broader story.
After mapping to MITRE ATT&CK, it can show analysts:
- A timeline of the attack
- A likely attack path
- Any missing steps
These missing steps are where threat hunters fill in. It takes teams from raw logs to the structured intent of the attacker, bypassing hours of analysis, toggling, and piecing together clues along the way.
Now, instead of “Suspicious PowerShell execution” alerts, teams get something like: “Suspicious PowerShell on a domain controller by a rarely used admin account after anomalous login.”
Starting there means starting with a significant head start.
5. Enabling Complex, Always-On Threat Hunting for Max Coverage
Another reason threat hunting with AI is faster than threat hunting without it, is that AI never tires. In traditional setups, humans are the head, foot, and tail of threat hunts. They might operate automated tools, but things don’t happen until they’re at the controls.
While most SOCs run 24/7, small teams and even large enterprises understand how hard (and costly) that can be. Your 3 am threat hunting team is not going to be as sharp, savvy, or awake as your 9 am team.
Or, as AI.
AI-enabled threat hunting through an AI SOC means vigilance that never sleeps, tires, or makes mistakes out of exhaustion. Mental powers are never taxed, and help surface signals that may otherwise be overlooked.
Speed Becomes Consistency
AI makes threat hunting faster. And when things are done faster, they can be done more often.
This benefits large enterprises, who, even at their best, may only conduct threat hunting once a week (or once a day for elite achievers).
This benefits mid-tier organisations that hover somewhere between quarterly threat hunts and even-based threat hunts: trying to stay on top of things but having to split analysts between proactive activities and daily tasks.
And it benefits the smallest companies that struggle to even staff a SOC, much less a SOC full of experienced threat hunters.
For all these teams, AI gives them something they never had: round-the-clock threat hunting, done at machine speed, and proactive security that comes standard.
The Takeaway: At a time when AI-driven threats never sleep, AI-driven threat hunting is more than a nice recommendation. It is the new norm for organisations that understand AI attackers aren’t playing by traditional detection rules, and that they will increasingly be found only via ongoing, AI-powered threat hunts.
Revolut has launched an in-app artificial intelligence assistant called AI by Revolut, joining a broader push by banks and fintech groups towards conversational banking.
The assistant, known as AIR, lets customers ask questions about their money by text or voice within the Revolut app. It is designed to handle routine account tasks such as breaking down spending, freezing a lost card, and helping users plan a travel budget without requiring them to navigate multiple menu screens.
The launch puts Revolut alongside other financial groups that are shifting user interaction away from fixed app navigation and towards natural language prompts. Starling has also introduced an AI assistant in its banking app, while payments groups are developing tools that allow software agents to complete transactions on customers’ behalf.
Shift in interface
The change reflects a broader redesign of digital finance products. Rather than asking users to choose functions from menus and tabs, banks are increasingly building chat-based interfaces that aim to complete tasks once a customer describes what they want.
That approach is now spreading beyond customer service. In banking apps, conversational tools are being positioned as a way to manage budgeting, subscriptions, card controls and account information. In payments, the same model is emerging in systems that allow AI agents to discover products, make selections and complete checkout steps.
Visa has outlined a platform intended to connect merchants with AI shopping agents through a single integration. The concept points to a market in which customers could instruct software to reorder household goods or complete routine purchases, while established payment networks continue to process the underlying transaction.
Other parts of the sector are making similar changes. Business payments platform Melio has introduced an AI assistant for accountants and small companies that answers questions about bills, vendors and cash flow. At the same time, the Bank of America has developed an internal AI tool for staff in its global payments operation.
Competitive pressure
For consumer finance groups, the race to introduce conversational services is also becoming a competitive issue. Apps that reduce the number of steps required to complete common tasks may improve customer retention, particularly as digital banks compete on ease of use as much as on price and product range.
Revolut’s move comes as fintech groups try to make their apps the main place where customers manage day-to-day finances. By embedding an assistant that can answer questions and perform simple actions, Revolut is trying to keep users within its system for a larger share of their money-management tasks.
The stakes go beyond convenience. If conversational tools become the standard way to interact with banking and payments services, the companies that control those interfaces could gain greater influence over customer behaviour, product discovery and transaction flow.
Regulatory focus
Supervisors are also paying closer attention to the use of AI in finance. In the UK, the Financial Conduct Authority has begun examining how agentic AI could reshape retail financial services and affect consumers and markets. In the US, authorities have issued guidance intended to help financial institutions manage AI-related risk.
That scrutiny reflects a core concern across the sector. As banks and fintech groups move more customer activity into AI-led systems, they must show that the tools can operate safely, protect data and give users confidence that tasks are being completed correctly.
Privacy is likely to remain central to that debate, particularly as conversational systems sit between customers and sensitive financial information. The more these assistants are used for payments, transfers and account management, the more questions will arise about data handling, audit trails and accountability when something goes wrong.
For now, the most immediate effect is a visible change in how financial products are designed. The app screen is becoming less a map of buttons and more a prompt box, as banks and payments companies bet that customers will increasingly prefer to type or say what they need rather than search for the right feature.
Taken together, these shifts suggest that, for many routine tasks, natural language may become the main interface for digital money services.
PATS has launched a Hosted Buyer Programme for its 2026 trade show, with registration now open.
The scheme will arrange pre-scheduled meetings between senior retail buyers and exhibitors at the pet and aquatics event, which returns to the NEC Birmingham for three days in September 2026.
Aimed at international decision-makers and leading pet and aquatic retailers, the programme will give selected buyers a structured way to meet suppliers and review products in person, rather than relying on informal networking during the show.
The move marks a format change for PATS, which has positioned itself as a key UK trade event for the pet and aquatics sector. The show brings together retailers, distributors and suppliers across categories including aquatics, exotics and mainstream pet care.
Buyer focus
Under the Hosted Buyer Programme, meetings between buyers and exhibitors will be arranged in advance. The model is intended to support strategic sourcing and export activity while helping participants use their time at the show more efficiently.
Applicants must meet qualifying conditions to take part, and places will be allocated to selected participants. Interested buyers are being encouraged to apply early.
The programme follows a strong 2025 event, when attendance and exhibitor numbers rose sharply, prompting a more formal buyer engagement model for 2026.
“PATS 2025 was a landmark, record-breaking year,” said Ian Reynolds, Event Director, PATS.
According to the organisers, visitor numbers rose by 70% in 2025, while international attendance increased by 169%.
Reynolds said a record 445 exhibitors from 15 countries took part in the last edition, underlining the growing scale of the show and the value of a scheduled buyer programme for suppliers and retail delegates navigating a larger exhibition floor.
“The event saw a 70% surge in visitor numbers and a massive 169% increase in international attendance. A record 445 exhibitors from 15 countries participated. Building on this momentum, the 2026 Hosted Buyer Programme will offer selected participants exclusive benefits and a curated, efficient, and cost-effective experience tailored to their specific requirements,” said Reynolds.
Sector reach
PATS is focused on the specialist pet and aquatics trade, where exhibitions remain an important route for product discovery and wholesale buying. For suppliers, access to retail buyers through scheduled meetings can make trade events more commercially predictable. For buyers, it offers a faster way to compare ranges and hold discussions with multiple brands in one place.
The programme is described as a procurement platform for leading retailers in the sector. It is also intended to help brands build international links by making structured meetings central to the event experience.
That international element is notable in light of last year’s growth in overseas attendance. If sustained, it could strengthen PATS’ role not only as a UK trade exhibition but also as a meeting point for cross-border buying and supplier relationships in the pet and aquatics market.
The programme will sit alongside the wider trade show, where exhibitors present new lines and meet trade customers. The event spans a broad range of the sector, from traditional pet care to aquatics and exotics, giving buyers access to multiple product segments under one roof.
PATS is organised by Raccoon Media Group, which runs specialist events and media brands. The introduction of a hosted buyer format brings the show more closely into line with exhibition models used across other business-to-business sectors, where curated meetings match major buyers with selected exhibitors.
For the 2026 edition, the next step is the application process for buyers seeking a place in the programme, with entries screened against set criteria.
Heart Mind Spirit, founded by yoga therapist Alison Lewis, provides personalised, one-to-one yoga therapy sessions at the Burford-based space in the Cotswolds.
The sessions, available on Monday afternoons at Rooted, focus on movement, breathwork, and mindfulness, and will be tailored to each individual.
Alison Lewis, founder of Heart Mind Spirit, said: “I’m incredibly excited to be joining the Rooted community.
“It’s such a special space that truly reflects the values of connection, wellbeing, and personal growth.
“More and more people are looking for personalised, holistic ways to support their mental and physical health, and yoga therapy is becoming an increasingly valued part of that journey.
“Rooted provides the perfect environment to offer that kind of tailored support in a welcoming community setting.”
Heart Mind Spirit joins Rooted in Burford as part of a growing trend for accessible, community-led wellbeing services in rural areas.
Lillie Ananda, founder of Rooted, said: “As more people seek meaningful, accessible wellbeing support within their local communities, spaces like Rooted have an important role to play, and welcoming Heart Mind Spirit into the space feels like a natural and valuable addition to that vision.
“For me, it’s all about slowing down and really appreciating the root of all our offerings.”
Sessions with Ms Lewis began on Monday, April 13.
Rooted in Burford offers a broad programme of classes, workshops, and therapies to support individual wellbeing and foster a sense of community.
-
UK News9 hours agoStarmer says it ‘beggars belief’ he wasn’t told about Mandelson vetting failure as he faces Commons – UK politics live | Politics
-
Crime & Safety1 week agoLorry overturns on Oxfordshire A43 roundabout with driver trapped
-
UK News6 hours agoPhones to be banned in schools by law in England under government plans
-
Crime & Safety5 days agoOxford teacher who fiddled grades wants banning order ended
-
Oxford News3 weeks agoDrug driving arrest carried out in Oxfordshire market town
-
Oxford News1 week agoOxfordshire children care provider employed illegal staff
-
UK News3 days agoFears over rogue parking by sunrise-chasers at national park after overnight ban
-
UK News6 days agoHouseholds could get free electricity for doing washing on sunny weekends