AI Quality Gates
Purpose
Define review gates that AI-assisted CTI outputs must pass before use.
Practitioner-Level Explanation
AI output should not be accepted because it reads well. It must pass gates: source existence, source support, evidence labeling, no unsupported attribution, no sensitive data exposure, no unsafe content, and human review. For customer delivery, AI use should be logged according to project policy.
CTI Relevance
Quality gates prevent hallucinations and weak claims from entering reports, detections, or executive decisions.
Common Mistakes
- Letting the model invent sources or facts.
- Using AI output without source verification.
- Putting sensitive or restricted data into public tools.
- Skipping human analytic judgment.
Practical Workflow
- Check data handling.
- Verify every URL.
- Confirm source content supports each claim.
- Check evidence labels.
- Check attribution and ATT&CK rules.
- Check safety boundaries.
- Record reviewer and decision.
Example / Mini Case
An AI summary says a source attributes an operation to a sponsor. The reviewer opens the source and finds the source used only cautious language. The claim is downgraded and confidence lowered.
Analyst Checklist
- Are sources real and checked?
- Are claims evidence-labeled?
- Is sensitive data excluded?
- Has a human reviewed the output?
- Are hallucination controls applied?
Output Artifact
Gate:
Pass / Fail:
Evidence:
Reviewer:
Corrections Required:
Residual Risk:
Approved Use: