Hallucination Control
Purpose
Provide controls for preventing fabricated or unsupported AI-generated CTI claims.
Practitioner-Level Explanation
Hallucination control is a workflow problem. The model must not be allowed to convert plausible language into accepted intelligence. Require source URLs, direct support checks, evidence labels, and rejection of unsupported claims. Use AI to accelerate analysis, not to replace evidence.
CTI Relevance
CTI is especially vulnerable to hallucination because actor names, aliases, tools, and campaigns are easy to blend incorrectly.
Common Mistakes
- Letting the model invent sources or facts.
- Using AI output without source verification.
- Putting sensitive or restricted data into public tools.
- Skipping human analytic judgment.
Practical Workflow
- Require citations for every claim.
- Open each URL.
- Check content against claim.
- Downgrade unsupported claims.
- Preserve gaps.
- Avoid actor merges unless source-confirmed.
Example / Mini Case
The model claims two actor aliases are equivalent. The analyst checks primary sources and finds only one vendor uses the alias while another keeps clusters separate. The output records a taxonomy conflict rather than merging them.
Analyst Checklist
- Are sources real and checked?
- Are claims evidence-labeled?
- Is sensitive data excluded?
- Has a human reviewed the output?
- Are hallucination controls applied?
Output Artifact
Claim:
Model Source:
URL Status:
Content Supports Claim: Yes / No / Partial
Correction:
Evidence Label:
Confidence:
Reviewer: