Operationalizing AI for Cyber Threat Intelligence: Governance Insights from the DYNAMO Framework

Abstract

As artificial intelligence (AI) becomes increasingly embedded in cybersecurity operations, the need for structured, compliant, and scalable integration frameworks is more urgent than ever. This paper explores how AI can be operationalized within cyber threat intelligence (CTI) systems, through a qualitative case study in the energy sector, using the DYNAMO framework as a case study. Originally developed to enhance resilience in critical infrastructure sectors, DYNAMO combines business continuity management (BCM) and CTI to support situational awareness and proactive risk mitigation. Although the framework has been applied in the energy sector in this study, its principles apply to other domains that face complex cyber threats. The study investigates how AI—particularly machine learning—can improve CTI sharing by enabling real-time threat detection, pattern recognition, and adaptive response. Drawing on recent academic and industry literature, we analyze the benefits and limitations of AI-enhanced CTI, including improved detection accuracy and faster response times. However, challenges such as adversarial attacks, model poisoning, and the need for high-quality training data are also addressed. We further examine the governance implications of integrating AI into CTI platforms, especially in light of the EU Cyber Resilience Act (CRA). The paper highlights the importance of aligning AI deployment with regulatory requirements, such as 24-hour incident reporting, post-market monitoring, and data sovereignty. The ECHO Early Warning System (E-EWS), a collaborative platform developed under the EU Horizon 2020 program, is presented as a practical example of cross-sectoral CTI sharing that incorporates AI capabilities. Our findings suggest that AI can significantly enhance cyber resilience when embedded within a governance-aware framework like DYNAMO. We recommend a phased implementation strategy that includes stakeholder training, regulatory alignment, and continuous monitoring. The paper concludes by emphasizing the need for interdisciplinary collaboration between AI developers, cybersecurity professionals, and policymakers to ensure responsible and effective AI integration in CTI systems.