For Cybersecurity Analysts ·
What you'll accomplish
By the end of this guide, you'll use Perplexity AI to research emerging threats, threat actor groups, and attack campaigns in real time — with cited sources — instead of spending 30-45 minutes reading through multiple threat intel sites. You'll get up-to-date, sourced summaries that you can act on immediately.
What you'll need
Go to perplexity.ai and sign up with your email or Google account. The free tier gives you sufficient daily queries for threat research. The key advantage over ChatGPT: Perplexity searches the live web and cites its sources — you can verify every claim.
What you should see: The Perplexity homepage with a search/chat bar in the center.
Click the "Focus" dropdown above the search bar. Select "Web" for broad research or experiment with "Academic" for CVE research tied to security papers. For threat intel, "Web" is best as it covers threat actor blogs, vendor advisories, and security news.
Type your question as if asking a knowledgeable analyst. Perplexity searches current web content and returns a synthesized answer with sources.
Good formats:
What you should see: A structured response with inline citations linking to the actual source articles, threat reports, or advisories.
Every Perplexity response shows numbered citations. Click each citation to verify the underlying source. For threat intel you'll act on (creating detection rules, blocking IOCs), always confirm from primary sources (vendor advisories, CISA alerts, MITRE ATT&CK). Perplexity is for research speed — verification is still your job.
Perplexity maintains conversation context. After an initial response, ask:
What you should see: Deeper follow-up answers that build on the initial research.
Copy the Perplexity response (including citations) into your threat intel notes or case management system. The citations are live links — valuable for your investigation documentation.
CVE research:
Explain CVE-[YEAR-NUMBER]. What software is affected, what does the vulnerability allow an attacker to do, what is the CVSS score and why, has it been actively exploited in the wild, and what are the recommended patches or mitigations?
Threat actor deep-dive:
Provide a threat profile for [group name / APT number]. Cover: origin/attribution, primary targets (sectors and geographies), known TTPs in MITRE ATT&CK format, recent campaigns (last 12 months), notable malware tools they use, and primary defensive recommendations.
Malware family analysis:
Summarize what is known about [malware name]. Cover: what type of malware it is, how it spreads, what it does when executed, known variants, IOCs that have been published, and how to detect and remove it.
Weekly threat landscape:
What are the most significant cybersecurity threats and incidents from the past 7 days? Focus on ransomware, zero-day vulnerabilities, and active threat campaigns. Summarize the top 3 and note which industries are most affected.